Trojaner-Board - Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX) (https://www.trojaner-board.de/99506-cybot-b-c-users-daniel-appdata-local-temp-0-26567710847669146-exe-malware-packer-genx.html)

Cybot.B in c:\Users\Daniel\AppData\Local\Temp\0.26567710847669146.exe (Malware.Packer.GenX)

Moin Trojaner-Board,

als ich heute Morgen mein FF4 öffnete, stand dort, dass der Proxy-Server die Verbindung verweigert. Als ich in den Internetoptionen-->LAN-Einstellungen nachtgeschaut habe, war der Haken in der Checkbox bei "Proxyserver für LAN verwende..." gesetzt.
Nach dem Entfernen des Hakens habe ich einen Fullscan mit meinem Antiviruspriogramm (Security Essentials) vollzogen und folgendes Ergebnis erhalten:

"Kategorie: Hintertür

Beschreibung: Dieses Programm stellt einen Remotezugriff auf den Computer bereit, auf dem es installiert ist.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.

Elemente:
file:C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5cce129d-283aea43
file:C:\Users\Daniel\AppData\Local\Temp\0.05056013415392013.exe

Lesen Sie im Internet weitere Informationen zu diesem Element."

Danach habe ich nach Informationen im Netz über den Cybot.B-Trojaner gestöbert und bin auf euer Forum gestoßen.

Ich habe alle Schritte, welche in dem "Für Hilfesuchende-Thread" aufgelistet wurden, durchgeführt und im Anhang die Logfiles hinterlegt.

Eigene Schritte habe ich insofern unternommen, dass ich den Schädling mit Hilfe von Malwarebytes entfernt habe. Zum. laut dem Log :-P.

Über Hilfe und Aufklärung wäre ich sehr dankbar!

Mit freundlichen Grüßen
Daniel

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danke für die schnelle Antwort!

Hier der Inhalt des Logfiles:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6665

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.05.2011 23:11:06
mbam-log-2011-05-24 (23-11-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 395812
Laufzeit: 55 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Daniel\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29\5cce129d-6efcdb17-temp (Malware.Packer.GenX) -> Quarantined and deleted successfully.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\Shell - "" = AutoRun

O33 - MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun

O33 - MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun

O33 - MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\Shell - "" = AutoRun

O33 - MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

[2011.05.22 20:19:43 | 000,004,353 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\BFFE.4A0

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hi Arne,

hier der Log nach dem Fix:

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d522fbf-39b9-11e0-9735-001d7d0753e4}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c8e-19b1-11e0-8b37-001d7d0753e4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87c9b-19b1-11e0-8b37-001d7d0753e4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2b87cb9-19b1-11e0-8b37-001d7d0753e4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\Daniel\AppData\Roaming\BFFE.4A0 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 05252011_104847

Gruß
Daniel

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Log:

