Trojaner-Board - erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c (https://www.trojaner-board.de/110324-erst-virus-win32-zaccess-aml-dann-virus-win32-zaccess-c.html)

erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c

Hallo an Alle!

Kämpfe seit ein paar Tagen mit dieser Malerware herum, vll kann mir jemand weiterhelfen...

Verwende Vista 32Bit SP1
Bekomme die Meldung von Kaspersky Virus.Win32.ZAccess.aml!
Nach ein wenig herum googeln finde ich auf der Supportseite von Kaspersky jendes Tool "TDSSKiller"...

findet zwar 1-2 Datein jedesmal, jedoch nach dem Neustart warnt mich Kaspersky aufs neue... (also hat es nicht gebracht)

Seit der ersten Viruswarnung starten einige Programme (iTunes,Outlook,...) nicht mehr, bzw. starten sie, jedoch reagiert das Programm nach dem start nicht mehr. dann bekomme ich so ca jede stunde mal einen blue Screen. und oben drauf lässt sich der abgesicherte Modus auch nicht mehr starten (kommt ebenfalls der gleiche blue Screen)

und jetzt bekomme ich die Warnung von Kaspersky "Virus.Win32.ZAccess.c"
gleiches Spiel...

in dem moment wie ich die allererste Viruswarnung von Kaspersky bekommen habe, hat sich gleichzeitig mein Firefox von selbst geschlossen, denke das, das kein zufall war....

Vll kann mir wer weiterhelfen.

Thx4Support
Zion418

Code:

OTL logfile created on: 23.02.2012 00:07:35 - Run 1

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\home\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,94% Memory free

6,23 Gb Paging File | 4,64 Gb Available in Paging File | 74,45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68,36 Gb Total Space | 6,21 Gb Free Space | 9,08% Space Free | Partition Type: NTFS

Drive D: | 164,51 Gb Total Space | 9,54 Gb Free Space | 5,80% Space Free | Partition Type: NTFS

 

Computer Name: ZENTRUM | User Name: home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

PRC - [2012.02.22 23:15:42 | 000,183,808 | ---- | M] () -- C:\Windows\Temp\pyacmg\setup.exe

PRC - [2012.02.19 02:17:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.12.14 12:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe

PRC - [2011.12.14 12:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe

PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2011.04.17 21:08:54 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2011.02.24 11:59:08 | 002,000,712 | ---- | M] (Comfort Software Group) -- C:\Programme\FreeCountdownTimer\FreeCountdownTimer.exe

PRC - [2011.01.07 14:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe

PRC - [2010.04.03 11:56:08 | 042,884,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.03.23 09:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE

PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PRC - [2009.08.19 13:41:26 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe

PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Programme\Brownie\brpjp04a.exe

PRC - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe

PRC - [2008.01.18 22:33:34 | 000,021,504 | ---- | M] () -- \\.\globalroot\SystemRoot\system32\svchost.exe

PRC - [2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.19 02:17:50 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.11.04 15:54:16 | 000,930,304 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.06.22 13:29:18 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll

MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll

MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll

MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll

MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll

MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll

MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

MOD - [2011.04.17 21:07:38 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll

MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2010.02.28 01:55:42 | 001,040,736 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2008.06.18 10:23:54 | 000,615,424 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\aaCenter.exe

MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

MOD - [2008.01.18 22:35:16 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2008.01.17 15:46:20 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\cpuutil.dll

MOD - [2006.05.25 16:18:08 | 000,106,548 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowNap.dll

MOD - [2005.06.22 16:39:56 | 000,204,851 | ---- | M] () -- C:\Programme\ASUS\AASP\1.00.65\PowerDll.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (msmpsvc)

SRV - File not found [Auto | Stopped] --  -- (d-link_st3402)

SRV - File not found [Auto | Stopped] --  -- (CTAudSvcService)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008.01.18 22:33:34 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\rt2870.dll -- (netcfgsvr)

SRV - [2007.05.15 14:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2011.04.17 21:07:38 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2011.04.17 21:07:38 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2011.04.17 20:53:19 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)

DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)

DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)

DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008.04.21 11:39:16 | 001,397,760 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)

DRV - [2008.01.18 20:56:00 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)

DRV - [2007.08.17 14:14:44 | 000,891,392 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)

DRV - [2007.05.15 14:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007.05.15 14:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007.05.15 14:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\home\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.21 20:20:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.12 14:25:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 02:17:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.02 01:54:18 | 000,000,000 | ---D | M]

 

[2011.04.17 21:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions

[2012.02.22 02:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions

[2011.12.07 19:53:56 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2011.07.20 17:46:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.01.29 18:25:29 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\formhistory@yahoo.com

[2012.02.22 02:47:22 | 000,000,000 | ---D | M] (SenSEO) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\senseo@nicosteiner.de

[2011.11.20 23:30:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\home\AppData\Roaming\mozilla\Firefox\Profiles\ye27xncc.default\extensions\support@lastpass.com

[2011.11.10 02:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.11.19 08:09:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.04.17 22:19:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2011.04.17 22:19:50 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\MEMORYRESTART@TEAMEXTENSION.COM.XPI

() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YE27XNCC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI

[2012.02.19 02:17:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.01 23:15:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.08 00:18:25 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011.09.01 23:15:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.09.01 23:15:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.01 23:15:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.01 23:15:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.01 23:15:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=8e877628000000000000001e8c652b00

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google-Suche = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Modul zur Link-Untersuchung = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\

CHR - Extension: Virtuelle Tastatur = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\

CHR - Extension: Skype Click to Call = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Google Mail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

CHR - Extension: Anti-Banner = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

 

Hosts file not found

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)

O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)

O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Free YouTube Download - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D7E3FC-5E67-423D-AC08-F747BA92D711}: DhcpNameServer = 194.24.128.100 81.3.216.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75389769-4D5D-441C-B3D6-DB5A198B1133}: DhcpNameServer = 212.186.211.21 195.34.133.21

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95229565-8240-45A6-BBA8-D5998918FA17}: DhcpNameServer = 212.186.211.21 195.34.133.21

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\38632_140520929315682_136086086425833_239623_188864_n.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell - "" = AutoRun

O33 - MountPoints2\{ecd6a453-6929-11e0-b748-e078a3db0d96}\Shell\AutoRun\command - "" = F:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.23 00:00:39 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

[2012.02.23 00:00:14 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otl4_htm

[2012.02.22 23:59:45 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\otlv4_h

[2012.02.22 21:16:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.02.22 21:16:10 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes

[2012.02.22 21:15:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.22 21:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SpeedyPC Software

[2012.02.21 02:44:19 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\DriverCure

[2012.02.21 02:44:14 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software

[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software

[2012.02.21 02:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software

[2012.02.21 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\home\DoctorWeb

[2012.02.20 14:13:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.02.20 14:12:47 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe

[2012.02.19 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\dvdcss

[2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Uxul

[2012.02.19 05:20:02 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Tuip

[2012.02.15 05:40:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Download Manager

[2012.02.14 23:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012

[2012.02.14 23:16:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.02.09 02:40:34 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\Release

[2012.02.08 00:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader

[2012.02.08 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Babylon

[2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Babylon

[2012.02.08 00:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012.02.07 23:55:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\FileZilla

[2012.02.07 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\CesarFTP

[2012.02.07 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Xenocode

[2012.02.06 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AORDB_Release

[2012.02.01 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\eno

[2012.01.29 22:12:48 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012.01.27 02:41:51 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\AOR_Release2

[2012.01.27 02:39:58 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\aor

[2012.01.27 01:56:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2005

[2012.01.27 01:50:30 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll

[2012.01.27 01:50:14 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll

[2012.01.27 01:49:37 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Component

[2012.01.27 01:49:12 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Integration Services Script Task

[2012.01.27 01:48:51 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\SQL Server Management Studio

[2012.01.27 01:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx

[2012.01.27 01:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008

[2012.01.27 01:43:09 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Visual Studio 2008

[2012.01.27 01:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs

[2012.01.27 01:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0

[2012.01.27 01:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2012.01.27 01:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2012.01.27 01:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033

[2012.01.27 01:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell V2 (CTP3)

[2012.01.27 01:34:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2012.01.27 01:18:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2012.01.27 01:18:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2012.01.27 01:18:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2012.01.27 01:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2

[2012.01.27 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Microsoft_Corporation

[2012.01.27 01:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2012.01.27 00:50:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll

[2012.01.27 00:50:37 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll

[2012.01.24 03:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012.01.24 03:15:44 | 004,990,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVStWiz.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job

[2012.02.23 00:03:12 | 000,000,164 | -HS- | M] () -- C:\Windows\KLIF.spi

[2012.02.23 00:00:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe

[2012.02.23 00:00:12 | 002,886,775 | ---- | M] () -- C:\Users\home\Desktop\otl4_htm.zip

[2012.02.22 23:59:36 | 000,132,237 | ---- | M] () -- C:\Users\home\Desktop\otlv4_h.zip

[2012.02.22 23:20:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job

[2012.02.22 23:16:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.02.22 23:15:57 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.02.22 23:15:49 | 000,000,321 | ---- | M] () -- C:\Windows\Brownie.ini

[2012.02.22 23:15:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.22 23:15:42 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.22 23:15:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

[2012.02.22 23:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.22 23:15:36 | 3218,436,096 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.22 23:14:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.02.22 22:06:08 | 000,695,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.22 22:06:08 | 000,139,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.22 22:01:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.02.22 21:56:10 | 000,164,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.22 21:56:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.22 21:46:29 | 403,230,807 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.02.22 21:46:22 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2012.02.22 21:15:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.22 18:20:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job

[2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012.02.21 11:25:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys

[2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012.02.21 02:42:02 | 000,001,205 | ---- | M] () -- C:\Users\home\Desktop\FixNCR1.reg

[2012.02.20 23:38:00 | 000,001,456 | ---- | M] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2012.02.20 23:37:59 | 000,860,250 | ---- | M] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg

[2012.02.20 14:12:49 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\home\Desktop\tdsskiller.exe

[2012.02.19 18:37:50 | 000,040,448 | ---- | M] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.15 04:07:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.02.08 00:19:48 | 000,001,822 | ---- | M] () -- C:\Users\home\Desktop\JDownloader.lnk

[2012.02.08 00:18:40 | 000,000,237 | ---- | M] () -- C:\user.js

[2012.02.02 19:37:17 | 000,000,916 | ---- | M] () -- C:\Users\home\Desktop\Dropbox.lnk

[2012.02.02 19:37:17 | 000,000,896 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.02.01 18:20:05 | 003,727,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.01.27 01:01:24 | 000,026,742 | ---- | M] () -- C:\Users\home\Desktop\create_db_AOR.sql

[2012.01.26 23:16:44 | 000,014,316 | ---- | M] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf

[2012.01.26 23:14:24 | 000,014,322 | ---- | M] () -- C:\Users\home\Desktop\WAHLARZT.pdf

[2012.01.26 02:07:17 | 000,190,885 | ---- | M] () -- C:\Users\home\Desktop\hebr-500.pdf

[2012.01.24 03:15:22 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.23 00:02:34 | 000,000,164 | -HS- | C] () -- C:\Windows\KLIF.spi

[2012.02.23 00:00:03 | 002,886,775 | ---- | C] () -- C:\Users\home\Desktop\otl4_htm.zip

[2012.02.22 23:59:34 | 000,132,237 | ---- | C] () -- C:\Users\home\Desktop\otlv4_h.zip