2011/05/25 12:20:42.0621 0168 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 12:20:42.0746 0168 ================================================================================
2011/05/25 12:20:42.0746 0168 SystemInfo:
2011/05/25 12:20:42.0746 0168
2011/05/25 12:20:42.0746 0168 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/25 12:20:42.0746 0168 Product type: Workstation
2011/05/25 12:20:42.0746 0168 ComputerName: DANIEL-PC
2011/05/25 12:20:42.0746 0168 UserName: Daniel
2011/05/25 12:20:42.0746 0168 Windows directory: C:\Windows
2011/05/25 12:20:42.0746 0168 System windows directory: C:\Windows
2011/05/25 12:20:42.0746 0168 Running under WOW64
2011/05/25 12:20:42.0746 0168 Processor architecture: Intel x64
2011/05/25 12:20:42.0746 0168 Number of processors: 4
2011/05/25 12:20:42.0746 0168 Page size: 0x1000
2011/05/25 12:20:42.0746 0168 Boot type: Normal boot
2011/05/25 12:20:42.0746 0168 ================================================================================
2011/05/25 12:20:43.0510 0168 Initialize success
2011/05/25 12:20:44.0914 4644 ================================================================================
2011/05/25 12:20:44.0914 4644 Scan started
2011/05/25 12:20:44.0914 4644 Mode: Manual;
2011/05/25 12:20:44.0914 4644 ================================================================================
2011/05/25 12:20:45.0647 4644 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/25 12:20:45.0663 4644 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/25 12:20:45.0694 4644 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/25 12:20:45.0741 4644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/25 12:20:45.0757 4644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/25 12:20:45.0788 4644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/25 12:20:45.0819 4644 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys
2011/05/25 12:20:45.0866 4644 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/25 12:20:45.0881 4644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/25 12:20:45.0928 4644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/25 12:20:45.0959 4644 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
2011/05/25 12:20:45.0975 4644 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
2011/05/25 12:20:45.0991 4644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/25 12:20:46.0022 4644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/25 12:20:46.0162 4644 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 12:20:46.0209 4644 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/25 12:20:46.0209 4644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/25 12:20:46.0240 4644 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/25 12:20:46.0271 4644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/25 12:20:46.0287 4644 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/25 12:20:46.0303 4644 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/25 12:20:46.0349 4644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/25 12:20:46.0381 4644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/25 12:20:46.0396 4644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 12:20:46.0412 4644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/25 12:20:46.0459 4644 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/05/25 12:20:46.0490 4644 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/25 12:20:46.0615 4644 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 12:20:46.0677 4644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/25 12:20:46.0708 4644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/25 12:20:46.0724 4644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/25 12:20:46.0771 4644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/25 12:20:46.0786 4644 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 12:20:46.0802 4644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/25 12:20:46.0817 4644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/25 12:20:46.0849 4644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/25 12:20:46.0864 4644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/25 12:20:46.0880 4644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/25 12:20:46.0895 4644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/25 12:20:46.0911 4644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/25 12:20:46.0942 4644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 12:20:46.0973 4644 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 12:20:46.0989 4644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/25 12:20:47.0020 4644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/25 12:20:47.0083 4644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 12:20:47.0098 4644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/25 12:20:47.0129 4644 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/25 12:20:47.0145 4644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 12:20:47.0161 4644 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/25 12:20:47.0301 4644 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
2011/05/25 12:20:47.0348 4644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/25 12:20:47.0379 4644 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/25 12:20:47.0410 4644 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 12:20:47.0426 4644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/25 12:20:47.0441 4644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/25 12:20:47.0473 4644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 12:20:47.0519 4644 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 12:20:47.0597 4644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/25 12:20:47.0644 4644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/25 12:20:47.0675 4644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/25 12:20:47.0707 4644 ET5Drv (5dc0914e8c6168de7702b8e2dc140b80) C:\Windows\ET5Drv.sys
2011/05/25 12:20:47.0738 4644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/25 12:20:47.0753 4644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 12:20:47.0769 4644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 12:20:47.0800 4644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 12:20:47.0816 4644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 12:20:47.0831 4644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 12:20:47.0863 4644 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 12:20:47.0878 4644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/25 12:20:47.0894 4644 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 12:20:47.0941 4644 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/25 12:20:47.0972 4644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/25 12:20:48.0003 4644 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
2011/05/25 12:20:48.0050 4644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 12:20:48.0097 4644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/25 12:20:48.0128 4644 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/25 12:20:48.0175 4644 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 12:20:48.0190 4644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/25 12:20:48.0206 4644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/25 12:20:48.0221 4644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/25 12:20:48.0253 4644 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 12:20:48.0284 4644 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/25 12:20:48.0331 4644 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 12:20:48.0377 4644 hwdatacard (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/25 12:20:48.0393 4644 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/25 12:20:48.0424 4644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 12:20:48.0471 4644 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/25 12:20:48.0518 4644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/25 12:20:48.0611 4644 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/25 12:20:48.0643 4644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/25 12:20:48.0658 4644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 12:20:48.0689 4644 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 12:20:48.0705 4644 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/25 12:20:48.0721 4644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/25 12:20:48.0752 4644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 12:20:48.0783 4644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/25 12:20:48.0814 4644 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 12:20:48.0830 4644 JRAID (98e7d6164eba27ef25835f95910e622c) C:\Windows\system32\DRIVERS\jraid.sys
2011/05/25 12:20:48.0861 4644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 12:20:48.0877 4644 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 12:20:48.0892 4644 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 12:20:48.0908 4644 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/25 12:20:48.0939 4644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/25 12:20:48.0986 4644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 12:20:49.0017 4644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/25 12:20:49.0033 4644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/25 12:20:49.0048 4644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/25 12:20:49.0079 4644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/25 12:20:49.0079 4644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/25 12:20:49.0111 4644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/25 12:20:49.0142 4644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/25 12:20:49.0204 4644 mod7700 (5289f0f94d6fe072d3dc72ea17df57e9) C:\Windows\system32\Drivers\dvb7700all.sys
2011/05/25 12:20:49.0220 4644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/25 12:20:49.0251 4644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 12:20:49.0267 4644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 12:20:49.0282 4644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 12:20:49.0298 4644 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 12:20:49.0345 4644 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/25 12:20:49.0360 4644 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/25 12:20:49.0391 4644 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/25 12:20:49.0407 4644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 12:20:49.0438 4644 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 12:20:49.0469 4644 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 12:20:49.0485 4644 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 12:20:49.0501 4644 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 12:20:49.0532 4644 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/25 12:20:49.0547 4644 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/25 12:20:49.0579 4644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 12:20:49.0594 4644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/25 12:20:49.0610 4644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/25 12:20:49.0641 4644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 12:20:49.0657 4644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 12:20:49.0672 4644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 12:20:49.0703 4644 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 12:20:49.0719 4644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 12:20:49.0750 4644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 12:20:49.0766 4644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/25 12:20:49.0797 4644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/25 12:20:49.0828 4644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 12:20:49.0859 4644 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/25 12:20:49.0891 4644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/25 12:20:49.0906 4644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 12:20:49.0937 4644 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 12:20:49.0953 4644 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 12:20:49.0984 4644 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 12:20:49.0984 4644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 12:20:50.0015 4644 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 12:20:50.0062 4644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/25 12:20:50.0078 4644 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/25 12:20:50.0109 4644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 12:20:50.0125 4644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 12:20:50.0187 4644 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 12:20:50.0218 4644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/25 12:20:50.0249 4644 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 12:20:50.0281 4644 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 12:20:50.0327 4644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/25 12:20:50.0343 4644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/25 12:20:50.0405 4644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/25 12:20:50.0421 4644 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 12:20:50.0437 4644 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/25 12:20:50.0452 4644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/25 12:20:50.0468 4644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/25 12:20:50.0483 4644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/25 12:20:50.0515 4644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/25 12:20:50.0608 4644 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 12:20:50.0639 4644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/25 12:20:50.0671 4644 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 12:20:50.0717 4644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/25 12:20:50.0749 4644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/25 12:20:50.0764 4644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 12:20:50.0780 4644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 12:20:50.0811 4644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/25 12:20:50.0827 4644 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 12:20:50.0858 4644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 12:20:50.0858 4644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 12:20:50.0889 4644 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 12:20:50.0889 4644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/25 12:20:50.0920 4644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 12:20:50.0951 4644 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 12:20:50.0967 4644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 12:20:50.0983 4644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/25 12:20:51.0014 4644 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 12:20:51.0029 4644 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/25 12:20:51.0061 4644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 12:20:51.0092 4644 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/25 12:20:51.0139 4644 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
2011/05/25 12:20:51.0170 4644 s125bus (ae722fd346b75b776ca75f297347ee8a) C:\Windows\system32\DRIVERS\s125bus.sys
2011/05/25 12:20:51.0201 4644 s125mdfl (651362aadc145d0028df288182989136) C:\Windows\system32\DRIVERS\s125mdfl.sys
2011/05/25 12:20:51.0232 4644 s125mdm (0744248b0ee7c0f652882ae3b67e6429) C:\Windows\system32\DRIVERS\s125mdm.sys
2011/05/25 12:20:51.0232 4644 s125mgmt (51c6262ad6dd5da12543f623b0ee2ebf) C:\Windows\system32\DRIVERS\s125mgmt.sys
2011/05/25 12:20:51.0248 4644 s125obex (5a5b9b10a9545a832b436884a1d1a848) C:\Windows\system32\DRIVERS\s125obex.sys
2011/05/25 12:20:51.0279 4644 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/25 12:20:51.0295 4644 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/25 12:20:51.0326 4644 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/25 12:20:51.0357 4644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 12:20:51.0373 4644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/25 12:20:51.0388 4644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/25 12:20:51.0404 4644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/25 12:20:51.0435 4644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/25 12:20:51.0451 4644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/25 12:20:51.0466 4644 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/25 12:20:51.0482 4644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/25 12:20:51.0513 4644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/25 12:20:51.0544 4644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/25 12:20:51.0560 4644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 12:20:51.0591 4644 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys
2011/05/25 12:20:51.0607 4644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/25 12:20:51.0669 4644 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/05/25 12:20:51.0669 4644 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/05/25 12:20:51.0669 4644 sptd - detected LockedFile.Multi.Generic (1)
2011/05/25 12:20:51.0685 4644 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 12:20:51.0716 4644 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 12:20:51.0731 4644 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 12:20:51.0763 4644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/25 12:20:51.0778 4644 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/25 12:20:51.0809 4644 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/25 12:20:51.0825 4644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 12:20:51.0903 4644 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 12:20:51.0934 4644 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 12:20:51.0965 4644 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 12:20:51.0997 4644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 12:20:52.0028 4644 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/05/25 12:20:52.0043 4644 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 12:20:52.0075 4644 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 12:20:52.0106 4644 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 12:20:52.0153 4644 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
2011/05/25 12:20:52.0184 4644 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 12:20:52.0277 4644 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/05/25 12:20:52.0309 4644 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 12:20:52.0355 4644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/25 12:20:52.0402 4644 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 12:20:52.0449 4644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/25 12:20:52.0465 4644 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 12:20:52.0480 4644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/25 12:20:52.0527 4644 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/25 12:20:52.0558 4644 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 12:20:52.0574 4644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/25 12:20:52.0605 4644 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
2011/05/25 12:20:52.0621 4644 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 12:20:52.0636 4644 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/05/25 12:20:52.0652 4644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/25 12:20:52.0683 4644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/25 12:20:52.0699 4644 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/25 12:20:52.0730 4644 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/05/25 12:20:52.0761 4644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/25 12:20:52.0792 4644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 12:20:52.0808 4644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/25 12:20:52.0823 4644 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/25 12:20:52.0839 4644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/25 12:20:52.0870 4644 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/25 12:20:52.0901 4644 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/25 12:20:52.0917 4644 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/25 12:20:52.0933 4644 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 12:20:52.0948 4644 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/25 12:20:52.0964 4644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/25 12:20:52.0995 4644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/05/25 12:20:53.0026 4644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/25 12:20:53.0042 4644 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:20:53.0057 4644 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:20:53.0104 4644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/25 12:20:53.0135 4644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 12:20:53.0198 4644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/25 12:20:53.0213 4644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/25 12:20:53.0291 4644 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/25 12:20:53.0307 4644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/25 12:20:53.0338 4644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 12:20:53.0369 4644 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/25 12:20:53.0401 4644 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 12:20:53.0432 4644 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/25 12:20:53.0432 4644 ================================================================================
2011/05/25 12:20:53.0432 4644 Scan finished
2011/05/25 12:20:53.0432 4644 ================================================================================
2011/05/25 12:20:53.0447 3960 Detected object count: 1
2011/05/25 12:20:53.0447 3960 Actual detected object count: 1
2011/05/25 12:21:57.0860 3960 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/25 12:21:57.0876 3960 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/25 12:21:57.0876 3960 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/05/25 12:21:57.0876 3960 LockedFile.Multi.Generic(sptd) - User select action: Delete