[2012.02.22 21:15:56 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.21 02:44:28 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012.02.21 02:44:13 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012.02.21 02:44:12 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012.02.21 02:42:01 | 000,001,205 | ---- | C] () -- C:\Users\home\Desktop\FixNCR1.reg

[2012.02.20 23:37:57 | 000,860,250 | ---- | C] () -- C:\Users\home\Desktop\Logo2011Burgenland.jpg

[2012.02.19 05:05:01 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd

[2012.02.08 00:19:48 | 000,001,822 | ---- | C] () -- C:\Users\home\Desktop\JDownloader.lnk

[2012.02.08 00:19:41 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk

[2012.02.08 00:19:41 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk

[2012.02.08 00:19:41 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk

[2012.02.08 00:18:40 | 000,000,237 | ---- | C] () -- C:\user.js

[2012.01.27 01:01:23 | 000,026,742 | ---- | C] () -- C:\Users\home\Desktop\create_db_AOR.sql

[2012.01.26 23:16:44 | 000,014,316 | ---- | C] () -- C:\Users\home\Desktop\ELBA-internet Turnover.pdf

[2012.01.26 23:14:24 | 000,014,322 | ---- | C] () -- C:\Users\home\Desktop\WAHLARZT.pdf

[2012.01.26 02:07:17 | 000,190,885 | ---- | C] () -- C:\Users\home\Desktop\hebr-500.pdf

[2012.01.24 03:17:39 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001

[2012.01.24 03:17:31 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2012.01.24 03:17:05 | 3218,436,096 | -HS- | C] () -- C:\hiberfil.sys

[2011.11.07 22:46:00 | 000,000,068 | ---- | C] () -- C:\Windows\WinInit.Ini

[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.10.13 03:29:51 | 000,125,000 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.09.13 01:06:01 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe

[2011.06.16 17:38:18 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe

[2011.04.30 19:25:36 | 000,000,600 | ---- | C] () -- C:\Users\home\AppData\Local\PUTTY.RND

[2011.04.28 13:22:00 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.04.23 01:20:04 | 000,000,290 | ---- | C] () -- C:\Windows\lgfwup.ini

[2011.04.21 21:15:18 | 000,139,264 | ---- | C] () -- C:\Windows\Vmix106.dll

[2011.04.21 21:15:17 | 000,495,616 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe

[2011.04.21 21:15:17 | 000,000,272 | ---- | C] () -- C:\Windows\Cm106.ini.cfl

[2011.04.21 21:14:28 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2011.04.21 21:14:28 | 000,004,599 | ---- | C] () -- C:\Windows\Cm106.ini.cfg

[2011.04.21 21:14:28 | 000,003,067 | ---- | C] () -- C:\Windows\Cm106.ini.imi

[2011.04.21 21:14:27 | 000,000,625 | ---- | C] () -- C:\Windows\cm106.ini

[2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak.bak

[2011.04.21 21:14:27 | 000,000,553 | ---- | C] () -- C:\Windows\cm106.ini.bak

[2011.04.21 17:44:08 | 000,000,051 | ---- | C] () -- C:\Windows\FILEDG32.ini

[2011.04.21 14:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2011.04.21 14:53:57 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI

[2011.04.21 14:52:51 | 000,000,321 | ---- | C] () -- C:\Windows\Brownie.ini

[2011.04.21 14:46:57 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.04.21 10:33:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.04.20 00:51:24 | 000,040,448 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.18 20:51:44 | 000,001,456 | ---- | C] () -- C:\Users\home\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2011.04.18 03:39:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.04.18 03:39:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.04.18 01:31:01 | 000,071,680 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys

[2011.04.17 22:14:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2011.04.17 21:08:11 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll

[2011.04.17 21:08:11 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys

[2011.04.17 21:08:02 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys

[2011.04.17 21:08:02 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys

[2011.04.17 21:07:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2011.04.17 20:59:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat

[2011.04.17 20:59:45 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

[2011.04.17 20:39:59 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat

[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

 
 ========== LOP Check ==========

 

[2011.05.21 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AUTOSICH

[2012.02.08 00:18:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon

[2011.04.23 02:13:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\cbuenger

[2012.01.29 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.04.18 01:17:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DAEMON Tools Lite

[2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DriverCure

[2012.02.22 23:16:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox

[2011.08.10 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoft

[2011.08.10 00:14:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.07 23:56:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FileZilla

[2011.04.17 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\GHISLER

[2011.05.19 03:10:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\IrfanView

[2012.02.17 00:33:49 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MySQL

[2011.09.28 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Quite

[2012.02.21 02:44:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpeedyPC Software

[2011.04.18 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012.01.10 02:57:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TeamViewer

[2012.02.12 01:23:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\toolplugin

[2012.02.19 05:26:07 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Tuip

[2012.02.08 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\uTorrent

[2012.02.19 16:51:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Uxul

[2011.10.05 01:42:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\XMedia Recode

[2012.02.22 23:14:34 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.02.21 11:16:23 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job

[2012.02.22 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job

[2012.02.21 11:16:23 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

[2012.02.23 00:09:28 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0D22D8E-63DE-495C-A124-30EA9EDCC705}.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.22.04
 

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19048

home :: ZENTRUM [Administrator]
 

Schutz: Aktiviert
 

22.02.2012 22:01:13

mbam-log-2012-02-22 (23-12-33).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 433780

Laufzeit: 1 Stunde(n), 10 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 1

C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AZF7W1VWEMSSS (Trojan.SpyEyes) -> Daten: C:\Recycle.Bin\B6232F3ABA7.exe /q -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 2

C:\Windows\System32\TdmService.dll (RootKit.0Access.H) -> Keine Aktion durchgeführt.

C:\Recycle.Bin\4B15856F7B043CD (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
 

(Ende)

So, anbei die die vollständigen Infos:

DDS, Attach und Gmer sind im Anhang dabei.

DDS

Code:

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.19048  BrowserJavaVersion: 1.6.0_26

Run by home at 23:48:45 on 2012-02-23

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1752 [GMT 1:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\AASP\1.00.65\aaCenter.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Brownie\BrStsWnd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Brownie\brpjp04a.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\TeamViewer\Version7\tv_w32.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00

uWindow Title = Windows Internet Explorer bereitgestellt von T-Online.de

uDefault_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [FreeCT] c:\program files\freecountdowntimer\FreeCountdownTimer.exe -autorun

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Skytel] Skytel.exe

mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd

mRun: [<NO NAME>] 

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\home\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube Download - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\home\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm

IE: In Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E}

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll

LSP: mswsock.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 212.186.211.21 195.34.133.21

TCP: Interfaces\{27D7E3FC-5E67-423D-AC08-F747BA92D711} : DhcpNameServer = 194.24.128.100 81.3.216.100

TCP: Interfaces\{75389769-4D5D-441C-B3D6-DB5A198B1133} : DhcpNameServer = 212.186.211.21 195.34.133.21

TCP: Interfaces\{95229565-8240-45A6-BBA8-D5998918FA17} : DhcpNameServer = 212.186.211.21 195.34.133.21

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: klogon - c:\windows\system32\klogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\ye27xncc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\home\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-18 218688]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 23856]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-22 652360]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-19 2337144]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-14 2984832]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2011-4-17 46592]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-22 20464]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]

S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2011-4-17 891392]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-24 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2008-4-21 1397760]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

.

=============== Created Last 30 ================

.

2012-02-22 20:16:10        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-22 20:16:10        --------        d-----w-        c:\users\home\appdata\roaming\Malwarebytes

2012-02-22 20:15:56        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-22 20:15:56        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-22 20:15:56        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-21 01:44:19        --------        d-----w-        c:\users\home\appdata\roaming\SpeedyPC Software

2012-02-21 01:44:19        --------        d-----w-        c:\users\home\appdata\roaming\DriverCure

2012-02-21 01:44:10        --------        d-----w-        c:\programdata\SpeedyPC Software

2012-02-21 01:44:10        --------        d-----w-        c:\program files\SpeedyPC Software

2012-02-21 01:44:10        --------        d-----w-        c:\program files\common files\SpeedyPC Software

2012-02-20 23:57:19        --------        d-----w-        c:\users\home\DoctorWeb

2012-02-20 13:13:40        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-02-19 04:20:02        --------        d-----w-        c:\users\home\appdata\roaming\Uxul

2012-02-19 04:20:02        --------        d-----w-        c:\users\home\appdata\roaming\Tuip

2012-02-19 04:05:01        0        --sha-w-        c:\windows\system32\dds_trash_log.cmd

2012-02-07 23:19:20        --------        d-----w-        c:\program files\JDownloader

2012-02-07 23:18:22        --------        d-----w-        c:\users\home\appdata\local\Babylon

2012-02-07 23:18:17        --------        d-----w-        c:\users\home\appdata\roaming\Babylon

2012-02-07 23:18:17        --------        d-----w-        c:\programdata\Babylon

2012-02-07 22:42:54        --------        d-----w-        c:\program files\CesarFTP

2012-02-07 21:03:06        --------        d-----w-        c:\users\home\appdata\local\Xenocode

2012-01-29 21:12:48        --------        d-----w-        c:\users\home\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-01-27 00:50:30        47456        ----a-w-        c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll

2012-01-27 00:50:14        73568        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll

2012-01-27 00:49:50        348256        ----a-w-        c:\programdata\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll

2012-01-27 00:49:36        348256        ----a-w-        c:\programdata\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll

2012-01-27 00:48:09        --------        d-----w-        c:\windows\system32\RsFx

2012-01-27 00:43:10        416        ----a-w-        c:\programdata\microsoft\msdn\9.0\1033\ResourceCache.dll

2012-01-27 00:41:20        --------        d-----w-        c:\program files\Microsoft Synchronization Services

2012-01-27 00:40:58        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition

2012-01-27 00:40:55        --------        d-----w-        c:\windows\system32\1033

2012-01-27 00:18:30        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2012-01-27 00:18:30        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2012-01-27 00:18:30        297808        ----a-w-        c:\windows\system32\mscoree.dll

2012-01-27 00:18:30        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2012-01-27 00:18:30        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2012-01-27 00:02:16        --------        d-----w-        c:\users\home\appdata\local\Microsoft_Corporation

2012-01-27 00:00:54        --------        d-----w-        c:\program files\Microsoft SQL Server

2012-01-26 23:50:38        2560        ----a-w-        c:\windows\system32\msimsg.dll

2012-01-26 23:50:37        73216        ----a-w-        c:\windows\system32\msiexec.exe

2012-01-26 23:50:37        332800        ----a-w-        c:\windows\system32\msihnd.dll

2012-01-26 23:50:37        2241536        ----a-w-        c:\windows\system32\msi.dll

.

==================== Find3M  ====================

.

2012-02-22 23:21:54        71680        ----a-w-        c:\windows\system32\drivers\tdx.sys

2012-02-22 20:46:22        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-02-21 11:08:38        184320        ----a-w-        c:\windows\system32\drivers\netbt.sys

2012-02-21 01:14:17        83456        ----a-w-        c:\windows\system32\drivers\serial.sys

2012-02-20 23:05:44        67072        ----a-w-        c:\windows\system32\drivers\cdrom.sys

2012-02-20 13:14:41        66560        ----a-w-        c:\windows\system32\drivers\smb.sys

.

============= FINISH: 23:49:40,56 ===============

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Hallo Larusso!

Anbei der Scan Report.