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Log:

Combofix Logfile:

Code:

ComboFix 11-05-24.06 - Daniel 25.05.2011  18:04:56.1.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4094.2772 [GMT 2:00]

ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\invokesi.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-25 bis 2011-05-25  ))))))))))))))))))))))))))))))

.

.

2011-05-25 16:08 . 2011-05-25 16:08        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-25 08:49 . 2011-05-09 22:00        8718160        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0C643B9-C4B7-4517-B84F-4E10FB1480CE}\mpengine.dll

2011-05-25 08:48 . 2011-05-25 08:48        --------        d-----w-        C:\_OTL

2011-05-25 05:16 . 2011-04-22 20:18        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-05-24 14:05 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-24 14:05 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-05-24 08:21 . 2011-05-24 08:21        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Malwarebytes

2011-05-24 08:20 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-24 08:20 . 2011-05-24 08:20        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-24 08:20 . 2011-05-24 08:20        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-24 08:20 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-20 15:29 . 2011-01-27 18:26        601424        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A8BEDA-F616-40B0-A8F9-A3A63EA9FA91}\gapaengine.dll

2011-05-19 05:51 . 2011-05-19 05:51        --------        d-----w-        c:\program files (x86)\Winamp Detect

2011-05-19 05:51 . 2011-05-24 06:14        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Winamp

2011-05-18 11:44 . 2011-05-18 11:44        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 14:10 . 2011-05-20 22:08        --------        d-----w-        c:\programdata\Skype Extras

2011-05-13 14:10 . 2011-05-13 14:10        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2011-05-11 18:17 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-11 18:17 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 18:17 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 18:17 . 2011-03-25 03:23        324608        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-11 18:17 . 2011-03-25 03:22        52224        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-11 18:17 . 2011-03-25 03:23        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-11 18:17 . 2011-03-25 03:23        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-11 18:17 . 2011-03-25 03:22        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-11 18:17 . 2011-03-25 03:22        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2011-05-11 18:17 . 2011-03-25 03:22        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-05-10 16:34 . 2011-05-10 16:40        --------        d-----w-        c:\program files (x86)\Razer

2011-04-30 12:55 . 2011-05-25 07:19        --------        d-----w-        C:\World of Warcraft

2011-04-30 12:55 . 2011-04-30 14:27        --------        d-----w-        c:\program files (x86)\World of Warcraft

2011-04-30 11:04 . 2011-04-30 11:04        --------        d-----w-        c:\program files (x86)\Smart PC Solutions

2011-04-28 19:35 . 2011-04-28 19:35        --------        d-----w-        c:\program files (x86)\Avira

2011-04-28 09:26 . 2011-02-26 06:23        2870272        ----a-w-        c:\windows\explorer.exe

2011-04-28 09:26 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-04-28 09:26 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-04-28 09:26 . 2011-03-12 12:03        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-26 18:18 . 2011-05-04 05:16        --------        d-----w-        c:\program files (x86)\ICQ7.5

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 22:00 . 2010-07-02 11:07        8718160        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-12 13:29 . 2011-04-12 13:29        428416        ----a-w-        c:\windows\SysWow64\RzMwApi.dll

2011-04-10 11:58 . 2010-07-01 10:39        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-10 11:58 . 2011-01-05 12:52        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-04-02 07:46 . 2011-01-05 12:53        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-04-02 07:46 . 2010-07-01 10:39        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-02 07:46 . 2010-07-01 10:39        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-31 13:01 . 2011-03-31 13:01        126464        ----a-w-        c:\windows\system32\drivers\RzSynapse.sys

2011-03-29 09:04 . 2010-08-26 08:32        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-03-11 06:19 . 2011-04-13 18:09        1359872        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 06:19 . 2011-04-13 18:09        1395712        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-13 18:09        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-13 18:09        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll

2011-03-08 06:14 . 2011-04-13 18:09        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-13 18:09        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:17 . 2011-04-28 09:26        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-28 09:26        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17 . 2011-04-13 18:09        182272        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-13 18:09        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-13 18:09        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-13 18:09        3133440        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-05-01 124216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5141512]

"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]

"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-2-17 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-01 2480048]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 1403200]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362952]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.icq.com/skins7/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\w2jj33h0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google Deutschland

FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/multimedia/sendung/ts26426.html

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-20175182.sys

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-NCsoft-AionEU - c:\users\Daniel\Desktop\Launcher\Launcher\NCLauncher.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3772366644-752120911-2093830767-1001\Software\SecuROM\License information*]

"datasecu"=hex:cd,ad,53,ce,6e,bc,fd,59,a9,51,36,ab,6d,1f,ed,3b,80,77,9e,1c,82,

   e9,5e,c3,ed,16,a0,af,86,11,66,c2,a0,e1,99,ba,13,e0,0b,d1,d3,e4,67,27,86,55,\

"rkeysecu"=hex:0e,8e,42,7c,fe,55,6d,b9,49,b1,de,19,57,3e,51,b0

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-25  18:10:08

ComboFix-quarantined-files.txt  2011-05-25 16:10

.

Vor Suchlauf: 13 Verzeichnis(se), 58.196.332.544 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 58.004.127.744 Bytes frei

.

- - End Of File - - 8D848A1F00633BEB267D0A39A6405E8B

--- --- ---

Danke für deine Mühe!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::

c:\windows\system32\DRIVERS\afcdp.sys
 

Driver::

afcdp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code:

ComboFix 11-05-25.03 - Daniel 26.05.2011  16:36:59.2.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4094.2480 [GMT 2:00]

ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Daniel\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\DRIVERS\afcdp.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\DRIVERS\afcdp.sys

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AFCDP

-------\Service_afcdp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-26 bis 2011-05-26  ))))))))))))))))))))))))))))))

.

.

2011-05-26 14:40 . 2011-05-26 14:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-26 14:35 . 2011-05-26 14:35        --------        d-----w-        C:\cofi

2011-05-26 06:37 . 2011-05-09 22:00        8718160        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB4BB6A-BCE8-465D-9DFB-916B86323595}\mpengine.dll

2011-05-25 08:48 . 2011-05-25 08:48        --------        d-----w-        C:\_OTL

2011-05-25 05:16 . 2011-04-22 20:18        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-05-24 14:05 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-24 14:05 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-05-24 08:21 . 2011-05-24 08:21        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Malwarebytes

2011-05-24 08:20 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-24 08:20 . 2011-05-24 08:20        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-24 08:20 . 2011-05-24 08:20        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-24 08:20 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-20 15:29 . 2011-01-27 18:26        601424        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8A8BEDA-F616-40B0-A8F9-A3A63EA9FA91}\gapaengine.dll

2011-05-19 05:51 . 2011-05-19 05:51        --------        d-----w-        c:\program files (x86)\Winamp Detect

2011-05-19 05:51 . 2011-05-24 06:14        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Winamp

2011-05-18 11:44 . 2011-05-18 11:44        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-13 14:10 . 2011-05-25 16:23        --------        d-----w-        c:\programdata\Skype Extras

2011-05-13 14:10 . 2011-05-13 14:10        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2011-05-11 18:17 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-11 18:17 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 18:17 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-05-11 18:17 . 2011-03-25 03:23        324608        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-11 18:17 . 2011-03-25 03:22        52224        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-11 18:17 . 2011-03-25 03:23        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-11 18:17 . 2011-03-25 03:23        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-11 18:17 . 2011-03-25 03:22        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-11 18:17 . 2011-03-25 03:22        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2011-05-11 18:17 . 2011-03-25 03:22        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-05-10 16:34 . 2011-05-10 16:40        --------        d-----w-        c:\program files (x86)\Razer

2011-04-30 12:55 . 2011-05-26 14:29        --------        d-----w-        C:\World of Warcraft

2011-04-30 12:55 . 2011-04-30 14:27        --------        d-----w-        c:\program files (x86)\World of Warcraft

2011-04-30 11:04 . 2011-04-30 11:04        --------        d-----w-        c:\program files (x86)\Smart PC Solutions

2011-04-28 19:35 . 2011-04-28 19:35        --------        d-----w-        c:\program files (x86)\Avira

2011-04-28 09:26 . 2011-02-26 06:23        2870272        ----a-w-        c:\windows\explorer.exe

2011-04-28 09:26 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-04-28 09:26 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-04-28 09:26 . 2011-03-12 12:03        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-26 18:18 . 2011-05-04 05:16        --------        d-----w-        c:\program files (x86)\ICQ7.5

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 22:00 . 2010-07-02 11:07        8718160        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-12 13:29 . 2011-04-12 13:29        428416        ----a-w-        c:\windows\SysWow64\RzMwApi.dll