Code:

11:25:59.0371 5720        TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

11:25:59.0656 5720        ============================================================

11:25:59.0656 5720        Current date / time: 2012/02/24 11:25:59.0656

11:25:59.0656 5720        SystemInfo:

11:25:59.0656 5720        

11:25:59.0656 5720        OS Version: 6.0.6001 ServicePack: 1.0

11:25:59.0656 5720        Product type: Workstation

11:25:59.0656 5720        ComputerName: ZENTRUM

11:25:59.0657 5720        UserName: home

11:25:59.0657 5720        Windows directory: C:\Windows

11:25:59.0657 5720        System windows directory: C:\Windows

11:25:59.0657 5720        Processor architecture: Intel x86

11:25:59.0657 5720        Number of processors: 2

11:25:59.0657 5720        Page size: 0x1000

11:25:59.0657 5720        Boot type: Normal boot

11:25:59.0657 5720        ============================================================

11:26:00.0577 5720        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:26:00.0578 5720        \Device\Harddisk0\DR0:

11:26:00.0579 5720        MBR used

11:26:00.0579 5720        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D

11:26:00.0592 5720        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x149076A5

11:26:00.0653 5720        Initialize success

11:26:00.0653 5720        ============================================================

11:26:03.0324 4616        ============================================================

11:26:03.0324 4616        Scan started

11:26:03.0324 4616        Mode: Manual; 

11:26:03.0324 4616        ============================================================

11:26:05.0640 4616        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

11:26:05.0643 4616        ACPI - ok

11:26:05.0751 4616        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

11:26:05.0754 4616        adp94xx - ok

11:26:05.0778 4616        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

11:26:05.0781 4616        adpahci - ok

11:26:05.0795 4616        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

11:26:05.0797 4616        adpu160m - ok

11:26:05.0814 4616        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

11:26:05.0816 4616        adpu320 - ok

11:26:05.0881 4616        AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

11:26:05.0884 4616        AFD - ok

11:26:05.0929 4616        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

11:26:05.0930 4616        agp440 - ok

11:26:05.0942 4616        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

11:26:05.0944 4616        aic78xx - ok

11:26:05.0961 4616        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

11:26:05.0961 4616        aliide - ok

11:26:05.0976 4616        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

11:26:05.0978 4616        amdagp - ok

11:26:05.0989 4616        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

11:26:05.0990 4616        amdide - ok

11:26:06.0010 4616        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

11:26:06.0011 4616        AmdK7 - ok

11:26:06.0032 4616        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

11:26:06.0033 4616        AmdK8 - ok

11:26:06.0074 4616        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

11:26:06.0075 4616        arc - ok

11:26:06.0089 4616        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

11:26:06.0100 4616        arcsas - ok

11:26:06.0151 4616        AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys

11:26:06.0159 4616        AsIO - ok

11:26:06.0212 4616        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

11:26:06.0214 4616        AsyncMac - ok

11:26:06.0253 4616        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

11:26:06.0253 4616        atapi - ok

11:26:06.0294 4616        AtcL001         (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys

11:26:06.0296 4616        AtcL001 - ok

11:26:06.0389 4616        athrusb         (465293fd9f2e31a18c5b64a7a578d601) C:\Windows\system32\DRIVERS\athrusb.sys

11:26:06.0395 4616        athrusb - ok

11:26:06.0505 4616        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

11:26:06.0506 4616        Beep - ok

11:26:06.0530 4616        blbdrive - ok

11:26:06.0586 4616        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

11:26:06.0588 4616        bowser - ok

11:26:06.0641 4616        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

11:26:06.0642 4616        BrFiltLo - ok

11:26:06.0672 4616        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

11:26:06.0673 4616        BrFiltUp - ok

11:26:06.0718 4616        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

11:26:06.0720 4616        Brserid - ok

11:26:06.0733 4616        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

11:26:06.0734 4616        BrSerWdm - ok

11:26:06.0744 4616        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

11:26:06.0745 4616        BrUsbMdm - ok

11:26:06.0754 4616        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

11:26:06.0756 4616        BrUsbSer - ok

11:26:06.0802 4616        BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

11:26:06.0803 4616        BthEnum - ok

11:26:06.0818 4616        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

11:26:06.0819 4616        BTHMODEM - ok

11:26:06.0846 4616        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

11:26:06.0847 4616        BthPan - ok

11:26:06.0880 4616        BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys

11:26:06.0882 4616        BTHPORT - ok

11:26:06.0899 4616        BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys

11:26:06.0901 4616        BTHUSB - ok

11:26:06.0927 4616        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

11:26:06.0929 4616        cdfs - ok

11:26:07.0014 4616        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

11:26:07.0016 4616        cdrom - ok

11:26:07.0055 4616        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

11:26:07.0056 4616        circlass - ok

11:26:07.0088 4616        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

11:26:07.0091 4616        CLFS - ok

11:26:07.0128 4616        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

11:26:07.0129 4616        cmdide - ok

11:26:07.0137 4616        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

11:26:07.0138 4616        Compbatt - ok

11:26:07.0149 4616        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

11:26:07.0152 4616        crcdisk - ok

11:26:07.0166 4616        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

11:26:07.0167 4616        Crusoe - ok

11:26:07.0219 4616        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

11:26:07.0220 4616        DfsC - ok

11:26:07.0287 4616        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

11:26:07.0288 4616        disk - ok

11:26:07.0354 4616        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

11:26:07.0356 4616        drmkaud - ok

11:26:07.0416 4616        dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

11:26:07.0421 4616        dtsoftbus01 - ok

11:26:07.0479 4616        DXGKrnl         (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys

11:26:07.0485 4616        DXGKrnl - ok

11:26:07.0562 4616        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

11:26:07.0564 4616        E1G60 - ok

11:26:07.0614 4616        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

11:26:07.0616 4616        Ecache - ok

11:26:07.0662 4616        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

11:26:07.0665 4616        elxstor - ok

11:26:07.0731 4616        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

11:26:07.0733 4616        exfat - ok

11:26:07.0751 4616        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

11:26:07.0753 4616        fastfat - ok

11:26:07.0806 4616        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

11:26:07.0807 4616        fdc - ok

11:26:07.0836 4616        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

11:26:07.0838 4616        FileInfo - ok

11:26:07.0863 4616        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

11:26:07.0865 4616        Filetrace - ok

11:26:07.0879 4616        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

11:26:07.0880 4616        flpydisk - ok

11:26:07.0889 4616        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

11:26:07.0892 4616        FltMgr - ok

11:26:07.0918 4616        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

11:26:07.0919 4616        Fs_Rec - ok

11:26:07.0941 4616        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

11:26:07.0942 4616        gagp30kx - ok

11:26:07.0959 4616        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:26:07.0961 4616        GEARAspiWDM - ok

11:26:08.0031 4616        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

11:26:08.0086 4616        HdAudAddService - ok

11:26:08.0276 4616        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:26:08.0277 4616        HDAudBus - ok

11:26:08.0312 4616        HidBth          (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys

11:26:08.0314 4616        HidBth - ok

11:26:08.0336 4616        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

11:26:08.0337 4616        HidIr - ok

11:26:08.0388 4616        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

11:26:08.0389 4616        HidUsb - ok

11:26:08.0445 4616        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

11:26:08.0446 4616        HpCISSs - ok

11:26:08.0480 4616        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys

11:26:08.0486 4616        HTTP - ok

11:26:08.0500 4616        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

11:26:08.0501 4616        i2omp - ok

11:26:08.0551 4616        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

11:26:08.0552 4616        i8042prt - ok

11:26:08.0570 4616        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

11:26:08.0572 4616        iaStorV - ok

11:26:08.0591 4616        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

11:26:08.0592 4616        iirsp - ok

11:26:08.0643 4616        InCDfs          (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys

11:26:08.0645 4616        InCDfs - ok

11:26:08.0665 4616        InCDPass        (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys

11:26:08.0666 4616        InCDPass - ok

11:26:08.0677 4616        InCDrec         (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys

11:26:08.0683 4616        InCDrec - ok

11:26:08.0690 4616        incdrm          (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys

11:26:08.0691 4616        incdrm - ok

11:26:08.0842 4616        IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys

11:26:08.0877 4616        IntcAzAudAddService - ok

11:26:09.0002 4616        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

11:26:09.0003 4616        intelide - ok

11:26:09.0036 4616        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

11:26:09.0037 4616        intelppm - ok

11:26:09.0068 4616        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:26:09.0069 4616        IpFilterDriver - ok

11:26:09.0103 4616        IpInIp - ok

11:26:09.0125 4616        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

11:26:09.0126 4616        IPMIDRV - ok

11:26:09.0144 4616        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

11:26:09.0146 4616        IPNAT - ok

11:26:09.0189 4616        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

11:26:09.0190 4616        IRENUM - ok

11:26:09.0209 4616        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

11:26:09.0210 4616        isapnp - ok

11:26:09.0265 4616        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

11:26:09.0268 4616        iScsiPrt - ok

11:26:09.0282 4616        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

11:26:09.0283 4616        iteatapi - ok

11:26:09.0318 4616        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

11:26:09.0319 4616        iteraid - ok

11:26:09.0352 4616        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:26:09.0353 4616        kbdclass - ok

11:26:09.0363 4616        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

11:26:09.0364 4616        kbdhid - ok

11:26:09.0425 4616        KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys

11:26:09.0428 4616        KL1 - ok

11:26:09.0440 4616        kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys

11:26:09.0441 4616        kl2 - ok

11:26:09.0527 4616        KLIF            (e00ea9dbb1df13f8a39700cc723eeb63) C:\Windows\system32\DRIVERS\klif.sys

11:26:09.0527 4616        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\klif.sys. md5: e00ea9dbb1df13f8a39700cc723eeb63

11:26:09.0529 4616        KLIF ( Virus.Win32.ZAccess.c ) - infected

11:26:09.0529 4616        KLIF - detected Virus.Win32.ZAccess.c (0)

11:26:09.0573 4616        KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys

11:26:09.0574 4616        KLIM6 - ok

11:26:09.0610 4616        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

11:26:09.0611 4616        klmouflt - ok

11:26:09.0659 4616        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys

11:26:09.0662 4616        KSecDD - ok

11:26:09.0689 4616        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

11:26:09.0690 4616        lltdio - ok

11:26:09.0724 4616        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

11:26:09.0726 4616        LSI_FC - ok

11:26:09.0745 4616        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

11:26:09.0746 4616        LSI_SAS - ok

11:26:09.0765 4616        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

11:26:09.0767 4616        LSI_SCSI - ok

11:26:09.0795 4616        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

11:26:09.0796 4616        luafv - ok

11:26:09.0823 4616        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

11:26:09.0832 4616        MBAMProtector - ok

11:26:09.0930 4616        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

11:26:09.0931 4616        megasas - ok

11:26:10.0023 4616        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

11:26:10.0025 4616        Modem - ok

11:26:10.0092 4616        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

11:26:10.0093 4616        monitor - ok

11:26:10.0142 4616        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

11:26:10.0143 4616        mouclass - ok

11:26:10.0155 4616        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

11:26:10.0156 4616        mouhid - ok

11:26:10.0207 4616        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

11:26:10.0209 4616        MountMgr - ok

11:26:10.0257 4616        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

11:26:10.0259 4616        mpio - ok

11:26:10.0281 4616        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

11:26:10.0282 4616        mpsdrv - ok

11:26:10.0306 4616        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

11:26:10.0307 4616        Mraid35x - ok

11:26:10.0352 4616        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

11:26:10.0354 4616        MRxDAV - ok

11:26:10.0369 4616        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:26:10.0371 4616        mrxsmb - ok

11:26:10.0392 4616        mrxsmb10        (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:26:10.0395 4616        mrxsmb10 - ok