2011-04-10 11:58 . 2010-07-01 10:39        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-04-10 11:58 . 2011-01-05 12:52        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-04-02 07:46 . 2011-01-05 12:53        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-04-02 07:46 . 2010-07-01 10:39        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-04-02 07:46 . 2010-07-01 10:39        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-31 13:01 . 2011-03-31 13:01        126464        ----a-w-        c:\windows\system32\drivers\RzSynapse.sys

2011-03-29 09:04 . 2010-08-26 08:32        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-03-11 06:19 . 2011-04-13 18:09        1359872        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 06:19 . 2011-04-13 18:09        1395712        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-13 18:09        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-13 18:09        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll

2011-03-08 06:14 . 2011-04-13 18:09        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-13 18:09        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:17 . 2011-04-28 09:26        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-28 09:26        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17 . 2011-04-13 18:09        182272        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-13 18:09        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-13 18:09        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-13 18:09        3133440        ----a-w-        c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-05-25_16.08.38   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-01 08:59 . 2011-05-26 08:11        52002              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-05-25 15:48        32044              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-26 13:08        32044              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-01 08:12 . 2011-05-26 13:08        19648              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3772366644-752120911-2093830767-1001_UserData.bin

+ 2010-07-01 08:07 . 2011-05-26 14:43        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-01 08:07 . 2011-05-25 15:47        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-05-26 06:33        83416              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-07-01 08:07 . 2011-05-25 15:47        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-01 08:07 . 2011-05-26 14:43        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-01 08:07 . 2011-05-26 14:43        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-07-01 08:07 . 2011-05-25 15:47        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-01 08:11 . 2011-05-26 14:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-01 08:11 . 2011-05-25 16:00        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-01 08:11 . 2011-05-25 16:00        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-01 08:11 . 2011-05-26 14:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-26 14:42 . 2011-05-26 14:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-25 15:46 . 2011-05-25 15:46        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-26 14:42 . 2011-05-26 14:42        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-25 15:46 . 2011-05-25 15:46        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-05-25 11:27        397580              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-05-26 14:41        397580              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2007-04-10 15:31 . 2007-04-10 15:31        930816              c:\windows\Installer\a9484.msi

- 2010-07-24 02:29 . 2011-05-25 10:23        2144616              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-07-24 02:29 . 2011-05-26 14:41        2144616              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-02-18 04:06 . 2011-05-26 14:41        9981928              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772366644-752120911-2093830767-1001-8192.dat

- 2011-02-18 04:06 . 2011-05-25 11:27        9981928              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3772366644-752120911-2093830767-1001-8192.dat

- 2009-07-14 02:34 . 2011-05-25 15:59        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-05-26 06:47        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5141512]

"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]

"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-5-26 0]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-01 2480048]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 1403200]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\cofi10044c\CF22884.cfxxe" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362952]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.icq.com/skins7/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\w2jj33h0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google Deutschland

FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/multimedia/sendung/ts26426.html

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3772366644-752120911-2093830767-1001\Software\SecuROM\License information*]

"datasecu"=hex:cd,ad,53,ce,6e,bc,fd,59,a9,51,36,ab,6d,1f,ed,3b,80,77,9e,1c,82,

   e9,5e,c3,ed,16,a0,af,86,11,66,c2,a0,e1,99,ba,13,e0,0b,d1,d3,e4,67,27,86,55,\

"rkeysecu"=hex:0e,8e,42,7c,fe,55,6d,b9,49,b1,de,19,57,3e,51,b0

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-05-26  16:45:17 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-05-26 14:45

ComboFix2.txt  2011-05-25 16:10

.

Vor Suchlauf: 15 Verzeichnis(se), 57.208.623.104 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 56.556.724.224 Bytes frei

.

- - End Of File - - 2B3DB180221D0226451B2D18B812300C

--- --- ---

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                 (build 7600), 64-bit

Base Board Manufacturer:        Gigabyte Technology Co., Ltd.

BIOS Manufacturer:                Award Software International, Inc.

System Manufacturer:                Gigabyte Technology Co., Ltd.

System Product Name:                EX38-DS4

Logical Drives Mask:                0x0000003c
 

Kernel Drivers (total 197):

  0x03011000 \SystemRoot\system32\ntoskrnl.exe

  0x035ED000 \SystemRoot\system32\hal.dll

  0x00BBD000 \SystemRoot\system32\kdcom.dll

  0x00CD6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x00D1A000 \SystemRoot\system32\PSHED.dll

  0x00D2E000 \SystemRoot\system32\CLFS.SYS

  0x00C00000 \SystemRoot\system32\CI.dll

  0x00EC1000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00F65000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00F74000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x00FCB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x00FD4000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x00FDE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

  0x00E33000 \SystemRoot\System32\drivers\partmgr.sys

  0x00E48000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x00E5D000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00EB9000 \SystemRoot\system32\DRIVERS\pciide.sys

  0x00FEB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x00D8C000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00DA6000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x00DAF000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x00DD9000 \SystemRoot\system32\DRIVERS\jraid.sys

  0x01001000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x01030000 \SystemRoot\system32\drivers\amdxata.sys