11:26:10.0403 4616        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:26:10.0406 4616        mrxsmb20 - ok

11:26:10.0422 4616        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

11:26:10.0423 4616        msahci - ok

11:26:10.0444 4616        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

11:26:10.0445 4616        msdsm - ok

11:26:10.0473 4616        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

11:26:10.0474 4616        Msfs - ok

11:26:10.0510 4616        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

11:26:10.0511 4616        msisadrv - ok

11:26:10.0561 4616        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

11:26:10.0562 4616        MSKSSRV - ok

11:26:10.0613 4616        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

11:26:10.0614 4616        MSPCLOCK - ok

11:26:10.0626 4616        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

11:26:10.0627 4616        MSPQM - ok

11:26:10.0662 4616        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

11:26:10.0665 4616        MsRPC - ok

11:26:10.0683 4616        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

11:26:10.0684 4616        mssmbios - ok

11:26:10.0721 4616        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

11:26:10.0722 4616        MSTEE - ok

11:26:10.0753 4616        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys

11:26:10.0771 4616        MTsensor - ok

11:26:10.0802 4616        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

11:26:10.0803 4616        Mup - ok

11:26:10.0840 4616        NativeWifiP     (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys

11:26:10.0848 4616        NativeWifiP - ok

11:26:10.0875 4616        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

11:26:10.0882 4616        NDIS - ok

11:26:10.0917 4616        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

11:26:10.0918 4616        NdisTapi - ok

11:26:10.0929 4616        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

11:26:10.0930 4616        Ndisuio - ok

11:26:10.0941 4616        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

11:26:10.0944 4616        NdisWan - ok

11:26:10.0972 4616        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

11:26:10.0974 4616        NDProxy - ok

11:26:11.0018 4616        Netaapl         (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys

11:26:11.0027 4616        Netaapl - ok

11:26:11.0041 4616        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

11:26:11.0042 4616        NetBIOS - ok

11:26:11.0058 4616        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

11:26:11.0062 4616        netbt - ok

11:26:11.0123 4616        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

11:26:11.0124 4616        nfrd960 - ok

11:26:11.0148 4616        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

11:26:11.0150 4616        Npfs - ok

11:26:11.0174 4616        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

11:26:11.0175 4616        nsiproxy - ok

11:26:11.0249 4616        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

11:26:11.0265 4616        Ntfs - ok

11:26:11.0295 4616        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

11:26:11.0296 4616        ntrigdigi - ok

11:26:11.0307 4616        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

11:26:11.0308 4616        Null - ok

11:26:11.0589 4616        nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys

11:26:11.0885 4616        nvlddmkm - ok

11:26:11.0996 4616        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

11:26:11.0997 4616        nvraid - ok

11:26:12.0014 4616        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

11:26:12.0015 4616        nvstor - ok

11:26:12.0047 4616        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

11:26:12.0049 4616        nv_agp - ok

11:26:12.0055 4616        NwlnkFlt - ok

11:26:12.0064 4616        NwlnkFwd - ok

11:26:12.0118 4616        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

11:26:12.0119 4616        ohci1394 - ok

11:26:12.0170 4616        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

11:26:12.0171 4616        Parport - ok

11:26:12.0197 4616        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

11:26:12.0198 4616        partmgr - ok

11:26:12.0216 4616        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

11:26:12.0217 4616        Parvdm - ok

11:26:12.0290 4616        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

11:26:12.0292 4616        pci - ok

11:26:12.0329 4616        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

11:26:12.0331 4616        pciide - ok

11:26:12.0363 4616        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

11:26:12.0366 4616        pcmcia - ok

11:26:12.0407 4616        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

11:26:12.0419 4616        PEAUTH - ok

11:26:12.0498 4616        Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys

11:26:12.0499 4616        Point32 - ok

11:26:12.0545 4616        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

11:26:12.0546 4616        PptpMiniport - ok

11:26:12.0579 4616        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

11:26:12.0580 4616        Processor - ok

11:26:12.0607 4616        PSched          (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys

11:26:12.0608 4616        PSched - ok

11:26:12.0672 4616        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

11:26:12.0683 4616        ql2300 - ok

11:26:12.0704 4616        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

11:26:12.0706 4616        ql40xx - ok

11:26:12.0733 4616        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

11:26:12.0734 4616        QWAVEdrv - ok

11:26:12.0752 4616        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

11:26:12.0754 4616        RasAcd - ok

11:26:12.0785 4616        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:26:12.0786 4616        Rasl2tp - ok

11:26:12.0808 4616        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

11:26:12.0810 4616        RasPppoe - ok

11:26:12.0841 4616        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

11:26:12.0843 4616        RasSstp - ok

11:26:12.0859 4616        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

11:26:12.0861 4616        rdbss - ok

11:26:12.0869 4616        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:26:12.0870 4616        RDPCDD - ok

11:26:12.0892 4616        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

11:26:12.0896 4616        rdpdr - ok

11:26:12.0904 4616        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

11:26:12.0906 4616        RDPENCDD - ok

11:26:12.0930 4616        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

11:26:12.0950 4616        RDPWD - ok

11:26:12.0995 4616        RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

11:26:12.0996 4616        RFCOMM - ok

11:26:13.0049 4616        RsFx0150        (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys

11:26:13.0064 4616        RsFx0150 - ok

11:26:13.0081 4616        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

11:26:13.0083 4616        rspndr - ok

11:26:13.0108 4616        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

11:26:13.0110 4616        sbp2port - ok

11:26:13.0134 4616        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:26:13.0136 4616        secdrv - ok

11:26:13.0176 4616        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

11:26:13.0177 4616        Serenum - ok

11:26:13.0212 4616        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

11:26:13.0214 4616        Serial - ok

11:26:13.0266 4616        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

11:26:13.0267 4616        sermouse - ok

11:26:13.0342 4616        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

11:26:13.0343 4616        sffdisk - ok

11:26:13.0374 4616        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

11:26:13.0375 4616        sffp_mmc - ok

11:26:13.0414 4616        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

11:26:13.0416 4616        sffp_sd - ok

11:26:13.0443 4616        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

11:26:13.0444 4616        sfloppy - ok

11:26:13.0466 4616        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

11:26:13.0468 4616        sisagp - ok

11:26:13.0497 4616        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

11:26:13.0498 4616        SiSRaid2 - ok

11:26:13.0525 4616        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

11:26:13.0527 4616        SiSRaid4 - ok

11:26:13.0566 4616        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

11:26:13.0568 4616        Smb - ok

11:26:13.0621 4616        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

11:26:13.0622 4616        spldr - ok

11:26:13.0700 4616        srv             (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys

11:26:13.0719 4616        srv - ok

11:26:13.0750 4616        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys

11:26:13.0765 4616        srv2 - ok

11:26:13.0784 4616        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys

11:26:13.0786 4616        srvnet - ok

11:26:13.0839 4616        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

11:26:13.0841 4616        swenum - ok

11:26:13.0904 4616        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

11:26:13.0905 4616        Symc8xx - ok

11:26:13.0927 4616        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

11:26:13.0928 4616        Sym_hi - ok

11:26:13.0955 4616        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

11:26:13.0956 4616        Sym_u3 - ok

11:26:14.0001 4616        Tcpip           (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys

11:26:14.0018 4616        Tcpip - ok

11:26:14.0047 4616        Tcpip6          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys

11:26:14.0053 4616        Tcpip6 - ok

11:26:14.0073 4616        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

11:26:14.0074 4616        tcpipreg - ok

11:26:14.0093 4616        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

11:26:14.0094 4616        TDPIPE - ok

11:26:14.0109 4616        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

11:26:14.0110 4616        TDTCP - ok

11:26:14.0129 4616        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

11:26:14.0143 4616        tdx - ok

11:26:14.0214 4616        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

11:26:14.0215 4616        TermDD - ok

11:26:14.0259 4616        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:26:14.0260 4616        tssecsrv - ok

11:26:14.0277 4616        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

11:26:14.0279 4616        tunmp - ok

11:26:14.0287 4616        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

11:26:14.0289 4616        tunnel - ok

11:26:14.0310 4616        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

11:26:14.0311 4616        uagp35 - ok

11:26:14.0335 4616        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

11:26:14.0338 4616        udfs - ok

11:26:14.0380 4616        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

11:26:14.0381 4616        uliagpkx - ok

11:26:14.0401 4616        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

11:26:14.0405 4616        uliahci - ok

11:26:14.0432 4616        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

11:26:14.0435 4616        UlSata - ok

11:26:14.0474 4616        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

11:26:14.0488 4616        ulsata2 - ok

11:26:14.0525 4616        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

11:26:14.0526 4616        umbus - ok

11:26:14.0563 4616        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

11:26:14.0564 4616        USBAAPL - ok

11:26:14.0611 4616        usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

11:26:14.0613 4616        usbaudio - ok

11:26:14.0667 4616        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

11:26:14.0669 4616        usbccgp - ok

11:26:14.0697 4616        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

11:26:14.0699 4616        usbcir - ok

11:26:14.0736 4616        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

11:26:14.0737 4616        usbehci - ok

11:26:14.0767 4616        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

11:26:14.0771 4616        usbhub - ok

11:26:14.0859 4616        USBMULCD        (5f34a6ca03501bf0510bc50238176864) C:\Windows\system32\drivers\CM106.sys

11:26:14.0867 4616        USBMULCD - ok

11:26:14.0892 4616        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

11:26:14.0893 4616        usbohci - ok

11:26:14.0939 4616        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

11:26:14.0940 4616        usbprint - ok

11:26:14.0969 4616        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:26:14.0970 4616        USBSTOR - ok

11:26:15.0008 4616        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

11:26:15.0010 4616        usbuhci - ok

11:26:15.0047 4616        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

11:26:15.0048 4616        vga - ok

11:26:15.0091 4616        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

11:26:15.0092 4616        VgaSave - ok

11:26:15.0121 4616        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

11:26:15.0122 4616        viaagp - ok

11:26:15.0142 4616        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

11:26:15.0143 4616        ViaC7 - ok

11:26:15.0160 4616        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

11:26:15.0161 4616        viaide - ok

11:26:15.0193 4616        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

11:26:15.0195 4616        volmgr - ok

11:26:15.0241 4616        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

11:26:15.0246 4616        volmgrx - ok

11:26:15.0284 4616        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

11:26:15.0288 4616        volsnap - ok

11:26:15.0307 4616        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

11:26:15.0309 4616        vsmraid - ok

11:26:15.0335 4616        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

11:26:15.0336 4616        WacomPen - ok

11:26:15.0370 4616        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:26:15.0372 4616        Wanarp - ok

11:26:15.0387 4616        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:26:15.0388 4616        Wanarpv6 - ok

11:26:15.0426 4616        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

11:26:15.0427 4616        Wd - ok

11:26:15.0477 4616        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

11:26:15.0484 4616        Wdf01000 - ok

11:26:15.0541 4616        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

11:26:15.0542 4616        WmiAcpi - ok

11:26:15.0584 4616        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

11:26:15.0585 4616        WpdUsb - ok

11:26:15.0612 4616        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

11:26:15.0613 4616        ws2ifsl - ok

11:26:15.0642 4616        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:26:15.0644 4616        WUDFRd - ok

11:26:15.0672 4616        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:26:15.0695 4616        \Device\Harddisk0\DR0 - ok

11:26:15.0698 4616        Boot (0x1200)   (bb5540f6d8f8efcd862ae19869997e6a) \Device\Harddisk0\DR0\Partition0

11:26:15.0699 4616        \Device\Harddisk0\DR0\Partition0 - ok

11:26:15.0737 4616        Boot (0x1200)   (b5da5e382cddf6b7f6348674d5b68c34) \Device\Harddisk0\DR0\Partition1

11:26:15.0748 4616        \Device\Harddisk0\DR0\Partition1 - ok

11:26:15.0748 4616        ============================================================

11:26:15.0748 4616        Scan finished

11:26:15.0748 4616        ============================================================

11:26:15.0780 4244        Detected object count: 1

11:26:15.0780 4244        Actual detected object count: 1

11:26:22.0762 4244        KLIF ( Virus.Win32.ZAccess.c ) - skipped by user

11:26:22.0762 4244        KLIF ( Virus.Win32.ZAccess.c ) - User select action: Skip 

11:26:44.0790 5660        Deinitialize success

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Drücke auf Start Scan.
Mache während dem Scan nichts am Rechner
Gehe sicher das Cure ( default ) angehackt ist !
Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste in deiner nächsten Antwort
TDSSKiller Log
Combofix.txt

Hallo Larusso!