  0x0103B000 \SystemRoot\system32\drivers\fltmgr.sys

  0x01087000 \SystemRoot\system32\drivers\fileinfo.sys

  0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x0109B000 \SystemRoot\System32\Drivers\msrpc.sys

  0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x010F9000 \SystemRoot\System32\Drivers\cng.sys

  0x0121A000 \SystemRoot\System32\drivers\pcw.sys

  0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x01450000 \SystemRoot\system32\drivers\ndis.sys

  0x01542000 \SystemRoot\system32\drivers\NETIO.SYS

  0x015A2000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x01600000 \SystemRoot\System32\drivers\tcpip.sys

  0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01845000 \SystemRoot\system32\DRIVERS\timntr.sys

  0x0192E000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

  0x0193E000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x01A30000 \SystemRoot\system32\DRIVERS\tdrpm258.sys

  0x01B9C000 \SystemRoot\System32\Drivers\spldr.sys

  0x01BA4000 \SystemRoot\system32\DRIVERS\snapman.sys

  0x0198A000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01BE8000 \SystemRoot\System32\Drivers\mup.sys

  0x01A00000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x019C4000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01A09000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x0116C000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x01196000 \SystemRoot\system32\DRIVERS\MpFilter.sys

  0x015E0000 \SystemRoot\System32\Drivers\Null.SYS

  0x015E9000 \SystemRoot\System32\Drivers\Beep.SYS

  0x015F0000 \SystemRoot\System32\drivers\vga.sys

  0x011C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x01235000 \SystemRoot\System32\drivers\watchdog.sys

  0x01245000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x013F7000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x011EC000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x011F5000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x00CC0000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x02E1F000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x02E3D000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x02E4A000 \SystemRoot\system32\drivers\afd.sys

  0x02ED4000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x02F19000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x02F22000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x02F48000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x02F57000 \SystemRoot\system32\DRIVERS\serial.sys

  0x02F74000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x02F8F000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x02FA3000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x02FF4000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x02E0B000 \SystemRoot\System32\drivers\discache.sys

  0x03CFE000 \SystemRoot\system32\drivers\csc.sys

  0x03D81000 \SystemRoot\System32\Drivers\dfsc.sys

  0x03D9F000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x03DB0000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x03DD6000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x03C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys

  0x04A24000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x05100000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x03C46000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x03C8C000 \SystemRoot\system32\drivers\usbuhci.sys

  0x03C99000 \SystemRoot\system32\drivers\USBPORT.SYS

  0x03DEC000 \SystemRoot\system32\drivers\usbehci.sys

  0x03E25000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x03E7C000 \SystemRoot\system32\DRIVERS\1394ohci.sys

  0x03EBA000 \SystemRoot\system32\DRIVERS\serenum.sys

  0x03EC6000 \SystemRoot\system32\DRIVERS\parport.sys

  0x03EE3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x03EF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x03F00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x03F16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x03F3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x03F46000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x03F75000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x03F90000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x03FB1000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x03FCB000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x03FD6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x03FE5000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x03FF4000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x05272000 \SystemRoot\system32\DRIVERS\ks.sys

  0x052B5000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x052C7000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x05321000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x05336000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x05359000 \SystemRoot\system32\drivers\portcls.sys

  0x05396000 \SystemRoot\system32\drivers\drmk.sys

  0x053B8000 \SystemRoot\system32\drivers\ksthunk.sys

  0x07A7A000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x07CC1000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x07CDE000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x07CE0000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x07CEE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x07D07000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x07D10000 \SystemRoot\system32\drivers\usbaudio.sys

  0x07D2B000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x07D38000 \SystemRoot\system32\DRIVERS\RzSynapse.sys

  0x07D5E000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x07D6C000 \SystemRoot\system32\DRIVERS\Alpham164.sys

  0x00010000 \SystemRoot\System32\win32k.sys

  0x07D79000 \SystemRoot\System32\drivers\Dxapi.sys

  0x07D85000 \SystemRoot\system32\DRIVERS\Alpham264.sys

  0x07D8B000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x07D99000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x07DA5000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0x07DAE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x07DC1000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x004F0000 \SystemRoot\System32\TSDDD.dll

  0x00710000 \SystemRoot\System32\cdd.dll

  0x07DCF000 \SystemRoot\system32\drivers\luafv.sys

  0x07A00000 \SystemRoot\system32\drivers\WudfPf.sys

  0x07A21000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x05200000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x07A36000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x07A49000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x040C4000 \SystemRoot\system32\drivers\HTTP.sys

  0x0418C000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x041AA000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x041C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x0404E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x082D3000 \SystemRoot\system32\drivers\peauth.sys

  0x08379000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x08384000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x083B1000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x08200000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x0882B000 \SystemRoot\System32\DRIVERS\srv.sys

  0x088C0000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys

  0x08939000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x08944000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