Habe das jetzt mit ach und krach geschafft.
Es gab einige probleme.

1) mein PC ist mir wärendessen oft abgeschützt (es war nicht mal ein BlueScreen zusehen)

2) wie ich mit dem TDSSKiller gescannt habe, hat sich meine Taskleiste automatisch von Design umgeändert auf klassisch (jedoch nur die Taskleiste inkl. Startmenü).

3) nach dem ich TDSSKiller ausgeführt habe bekomme ich keine Verbindung mehr zum Internet über meine Netzwerkkarte. (er kommt nicht mehr über die Netzwerkindentifizierung), Jedoch kann ich mich mit meinen Leptop ganz normal verbinden. Treiber der Netzwerkkarte habe ich schon versucht neu zu installierern; ohne erfolg...

Anbei die Logs

TDSSKiller

Code:

17:16:54.0380 3876        TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

17:16:55.0909 3876        ============================================================

17:16:55.0909 3876        Current date / time: 2012/02/24 17:16:55.0909

17:16:55.0909 3876        SystemInfo:

17:16:55.0909 3876        

17:16:55.0925 3876        OS Version: 6.0.6001 ServicePack: 1.0

17:16:55.0925 3876        Product type: Workstation

17:16:55.0925 3876        ComputerName: ZENTRUM

17:16:55.0925 3876        UserName: home

17:16:55.0925 3876        Windows directory: C:\Windows

17:16:55.0925 3876        System windows directory: C:\Windows

17:16:55.0925 3876        Processor architecture: Intel x86

17:16:55.0925 3876        Number of processors: 2

17:16:55.0925 3876        Page size: 0x1000

17:16:55.0925 3876        Boot type: Normal boot

17:16:55.0925 3876        ============================================================

17:16:59.0935 3876        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:16:59.0950 3876        \Device\Harddisk0\DR0:

17:16:59.0982 3876        MBR used

17:16:59.0982 3876        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D

17:16:59.0982 3876        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x149076A5

17:17:00.0138 3876        Initialize success

17:17:00.0138 3876        ============================================================

17:17:01.0479 3904        ============================================================

17:17:01.0479 3904        Scan started

17:17:01.0479 3904        Mode: Manual; 

17:17:01.0479 3904        ============================================================

17:17:03.0320 3904        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

17:17:03.0320 3904        ACPI - ok

17:17:03.0523 3904        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

17:17:03.0538 3904        adp94xx - ok

17:17:03.0726 3904        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

17:17:03.0726 3904        adpahci - ok

17:17:04.0038 3904        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

17:17:04.0038 3904        adpu160m - ok

17:17:04.0069 3904        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

17:17:04.0069 3904        adpu320 - ok

17:17:04.0178 3904        AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

17:17:04.0178 3904        AFD - ok

17:17:04.0225 3904        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

17:17:04.0225 3904        agp440 - ok

17:17:04.0256 3904        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:17:04.0256 3904        aic78xx - ok

17:17:04.0272 3904        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

17:17:04.0272 3904        aliide - ok

17:17:04.0303 3904        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

17:17:04.0303 3904        amdagp - ok

17:17:04.0303 3904        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

17:17:04.0318 3904        amdide - ok

17:17:04.0334 3904        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

17:17:04.0334 3904        AmdK7 - ok

17:17:04.0365 3904        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

17:17:04.0381 3904        AmdK8 - ok

17:17:04.0490 3904        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

17:17:04.0490 3904        arc - ok

17:17:04.0537 3904        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

17:17:04.0537 3904        arcsas - ok

17:17:04.0615 3904        AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys

17:17:04.0615 3904        AsIO - ok

17:17:04.0646 3904        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:17:04.0646 3904        AsyncMac - ok

17:17:04.0677 3904        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

17:17:04.0677 3904        atapi - ok

17:17:04.0771 3904        AtcL001         (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys

17:17:04.0771 3904        AtcL001 - ok

17:17:04.0864 3904        athrusb         (465293fd9f2e31a18c5b64a7a578d601) C:\Windows\system32\DRIVERS\athrusb.sys

17:17:04.0911 3904        athrusb - ok

17:17:04.0989 3904        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:17:05.0036 3904        Beep - ok

17:17:05.0052 3904        blbdrive - ok

17:17:05.0114 3904        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

17:17:05.0145 3904        bowser - ok

17:17:05.0192 3904        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:17:05.0208 3904        BrFiltLo - ok

17:17:05.0239 3904        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:17:05.0254 3904        BrFiltUp - ok

17:17:05.0301 3904        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:17:05.0332 3904        Brserid - ok

17:17:05.0364 3904        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:17:05.0379 3904        BrSerWdm - ok

17:17:05.0457 3904        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:17:05.0473 3904        BrUsbMdm - ok

17:17:05.0504 3904        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:17:05.0535 3904        BrUsbSer - ok

17:17:05.0582 3904        BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

17:17:05.0598 3904        BthEnum - ok

17:17:05.0629 3904        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:17:05.0644 3904        BTHMODEM - ok

17:17:05.0676 3904        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

17:17:05.0738 3904        BthPan - ok

17:17:05.0785 3904        BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys

17:17:05.0816 3904        BTHPORT - ok

17:17:05.0847 3904        BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys

17:17:05.0878 3904        BTHUSB - ok

17:17:06.0331 3904        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:17:06.0331 3904        cdfs - ok

17:17:06.0424 3904        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

17:17:06.0424 3904        cdrom - ok

17:17:06.0487 3904        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

17:17:06.0487 3904        circlass - ok

17:17:06.0549 3904        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

17:17:06.0549 3904        CLFS - ok

17:17:06.0627 3904        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

17:17:06.0627 3904        cmdide - ok

17:17:06.0643 3904        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

17:17:06.0643 3904        Compbatt - ok

17:17:06.0705 3904        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

17:17:06.0705 3904        crcdisk - ok

17:17:06.0721 3904        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

17:17:06.0721 3904        Crusoe - ok

17:17:06.0830 3904        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

17:17:06.0830 3904        DfsC - ok

17:17:06.0924 3904        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

17:17:06.0924 3904        disk - ok

17:17:07.0080 3904        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:17:07.0095 3904        drmkaud - ok

17:17:07.0158 3904        dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:17:07.0158 3904        dtsoftbus01 - ok

17:17:07.0220 3904        DXGKrnl         (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys

17:17:07.0220 3904        DXGKrnl - ok

17:17:07.0282 3904        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:17:07.0282 3904        E1G60 - ok

17:17:07.0345 3904        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

17:17:07.0345 3904        Ecache - ok

17:17:07.0423 3904        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

17:17:07.0423 3904        elxstor - ok

17:17:07.0501 3904        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

17:17:07.0501 3904        exfat - ok

17:17:07.0548 3904        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

17:17:07.0548 3904        fastfat - ok

17:17:07.0610 3904        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:17:07.0641 3904        fdc - ok

17:17:07.0657 3904        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:17:07.0657 3904        FileInfo - ok

17:17:07.0704 3904        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:17:07.0704 3904        Filetrace - ok

17:17:07.0735 3904        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:17:07.0735 3904        flpydisk - ok

17:17:07.0766 3904        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

17:17:07.0766 3904        FltMgr - ok

17:17:07.0813 3904        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:17:07.0813 3904        Fs_Rec - ok

17:17:07.0844 3904        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

17:17:07.0844 3904        gagp30kx - ok

17:17:07.0875 3904        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:17:07.0891 3904        GEARAspiWDM - ok

17:17:07.0953 3904        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:17:07.0953 3904        HdAudAddService - ok

17:17:07.0984 3904        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:17:07.0984 3904        HDAudBus - ok

17:17:08.0031 3904        HidBth          (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys

17:17:08.0031 3904        HidBth - ok

17:17:08.0078 3904        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:17:08.0078 3904        HidIr - ok

17:17:08.0109 3904        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

17:17:08.0109 3904        HidUsb - ok

17:17:08.0140 3904        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

17:17:08.0140 3904        HpCISSs - ok

17:17:08.0187 3904        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys

17:17:08.0187 3904        HTTP - ok

17:17:08.0218 3904        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

17:17:08.0218 3904        i2omp - ok

17:17:08.0328 3904        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:17:08.0328 3904        i8042prt - ok

17:17:08.0343 3904        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

17:17:08.0343 3904        iaStorV - ok

17:17:08.0359 3904        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:17:08.0359 3904        iirsp - ok

17:17:08.0406 3904        InCDfs          (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys

17:17:08.0406 3904        InCDfs - ok

17:17:08.0421 3904        InCDPass        (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys

17:17:08.0421 3904        InCDPass - ok

17:17:08.0437 3904        InCDrec         (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys

17:17:08.0437 3904        InCDrec - ok

17:17:08.0437 3904        incdrm          (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys

17:17:08.0437 3904        incdrm - ok

17:17:08.0577 3904        IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys

17:17:08.0593 3904        IntcAzAudAddService - ok

17:17:08.0640 3904        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

17:17:08.0640 3904        intelide - ok

17:17:08.0655 3904        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

17:17:08.0655 3904        intelppm - ok

17:17:08.0686 3904        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:17:08.0702 3904        IpFilterDriver - ok

17:17:08.0702 3904        IpInIp - ok

17:17:08.0733 3904        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

17:17:08.0733 3904        IPMIDRV - ok

17:17:08.0796 3904        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:17:08.0811 3904        IPNAT - ok

17:17:08.0842 3904        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:17:08.0842 3904        IRENUM - ok

17:17:08.0874 3904        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

17:17:08.0874 3904        isapnp - ok

17:17:08.0905 3904        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

17:17:09.0544 3904        iScsiPrt - ok

17:17:09.0669 3904        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:17:09.0669 3904        iteatapi - ok

17:17:09.0669 3904        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:17:09.0669 3904        iteraid - ok

17:17:09.0700 3904        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:17:09.0700 3904        kbdclass - ok

17:17:09.0747 3904        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

17:17:09.0747 3904        kbdhid - ok

17:17:09.0810 3904        KL1             (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys

17:17:09.0825 3904        KL1 - ok

17:17:09.0856 3904        kl2             (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys

17:17:09.0856 3904        kl2 - ok

17:17:09.0888 3904        KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys

17:17:09.0888 3904        KLIF - ok

17:17:09.0919 3904        KLIM6           (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys

17:17:09.0919 3904        KLIM6 - ok

17:17:09.0934 3904        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys

17:17:09.0934 3904        klmouflt - ok

17:17:10.0012 3904        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys

17:17:10.0012 3904        KSecDD - ok

17:17:10.0075 3904        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:17:10.0075 3904        lltdio - ok

17:17:10.0137 3904        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

17:17:10.0137 3904        LSI_FC - ok

17:17:10.0184 3904        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

17:17:10.0184 3904        LSI_SAS - ok

17:17:10.0231 3904        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

17:17:10.0231 3904        LSI_SCSI - ok

17:17:10.0293 3904        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:17:10.0293 3904        luafv - ok

17:17:10.0324 3904        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

17:17:10.0356 3904        MBAMProtector - ok

17:17:10.0387 3904        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

17:17:10.0387 3904        megasas - ok

17:17:10.0449 3904        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:17:10.0449 3904        Modem - ok

17:17:10.0480 3904        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:17:10.0480 3904        monitor - ok

17:17:10.0512 3904        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:17:10.0512 3904        mouclass - ok

17:17:10.0558 3904        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:17:10.0558 3904        mouhid - ok

17:17:10.0574 3904        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:17:10.0574 3904        MountMgr - ok

17:17:10.0621 3904        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

17:17:10.0621 3904        mpio - ok

17:17:10.0652 3904        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:17:10.0652 3904        mpsdrv - ok

17:17:10.0839 3904        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:17:10.0839 3904        Mraid35x - ok

17:17:10.0917 3904        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

17:17:10.0917 3904        MRxDAV - ok

17:17:11.0058 3904        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:17:11.0058 3904        mrxsmb - ok

17:17:11.0198 3904        mrxsmb10        (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:17:11.0198 3904        mrxsmb10 - ok

17:17:11.0370 3904        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:17:11.0370 3904        mrxsmb20 - ok

17:17:11.0401 3904        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

17:17:11.0401 3904        msahci - ok

17:17:11.0416 3904        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

17:17:11.0416 3904        msdsm - ok

17:17:11.0619 3904        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:17:11.0619 3904        Msfs - ok

17:17:11.0728 3904        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:17:11.0728 3904        msisadrv - ok

17:17:11.0760 3904        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:17:11.0760 3904        MSKSSRV - ok

17:17:11.0806 3904        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:17:11.0806 3904        MSPCLOCK - ok

17:17:11.0822 3904        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:17:11.0822 3904        MSPQM - ok

17:17:11.0853 3904        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

17:17:11.0853 3904        MsRPC - ok

17:17:11.0962 3904        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:17:11.0962 3904        mssmbios - ok

17:17:12.0040 3904        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:17:12.0040 3904        MSTEE - ok

17:17:12.0056 3904        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys

17:17:12.0056 3904        MTsensor - ok

17:17:12.0274 3904        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

17:17:12.0274 3904        Mup - ok

17:17:12.0430 3904        NativeWifiP     (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys

17:17:12.0430 3904        NativeWifiP - ok

17:17:12.0696 3904        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

17:17:12.0696 3904        NDIS - ok

17:17:12.0930 3904        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:17:12.0930 3904        NdisTapi - ok

17:17:12.0945 3904        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:17:12.0945 3904        Ndisuio - ok

17:17:13.0164 3904        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

17:17:13.0164 3904        NdisWan - ok

17:17:13.0320 3904        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:17:13.0335 3904        NDProxy - ok

17:17:13.0398 3904        Netaapl         (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys

17:17:13.0398 3904        Netaapl - ok

17:17:13.0444 3904        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:17:13.0444 3904        NetBIOS - ok

17:17:13.0460 3904        netbt           (be4a82e1ce1e15f88e09fe7619d110c4) C:\Windows\system32\DRIVERS\netbt.sys

17:17:13.0460 3904        Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: be4a82e1ce1e15f88e09fe7619d110c4, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02

17:17:13.0460 3904        netbt ( Virus.Win32.ZAccess.c ) - infected

17:17:13.0460 3904        netbt - detected Virus.Win32.ZAccess.c (0)

17:17:13.0694 3904        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:17:13.0710 3904        nfrd960 - ok

17:17:13.0897 3904        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

17:17:13.0897 3904        Npfs - ok

17:17:14.0131 3904        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:17:14.0131 3904        nsiproxy - ok

17:17:14.0427 3904        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

17:17:14.0443 3904        Ntfs - ok

17:17:14.0568 3904        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:17:14.0583 3904        ntrigdigi - ok

17:17:14.0614 3904        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:17:14.0614 3904        Null - ok

17:17:14.0895 3904        nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:17:14.0958 3904        nvlddmkm - ok

17:17:15.0082 3904        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

17:17:15.0098 3904        nvraid - ok

17:17:15.0129 3904        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

17:17:15.0129 3904        nvstor - ok

17:17:15.0207 3904        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

17:17:15.0207 3904        nv_agp - ok

17:17:15.0254 3904        NwlnkFlt - ok

17:17:15.0348 3904        NwlnkFwd - ok

17:17:15.0613 3904        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

17:17:15.0613 3904        ohci1394 - ok

17:17:16.0081 3904        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:17:16.0081 3904        Parport - ok

17:17:16.0096 3904        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

17:17:16.0096 3904        partmgr - ok

17:17:16.0128 3904        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:17:16.0128 3904        Parvdm - ok

17:17:16.0143 3904        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

17:17:16.0143 3904        pci - ok

17:17:16.0190 3904        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

17:17:16.0190 3904        pciide - ok

17:17:16.0206 3904        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:17:16.0221 3904        pcmcia - ok

17:17:16.0268 3904        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:17:16.0284 3904        PEAUTH - ok

17:17:16.0362 3904        Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys

17:17:16.0362 3904        Point32 - ok

17:17:16.0471 3904        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:17:16.0471 3904        PptpMiniport - ok

17:17:16.0502 3904        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

17:17:16.0518 3904        Processor - ok

17:17:16.0642 3904        PSched          (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys

17:17:16.0642 3904        PSched - ok

17:17:16.0736 3904        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

17:17:16.0752 3904        ql2300 - ok

17:17:16.0767 3904        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:17:16.0783 3904        ql40xx - ok

17:17:16.0814 3904        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:17:16.0814 3904        QWAVEdrv - ok

17:17:16.0845 3904        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:17:16.0845 3904        RasAcd - ok

17:17:16.0876 3904        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:17:16.0876 3904        Rasl2tp - ok

17:17:16.0892 3904        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

17:17:16.0892 3904        RasPppoe - ok

17:17:16.0908 3904        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

17:17:16.0908 3904        RasSstp - ok

17:17:16.0923 3904        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

17:17:16.0939 3904        rdbss - ok

17:17:16.0939 3904        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:17:16.0939 3904        RDPCDD - ok

17:17:16.0986 3904        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

17:17:16.0986 3904        rdpdr - ok

17:17:17.0001 3904        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:17:17.0001 3904        RDPENCDD - ok

17:17:17.0032 3904        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

17:17:17.0032 3904        RDPWD - ok

17:17:17.0095 3904        RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

17:17:17.0095 3904        RFCOMM - ok

17:17:17.0204 3904        RsFx0150        (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys

17:17:17.0220 3904        RsFx0150 - ok

17:17:17.0298 3904        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:17:17.0298 3904        rspndr - ok

17:17:17.0360 3904        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:17:17.0360 3904        sbp2port - ok

17:17:17.0391 3904        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:17:17.0407 3904        secdrv - ok

17:17:17.0454 3904        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

17:17:17.0469 3904        Serenum - ok

17:17:17.0532 3904        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

17:17:17.0532 3904        Serial - ok

17:17:17.0578 3904        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:17:17.0594 3904        sermouse - ok

17:17:17.0672 3904        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

17:17:17.0703 3904        sffdisk - ok

17:17:17.0781 3904        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

17:17:17.0781 3904        sffp_mmc - ok

17:17:17.0828 3904        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

17:17:17.0828 3904        sffp_sd - ok

17:17:17.0859 3904        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:17:17.0859 3904        sfloppy - ok

17:17:17.0906 3904        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

17:17:17.0906 3904        sisagp - ok

17:17:17.0922 3904        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

17:17:17.0922 3904        SiSRaid2 - ok

17:17:17.0937 3904        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

17:17:17.0937 3904        SiSRaid4 - ok

17:17:18.0000 3904        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

17:17:18.0000 3904        Smb - ok

17:17:18.0093 3904        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:17:18.0093 3904        spldr - ok

17:17:18.0249 3904        srv             (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys

17:17:18.0296 3904        srv - ok

17:17:18.0358 3904        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys

17:17:18.0390 3904        srv2 - ok

17:17:18.0468 3904        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys

17:17:18.0468 3904        srvnet - ok

17:17:18.0608 3904        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:17:18.0608 3904        swenum - ok

17:17:18.0717 3904        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:17:18.0733 3904        Symc8xx - ok

17:17:18.0764 3904        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:17:18.0780 3904        Sym_hi - ok

17:17:18.0826 3904        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:17:18.0826 3904        Sym_u3 - ok

17:17:18.0873 3904        Tcpip           (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys

17:17:18.0904 3904        Tcpip - ok

17:17:18.0936 3904        Tcpip6          (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys

17:17:18.0936 3904        Tcpip6 - ok

17:17:18.0951 3904        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

17:17:18.0951 3904        tcpipreg - ok

17:17:18.0982 3904        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:17:18.0982 3904        TDPIPE - ok

17:17:18.0998 3904        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:17:18.0998 3904        TDTCP - ok

17:17:19.0014 3904        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

17:17:19.0029 3904        tdx - ok

17:17:19.0092 3904        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

17:17:19.0092 3904        TermDD - ok

17:17:19.0154 3904        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:17:19.0170 3904        tssecsrv - ok

17:17:19.0216 3904        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:17:19.0232 3904        tunmp - ok

17:17:19.0248 3904        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

17:17:19.0263 3904        tunnel - ok

17:17:19.0279 3904        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

17:17:19.0294 3904        uagp35 - ok

17:17:19.0326 3904        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

17:17:19.0341 3904        udfs - ok

17:17:19.0372 3904        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

17:17:19.0372 3904        uliagpkx - ok

17:17:19.0404 3904        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

17:17:19.0419 3904        uliahci - ok

17:17:19.0435 3904        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:17:19.0435 3904        UlSata - ok

17:17:19.0450 3904        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:17:19.0450 3904        ulsata2 - ok

17:17:19.0482 3904        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:17:19.0482 3904        umbus - ok

17:17:19.0528 3904        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

17:17:19.0528 3904        USBAAPL - ok

17:17:19.0591 3904        usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

17:17:19.0591 3904        usbaudio - ok

17:17:19.0622 3904        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:17:19.0622 3904        usbccgp - ok

17:17:19.0638 3904        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:17:19.0638 3904        usbcir - ok

17:17:19.0700 3904        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

17:17:19.0700 3904        usbehci - ok

17:17:19.0716 3904        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

17:17:19.0716 3904        usbhub - ok

17:17:19.0747 3904        USBMULCD        (5f34a6ca03501bf0510bc50238176864) C:\Windows\system32\drivers\CM106.sys

17:17:19.0762 3904        USBMULCD - ok

17:17:19.0794 3904        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

17:17:19.0809 3904        usbohci - ok

17:17:19.0856 3904        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:17:19.0872 3904        usbprint - ok

17:17:19.0934 3904        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:17:19.0950 3904        USBSTOR - ok

17:17:20.0012 3904        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

17:17:20.0012 3904        usbuhci - ok

17:17:20.0059 3904        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

17:17:20.0059 3904        vga - ok

17:17:20.0121 3904        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:17:20.0121 3904        VgaSave - ok

17:17:20.0152 3904        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

17:17:20.0152 3904        viaagp - ok

17:17:20.0168 3904        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

17:17:20.0184 3904        ViaC7 - ok

17:17:20.0199 3904        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

17:17:20.0199 3904        viaide - ok

17:17:20.0230 3904        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:17:20.0230 3904        volmgr - ok

17:17:20.0277 3904        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

17:17:20.0293 3904        volmgrx - ok

17:17:20.0308 3904        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

17:17:20.0324 3904        volsnap - ok

17:17:20.0355 3904        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

17:17:20.0355 3904        vsmraid - ok

17:17:20.0433 3904        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:17:20.0433 3904        WacomPen - ok

17:17:20.0480 3904        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:17:20.0496 3904        Wanarp - ok

17:17:20.0542 3904        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:17:20.0542 3904        Wanarpv6 - ok

17:17:20.0589 3904        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

17:17:20.0620 3904        Wd - ok

17:17:20.0792 3904        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

17:17:20.0808 3904        Wdf01000 - ok

17:17:21.0166 3904        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

17:17:21.0182 3904        WmiAcpi - ok

17:17:21.0432 3904        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

17:17:21.0447 3904        WpdUsb - ok

17:17:21.0556 3904        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:17:21.0556 3904        ws2ifsl - ok

17:17:21.0603 3904        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:17:21.0603 3904        WUDFRd - ok

17:17:21.0650 3904        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:17:21.0681 3904        \Device\Harddisk0\DR0 - ok

17:17:21.0681 3904        Boot (0x1200)   (bb5540f6d8f8efcd862ae19869997e6a) \Device\Harddisk0\DR0\Partition0

17:17:21.0681 3904        \Device\Harddisk0\DR0\Partition0 - ok

17:17:21.0712 3904        Boot (0x1200)   (b5da5e382cddf6b7f6348674d5b68c34) \Device\Harddisk0\DR0\Partition1

17:17:21.0728 3904        \Device\Harddisk0\DR0\Partition1 - ok

17:17:21.0728 3904        ============================================================

17:17:21.0728 3904        Scan finished

17:17:21.0728 3904        ============================================================

17:17:21.0744 2948        Detected object count: 1

17:17:21.0744 2948        Actual detected object count: 1

17:17:24.0052 2948        C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine

17:17:25.0316 2948        Backup copy found, using it..

17:17:25.0425 2948        C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot

17:17:34.0321 2948        netbt ( Virus.Win32.ZAccess.c ) - User select action: Cure 

17:17:36.0761 2256        Deinitialize success

ComboFix
[CODE]
Combofix Logfile:

Code:

ComboFix 12-02-24.02 - home 24.02.2012  17:38:01.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1901 [GMT 1:00]

ausgeführt von:: c:\users\home\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

        /wow section - STAGE 31

Zugriff verweigert

Zugriff verweigert

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Recycle.Bin

c:\windows\$NtUninstallKB43143$\2682074970\@

c:\windows\$NtUninstallKB43143$\2682074970\cfg.ini

c:\windows\$NtUninstallKB43143$\2682074970\Desktop.ini

c:\windows\$NtUninstallKB43143$\2682074970\L\qnbwvoto

c:\windows\$NtUninstallKB43143$\778343365

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

.

Infizierte Kopie von c:\windows\system32\drivers\dfsc.sys wurde gefunden und desinfiziert 

Kopie von - The cat found it :) wurde wiederhergestellt 

c:\windows\system32\drivers\afd.sys fehlte 

Kopie von - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys wurde wiederhergestellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))

.

.

2012-02-22 20:16 . 2012-02-22 21:01        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-22 20:16 . 2012-02-22 20:16        --------        d-----w-        c:\users\home\AppData\Roaming\Malwarebytes

2012-02-22 20:15 . 2012-02-22 20:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-22 20:15 . 2012-02-22 20:15        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-22 20:15 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\users\home\AppData\Roaming\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\users\home\AppData\Roaming\DriverCure

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\programdata\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\program files\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\program files\Common Files\SpeedyPC Software

2012-02-20 23:57 . 2012-02-20 23:57        --------        d-----w-        c:\users\home\DoctorWeb

2012-02-20 13:13 . 2012-02-24 16:17        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-02-19 17:30 . 2012-02-19 17:30        --------        d-----w-        c:\users\home\AppData\Roaming\dvdcss

2012-02-19 04:20 . 2012-02-19 15:51        --------        d-----w-        c:\users\home\AppData\Roaming\Uxul

2012-02-19 04:20 . 2012-02-19 04:26        --------        d-----w-        c:\users\home\AppData\Roaming\Tuip

2012-02-19 04:05 . 2012-02-24 16:17        0        --sha-w-        c:\windows\system32\dds_trash_log.cmd

2012-02-15 04:40 . 2012-02-15 04:40        --------        d-----w-        c:\users\home\AppData\Roaming\Download Manager

2012-02-07 23:19 . 2012-02-07 23:24        --------        d-----w-        c:\program files\JDownloader

2012-02-07 23:18 . 2012-02-07 23:18        237        ----a-w-        C:\user.js

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\users\home\AppData\Local\Babylon

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\users\home\AppData\Roaming\Babylon

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\programdata\Babylon

2012-02-07 22:55 . 2012-02-07 22:56        --------        d-----w-        c:\users\home\AppData\Roaming\FileZilla

2012-02-07 22:42 . 2012-02-08 21:33        --------        d-----w-        c:\program files\CesarFTP

2012-02-07 21:03 . 2012-02-07 21:03        --------        d-----w-        c:\users\home\AppData\Local\Xenocode

2012-01-29 21:12 . 2012-01-29 21:12        --------        d-----w-        c:\users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-01-27 00:50 . 2010-04-03 10:51        47456        ----a-w-        c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll

2012-01-27 00:50 . 2010-04-03 10:51        73568        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll

2012-01-27 00:49 . 2012-01-27 00:49        348256        ----a-w-        c:\programdata\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll

2012-01-27 00:49 . 2012-01-27 00:49        348256        ----a-w-        c:\programdata\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll

2012-01-27 00:48 . 2012-01-27 00:48        --------        d-----w-        c:\windows\system32\RsFx

2012-01-27 00:43 . 2012-01-27 00:43        416        ----a-w-        c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft SDKs

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft Visual Studio 9.0

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft Synchronization Services

2012-01-27 00:40 . 2012-01-27 00:40        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition

2012-01-27 00:40 . 2012-01-27 00:40        --------        d-----w-        c:\windows\system32\1033

2012-01-27 00:18 . 2009-11-08 17:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2012-01-27 00:18 . 2009-11-08 17:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2012-01-27 00:18 . 2009-11-08 17:55        297808        ----a-w-        c:\windows\system32\mscoree.dll

2012-01-27 00:18 . 2009-11-08 17:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2012-01-27 00:18 . 2009-11-08 17:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2012-01-27 00:02 . 2012-01-27 00:02        --------        d-----w-        c:\users\home\AppData\Local\Microsoft_Corporation

2012-01-27 00:00 . 2012-01-27 00:48        --------        d-----w-        c:\program files\Microsoft SQL Server

2012-01-26 23:50 . 2008-04-18 02:33        2560        ----a-w-        c:\windows\system32\msimsg.dll

2012-01-26 23:50 . 2008-04-18 05:30        332800        ----a-w-        c:\windows\system32\msihnd.dll

2012-01-26 23:50 . 2008-04-18 05:30        2241536        ----a-w-        c:\windows\system32\msi.dll

2012-01-26 23:50 . 2008-04-18 02:33        73216        ----a-w-        c:\windows\system32\msiexec.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 16:18 . 2011-04-18 00:31        184320        ----a-w-        c:\windows\system32\drivers\netbt.sys

2012-02-22 23:21 . 2011-04-18 00:31        71680        ----a-w-        c:\windows\system32\drivers\tdx.sys

2012-02-22 20:46 . 2011-04-18 00:15        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-02-20 23:05 . 2011-04-18 00:31        67072        ----a-w-        c:\windows\system32\drivers\cdrom.sys

2012-02-20 13:14 . 2011-04-18 00:31        66560        ----a-w-        c:\windows\system32\drivers\smb.sys

2012-02-19 01:17 . 2011-04-17 20:04        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-02-24 2000712]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2011-04-17 6144000]

"Skytel"="Skytel.exe" [2011-04-17 1826816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

.

c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 00:12        483328        ----a-w-        c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 01:44        500208        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2010-03-09 02:28        11989960        ----a-w-        c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57        406992        ----a-w-        c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoEJCD_0ACE20FF]

2011-04-17 19:47        40960        ----a-w-        c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-24 22:39        136176        ----atw-        c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 13:55        1057328        ----a-w-        c:\program files\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 20:55        54832        ----a-w-        c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2011-04-23 00:20        557056        ----a-w-        c:\program files\lg_fwupdate\fwupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 13:10        56928        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 13:55        1628208        ----a-w-        c:\program files\Nero\Nero 7\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 11:37        517096        ----a-w-        c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

CTAudSvcService

d-link_st3402

netcfgsvr

msmpsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job

- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job

- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]

.

2012-02-21 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]

.

2012-02-23 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]

.

2012-02-21 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{C1314B95-FC2D-4D0A-A6C8-B8FD87E59B1E}.job

- c:\windows\system32\msfeedssync.exe [2011-05-19 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube Download - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -

LSP: mswsock.dll

FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Cm106Sound - cm106.cpl

SafeBoot-09910596.sys

SafeBoot-14559450.sys

SafeBoot-16333381.sys

SafeBoot-27101916.sys

SafeBoot-28873028.sys

SafeBoot-29502835.sys

SafeBoot-67791138.sys

SafeBoot-97360579.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-24 17:51

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

c:\windows\$NtUninstallKB43143$:SummaryInformation 0 bytes hidden from API

.

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]

"ImagePath"="."

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]

"ImagePath"="."

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\ASUS\AASP\1.00.65\aaCenter.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe

c:\program files\TeamViewer\Version7\TeamViewer_Service.exe

c:\program files\TeamViewer\Version7\TeamViewer.exe

c:\program files\TeamViewer\Version7\tv_w32.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-24  17:57:17 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-24 16:57

.

Vor Suchlauf: 7.521.710.080 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 12.426.514.432 Bytes frei

.

- - End Of File - - F45D1B62AAA004A8FA5D03502E9D56D7

--- --- ---

... jetzt ist oben drein noch der Antivirenschutz von kaspersky von selbst deaktivert und lässt sich auch nicht mehr aktivieren.

habe schon versucht kis neu zu installieren. nach einem neustart bekomme ich dann wieder die meldung von kis:

Beschätigte Schutzkomponenten (es wird empfohlen neu zu installieren)
Datei-Antivirus wurde deaktivert
Web-Anti-Viris wurde deaktivert
... und natürlich lässt sich nicht aktivieren :(

SP: Kaspersky Internet Security *Enabled/Updated

Warum war es beim Lauf von CF an ? Lies meine Anleitungen genau, oder du ( nicht ich ) schrottest dein System.

Deinstalliere Kaspersky.

Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version.