  0x0894C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

  0x771F0000 \Windows\System32\ntdll.dll

  0x47B80000 \Windows\System32\smss.exe

  0xFF510000 \Windows\System32\apisetschema.dll

  0xFF490000 \Windows\System32\autochk.exe

  0xFF480000 \Windows\System32\difxapi.dll

  0xFF470000 \Windows\System32\lpk.dll

  0xFF420000 \Windows\System32\Wldap32.dll

  0xFF380000 \Windows\System32\comdlg32.dll

  0x770D0000 \Windows\System32\kernel32.dll

  0xFF120000 \Windows\System32\iertutil.dll

  0x773C0000 \Windows\System32\normaliz.dll

  0xFEFF0000 \Windows\System32\wininet.dll

  0xFEE70000 \Windows\System32\urlmon.dll

  0xFED40000 \Windows\System32\rpcrt4.dll

  0xFEC30000 \Windows\System32\msctf.dll

  0xFEB60000 \Windows\System32\usp10.dll

  0xFEAC0000 \Windows\System32\clbcatq.dll

  0xFEA20000 \Windows\System32\msvcrt.dll

  0xFDC90000 \Windows\System32\shell32.dll

  0xFDBB0000 \Windows\System32\oleaut32.dll

  0xFDB90000 \Windows\System32\imagehlp.dll

  0xFDB20000 \Windows\System32\gdi32.dll

  0x773B0000 \Windows\System32\psapi.dll

  0xFD940000 \Windows\System32\setupapi.dll

  0xFD920000 \Windows\System32\sechost.dll

  0xFD8F0000 \Windows\System32\imm32.dll

  0xFD870000 \Windows\System32\shlwapi.dll

  0x76FD0000 \Windows\System32\user32.dll

  0xFD790000 \Windows\System32\advapi32.dll

  0xFD580000 \Windows\System32\ole32.dll

  0xFD530000 \Windows\System32\ws2_32.dll

  0xFD520000 \Windows\System32\nsi.dll

  0xFD4E0000 \Windows\System32\cfgmgr32.dll

  0xFD470000 \Windows\System32\KernelBase.dll

  0xFD300000 \Windows\System32\crypt32.dll

  0xFD260000 \Windows\System32\comctl32.dll

  0xFD220000 \Windows\System32\wintrust.dll

  0xFD200000 \Windows\System32\devobj.dll

  0xFD1F0000 \Windows\System32\msasn1.dll

  0x76DD0000 \Windows\SysWOW64\normaliz.dll
 

Processes (total 45):

       0 System Idle Process

       4 System

     416 C:\Windows\System32\smss.exe

     632 csrss.exe

     696 C:\Windows\System32\wininit.exe

     716 csrss.exe

     752 C:\Windows\System32\services.exe

     780 C:\Windows\System32\lsass.exe

     788 C:\Windows\System32\lsm.exe

     896 C:\Windows\System32\svchost.exe

     976 C:\Windows\System32\svchost.exe

     124 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

     512 C:\Windows\System32\atiesrxx.exe

     636 C:\Windows\System32\winlogon.exe

     828 C:\Windows\System32\svchost.exe

    1036 C:\Windows\System32\svchost.exe

    1076 C:\Windows\System32\svchost.exe

    1264 C:\Windows\System32\svchost.exe

    1420 C:\Windows\System32\atieclxx.exe

    1452 C:\Windows\System32\svchost.exe

    1656 C:\Windows\System32\spoolsv.exe

    1688 C:\Windows\System32\svchost.exe

    1768 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

    1808 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

    1848 C:\Windows\SysWOW64\svchost.exe

    1888 C:\Windows\System32\svchost.exe

    1956 C:\Windows\SysWOW64\PnkBstrA.exe

    1352 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

    1300 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

    2696 C:\Windows\System32\svchost.exe

    2828 C:\Windows\System32\taskhost.exe

    2944 C:\Windows\System32\dwm.exe

    2952 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe

    3024 C:\Windows\explorer.exe

    2356 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    2332 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

    2900 C:\Program Files\Microsoft Security Client\msseces.exe

    3644 C:\Program Files\Windows Media Player\wmpnetwk.exe

    3904 C:\Windows\System32\svchost.exe

    1132 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe

    4988 C:\Windows\System32\audiodg.exe

    5068 C:\Windows\explorer.exe

    1384 C:\Users\Daniel\Desktop\MBRCheck.exe

    5060 C:\Windows\System32\conhost.exe

    1948 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`e5334600  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x000000a8`b9cf4c00  (NTFS)
 

PhysicalDrive0 Model Number: SAMSUNGHD753LJ, Rev: 1AA01110
 

      Size  Device Name          MBR Status

  --------------------------------------------

    698 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Done!

GMER ging nicht? Der MBR ist schon mal okay.

GMER ging beim dritten Versuch, hat aber nichts gefunden und so wurde bei mir auch nichts im Log angezeigt. Ich nehme an, dass das normal ist, oder?

Warum darf ich bei den Scans die Maus nicht bewegen? Finde da keine logische Erklärung für :).

Gruß
Daniel