Speichere diese auf dem Desktop.
Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind.

habe CF gestartet und die Warnung ist gleich aufgetaucht das ich Kis noch anhabe. habe diesen dann gleich beendet und bin dann erst auf CF fortgefahren.

daher denke ich das das noch in den logs dabei stand.

hab jetzt CF runtergeladen, hatte natürlich viele abstürtzte, aber habe es doch geschaft.
anbei die Logs

Combofix Logfile:

Code:

ComboFix 12-02-24.02 - home 25.02.2012  12:50:03.3.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.2098 [GMT 1:00]

ausgeführt von:: c:\users\home\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB43143$\2682074970\@

c:\windows\$NtUninstallKB43143$\2682074970\cfg.ini

c:\windows\$NtUninstallKB43143$\2682074970\Desktop.ini

c:\windows\$NtUninstallKB43143$\2682074970\L\qnbwvoto

c:\windows\$NtUninstallKB43143$\3818015518

.

Infizierte Kopie von c:\windows\system32\drivers\Serial.sys wurde gefunden und desinfiziert 

Kopie von - The cat found it :) wurde wiederhergestellt 

c:\windows\system32\drivers\netbt.sys fehlte 

Kopie von - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys wurde wiederhergestellt

.

c:\windows\system32\drivers\Serial.sys fehlte 

Kopie von - c:\windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys wurde wiederhergestellt

.

c:\windows\system32\drivers\tdx.sys fehlte 

Kopie von - c:\windows\ERDNT\cache\tdx.sys wurde wiederhergestellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-25 bis 2012-02-25  ))))))))))))))))))))))))))))))

.

.

2012-02-25 11:56 . 2012-02-25 12:57        --------        d-----w-        c:\users\home\AppData\Local\temp

2012-02-25 11:56 . 2012-02-25 11:56        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-25 11:56 . 2012-02-22 23:21        71680        ----a-w-        c:\windows\system32\drivers\tdx.sys

2012-02-25 11:56 . 2008-01-18 19:49        83456        ----a-w-        c:\windows\system32\drivers\Serial.sys

2012-02-25 11:56 . 2006-11-02 08:57        184320        ----a-w-        c:\windows\system32\drivers\netbt.sys

2012-02-25 01:27 . 2012-02-25 01:28        --------        d-----w-        c:\users\home\{955087eb-dec1-4669-9107-69b935151dad}

2012-02-25 00:41 . 2012-02-25 00:42        --------        d-----w-        c:\users\home\{dc67af90-3250-42a2-88db-60c805eaefda}

2012-02-22 20:16 . 2012-02-22 21:01        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-22 20:16 . 2012-02-22 20:16        --------        d-----w-        c:\users\home\AppData\Roaming\Malwarebytes

2012-02-22 20:15 . 2012-02-22 20:15        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\users\home\AppData\Roaming\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\users\home\AppData\Roaming\DriverCure

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\programdata\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\program files\SpeedyPC Software

2012-02-21 01:44 . 2012-02-21 01:44        --------        d-----w-        c:\program files\Common Files\SpeedyPC Software

2012-02-20 23:57 . 2012-02-20 23:57        --------        d-----w-        c:\users\home\DoctorWeb

2012-02-20 13:13 . 2012-02-24 23:11        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-02-19 17:30 . 2012-02-19 17:30        --------        d-----w-        c:\users\home\AppData\Roaming\dvdcss

2012-02-19 04:20 . 2012-02-19 15:51        --------        d-----w-        c:\users\home\AppData\Roaming\Uxul

2012-02-19 04:20 . 2012-02-19 04:26        --------        d-----w-        c:\users\home\AppData\Roaming\Tuip

2012-02-19 04:05 . 2012-02-25 01:35        0        --sha-w-        c:\windows\system32\dds_trash_log.cmd

2012-02-15 04:40 . 2012-02-15 04:40        --------        d-----w-        c:\users\home\AppData\Roaming\Download Manager

2012-02-07 23:19 . 2012-02-07 23:24        --------        d-----w-        c:\program files\JDownloader

2012-02-07 23:18 . 2012-02-07 23:18        237        ----a-w-        C:\user.js

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\users\home\AppData\Local\Babylon

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\users\home\AppData\Roaming\Babylon

2012-02-07 23:18 . 2012-02-07 23:18        --------        d-----w-        c:\programdata\Babylon

2012-02-07 22:55 . 2012-02-07 22:56        --------        d-----w-        c:\users\home\AppData\Roaming\FileZilla

2012-02-07 22:42 . 2012-02-08 21:33        --------        d-----w-        c:\program files\CesarFTP

2012-02-07 21:03 . 2012-02-07 21:03        --------        d-----w-        c:\users\home\AppData\Local\Xenocode

2012-01-29 21:12 . 2012-01-29 21:12        --------        d-----w-        c:\users\home\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-01-27 00:50 . 2010-04-03 10:51        47456        ----a-w-        c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll

2012-01-27 00:50 . 2010-04-03 10:51        73568        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll

2012-01-27 00:49 . 2012-01-27 00:49        348256        ----a-w-        c:\programdata\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll

2012-01-27 00:49 . 2012-01-27 00:49        348256        ----a-w-        c:\programdata\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll

2012-01-27 00:48 . 2012-01-27 00:48        --------        d-----w-        c:\windows\system32\RsFx

2012-01-27 00:43 . 2012-01-27 00:43        416        ----a-w-        c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft SDKs

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft Visual Studio 9.0

2012-01-27 00:41 . 2012-01-27 00:41        --------        d-----w-        c:\program files\Microsoft Synchronization Services

2012-01-27 00:40 . 2012-01-27 00:40        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition

2012-01-27 00:40 . 2012-01-27 00:40        --------        d-----w-        c:\windows\system32\1033

2012-01-27 00:18 . 2009-11-08 17:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2012-01-27 00:18 . 2009-11-08 17:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll

2012-01-27 00:18 . 2009-11-08 17:55        297808        ----a-w-        c:\windows\system32\mscoree.dll

2012-01-27 00:18 . 2009-11-08 17:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

2012-01-27 00:18 . 2009-11-08 17:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll

2012-01-27 00:02 . 2012-01-27 00:02        --------        d-----w-        c:\users\home\AppData\Local\Microsoft_Corporation

2012-01-27 00:00 . 2012-01-27 00:48        --------        d-----w-        c:\program files\Microsoft SQL Server

2012-01-26 23:50 . 2008-04-18 02:33        2560        ----a-w-        c:\windows\system32\msimsg.dll

2012-01-26 23:50 . 2008-04-18 05:30        332800        ----a-w-        c:\windows\system32\msihnd.dll

2012-01-26 23:50 . 2008-04-18 05:30        2241536        ----a-w-        c:\windows\system32\msi.dll

2012-01-26 23:50 . 2008-04-18 02:33        73216        ----a-w-        c:\windows\system32\msiexec.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 23:12 . 2012-02-24 23:18        270336        ----a-w-        c:\windows\system32\drivers\afd.svs

2012-02-22 20:46 . 2011-04-18 00:15        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-02-20 23:05 . 2011-04-18 00:31        67072        ----a-w-        c:\windows\system32\drivers\cdrom.sys

2012-02-19 01:17 . 2011-04-17 20:04        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-02-24 2000712]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2011-04-17 6144000]

"Skytel"="Skytel.exe" [2011-04-17 1826816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 00:12        483328        ----a-w-        c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 01:44        500208        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2010-03-09 02:28        11989960        ----a-w-        c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57        406992        ----a-w-        c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoEJCD_0ACE20FF]

2011-04-17 19:47        40960        ----a-w-        c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-24 22:39        136176        ----atw-        c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 13:55        1057328        ----a-w-        c:\program files\Nero\Nero 7\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 20:55        54832        ----a-w-        c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2011-04-23 00:20        557056        ----a-w-        c:\program files\lg_fwupdate\fwupdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 13:10        56928        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 13:55        1628208        ----a-w-        c:\program files\Nero\Nero 7\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 11:37        517096        ----a-w-        c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

CTAudSvcService

d-link_st3402

netcfgsvr

msmpsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 22:39]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000Core.job

- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083056984-481911269-1076263038-1000UA.job

- c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 22:39]

.

2012-02-25 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]

.

2012-02-24 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]

.

2012-02-21 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{6CF365E2-7ACF-4FE6-B1B9-CE1B0AD25921}.job

- c:\windows\system32\msfeedssync.exe [2011-05-19 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.babylon.com/?AF=109794&babsrc=HP_ss&mntrId=8e877628000000000000001e8c652b00

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube Download - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -

LSP: mswsock.dll

TCP: Interfaces\{030B40A1-24D1-403A-B65C-A9AA523ED5B1}: NameServer = 212.186.211.21,195.34.133.21

FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ye27xncc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(696)

c:\windows\system32\mswsock.dll

mswsock.dll     75460000   241664 \\.\globalroot\systemroot\system32\mswsock.dll

.

- - - - - - - > 'Explorer.exe'(3860)

c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ASUS\AASP\1.00.65\aaCenter.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-25  14:00:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-25 13:00

ComboFix2.txt  2012-02-25 00:33

ComboFix3.txt  2012-02-24 16:57

.

Vor Suchlauf: 13 Verzeichnis(se), 11.048.517.632 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 11.923.144.704 Bytes frei

.

- - End Of File - - EF737E0523B21D0E32798225EDEAC404

--- --- ---

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

erstmal danke für deine hilfe!

gmer lässt sich leider nicht mehr ausführen, da ich ein ~3 minuten einen bluescreen erhalte.
ich habe vor mir eine neue festplatte zu kaufen und im zuge dessen auch gleich mit mit betriebssystem auf 64 bit updaten.

meine frage wäre noch; natürlich habe ich noch viele wichtige daten auf meiner alten festplatte,...
kann ich diese dann bedenklos an das neu installierte system hängen um mir meine daten auf die neue platte zu kopieren?

Wenn du formatieren willst, habe ich da keine Einwände.

Hoffe dir ist der unterschied zwischen einem 32 und 64 bit OS bekannt.

Ich würde die Externe Platte vorher gründlich mit ein paar Online Scannern durchchecken.
Wenn dir was nicht klar ist, poste die Berichte einfach hier. Nicht alles was gefunden wird, ist wirklich Malware.

Externe Medien nach Infektion und Neuinstallation checken(by Petra)

Der wesentliche Trick bei der Desinfizierung der externen Laufwerke und Sticks besteht darin, dass sie richtig angeschlossen werden müssen. Auf ihnen ist (falls infiziert) eine Datei autorun.inf gespeichert, in der ein Befehl steht, der beim Anschluss ausgeführt wird. Der startet normalerweise eine Datei von dem externen Laufwerk.

Dieser Autorun-Mechanismus wird unterdrückt, wenn Du beim Anschließen des Laufwerks die Shift-Taste (auf Deutsch: die Umschalttaste für die Großbuchstaben) gedrückt hälst. Ich empfehle, dass zur Gewohnheit zu machen. Funktioniert auch beim Einlegen von CDs/DVDs und kann dort schon mal die Installation eines Rootkitkopierschutzes verhindern. Autorun lässt sich in Windows auch deaktivieren: Schau mal hier. Dann brauchst Du nicht ans Tastedrücken denken.

Jedes externe Laufwerk nacheinander anschließen (mit Shift). Wenn infiziert gibt es dort im Hauptverzeichnis eine autorun.inf. Ist eventuell versteckt, kann aber mit den Exploreroptionen von hier sichtbar gemacht werden. Die autorun.inf im Editor öffnen. Da steht drin, was ausgeführt werden soll. Diese ausführbare Datei (meist mit den Endungen .vbs oder .exe) auf dem Laufwerk suchen und löschen, danach die autorun.inf ebenfalls löschen.

Anleitungen: XP Pro - XP Home - Vista (deutsch) - Vista (english).

Anschließend die externen Medien mit mindestens zwei Online-Scannern aus dieser Anleitung durchchecken lassen.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen