Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet (https://www.trojaner-board.de/115028-google-redirect-virus-suchergebnissen-immer-rocketnews-com-weitergeleitet.html)

SebastianW 11.05.2012 17:40
Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet
 
Hallo Trojaner Board,

jetzt ist es zum ersten mal auch bei mir passiert. Mein Computer hat sich mit dem Google redirect Virus infiziert.

Ich benutze immer den Mozilla Firefox zum surfen. Seit Mittwoch habe ich das Problem, dass jedes oder jedes zweite Suchergebnis erst auf rocketnews.com weitergeleitet wird (im Tab ist dann ein weisses Feld aber in der Browseradresse steht dann halt rocketnews.com=mein Suchergebnis. Dann dauert es eine Weile und ich werde auf irgendwelche Seiten gelenkt, die ich gar nicht angeklickt habe! Meistens sind es irgendwelche "harmlosen" Werbungen von Sim Karten zu bestellen oder auch manchmal ist es die Startseite von rocketnews.com

Wenn ich dann nach rocketnews.com google, also es oben rechts in der Suchmaschine eingebe, dann komme ich sofort auf die Microsoft Support Seite und die zeigt mir dann folgendes an:

-------------------------------------------------------------------------
Wichtiger Hinweis für alle Benutzer von Windows XP Service Pack 3 (SP3): Der Support für dieses Produkt endet am 8. April 2014. Sie müssen dann eine neuere Windows-Version, wie beispielsweise Windows 7 verwenden, um auch weiterhin Sicherheitsupdates zu erhalten.

Weitere Informationen finden Sie unter: Support endet für einige Windows-Versionen.

Artikel-ID: 827315 - Geändert am: Freitag, 13. Januar 2012 - Version: 1.0
Unerklärliches Verhalten von Windows oder die Software kann durch betrügerische Software verursacht werden
--------------------------------------------------------------------------

normalerweise zeigt google erst die Suchergebnisse an und nicht sofort eine Seite?!?!?


Auch habe ich bemerkt, dass mein Windows Sicherheitsdienst deaktiviert sei. Wenn ich den wieder aktivieren will dann kommt da eine Fehlermeldung. "Der Windows Sicherheitsdienst kann nicht gestartet werden"

Antivir und Malwarebytes Anti Malware habe ich schon drüberlaufen lassen. Die haben aber nichts gefunden...

Ich hab dann gestern Nacht mich hier mal schlau gelesen und eure Schritt für Schritt Anleitung befolgt.

Hier sind meine Logfiles:

dds.txt
Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Sebastian Wirtz at 23:39:56 on 2012-05-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3326.1908 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
B:\Program Files\WeGame\WGClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Gigabyte\ET6\GUI.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Steganos Password Manager Toolbar: {9c65d12d-cf9d-454d-8049-61965d8c6fff} - c:\program files\steganos password manager 12\SPMIEToolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CmCardRun] c:\windows\system32\CmWatch.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRunOnce: [EasyTuneVI] c:\program files\gigabyte\et6\ETCall.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\omsiad~1.lnk - c:\program files\omsi addon manager\OMSI Addon Manager.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to iPhone Converter - c:\users\sebastian wirtz\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {024538B9-3F39-49FF-9503-975F743210FA} - {9C65D12D-CF9D-454d-8049-61965D8C6FFF} - c:\program files\steganos password manager 12\SPMIEToolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{07C73EF2-DF58-4AF4-8971-DEA026DD3885} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{43B9731C-3358-465A-BCEB-DBC2FDD4DA4E} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{43B9D79D-4929-4659-B5F7-CE2EB24BE78A} : NameServer = 10.129.32.1 10.111.81.129
TCP: Interfaces\{8F9B0AE2-7D53-4C11-8E75-524AF10D26CD} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\hzj3d2ey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.simforum.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpFv530.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sebast~1\appdata\roaming\mozilla\plugins\NpFv530.dll
FF - plugin: c:\users\sebast~1\appdata\roaming\mozilla\plugins\NpFv530.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\plugins\NpFv530.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - acbbaa260000000000001c6f6587bf84
FF - user.js: extensions.BabylonToolbar_i.hardId - acbbaa260000000000001c6f6587bf84
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:00:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-12-13 13184]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-5-3 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-16 218688]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-7-28 291840]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-5-3 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-3 269480]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-3 66616]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2011-5-3 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2358656]
R2 WeGameClientService;WeGame Client Service;b:\program files\wegame\wgclientservice.exe [2011-10-30 18472]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-9-17 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-29 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2010-3-12 36864]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2011-5-3 24944]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-12-13 73216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-3 278560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe [2011-12-13 224096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-5-3 101904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2011-5-8 17488]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-12-13 11136]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-12-27 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-12-13 90112]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2011-12-13 26624]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2011-12-13 181760]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 129976]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-12-27 155320]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-24 52224]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-13 48512]
.
=============== Created Last 30 ================
.
2012-05-08 19:44:21 -------- d-----w- c:\users\***\appdata\local\{E743EE80-721B-43E8-BFA9-C6B00EABE313}
2012-05-08 19:43:57 -------- d-----w- c:\users\*** \appdata\local\{127D2058-475F-4810-A9B8-1256B70F1D66}
2012-05-08 19:31:22 -------- d-----w- c:\users\***\appdata\local\{56C08BB7-FEB8-49AB-8E4A-5F7AA41814B9}
2012-05-08 19:31:05 -------- d-----w- c:\users\***\appdata\local\{CCF4C2D8-7493-453A-A806-FBA703DA120E}
2012-05-08 09:58:20 -------- d-----w- c:\users\***\appdata\local\{A1CE1D5E-9757-4C67-8EA0-57DB345555D5}
2012-05-08 09:58:03 -------- d-----w- c:\users\***\appdata\local\{C267EFC7-54EF-4E3E-A7E1-D9A9D289BD6A}
2012-05-07 17:24:09 -------- d-----w- c:\users\***\appdata\local\{EB796AF1-6DB4-4AAF-BAA3-8C9E3CA274AB}
2012-05-07 17:23:46 -------- d-----w- c:\users\***\appdata\local\{7B485813-D318-40D5-9E71-2FF8A7B1EE4D}
2012-05-06 23:12:06 -------- d-----w- c:\users\***\appdata\local\{3AE4FAF1-69E6-4A4A-9F91-D27337BBAFC1}
2012-05-06 23:11:48 -------- d-----w- c:\users\***\appdata\local\{9F4183CE-B924-4BEB-A16E-387C95516758}
2012-05-06 09:59:02 -------- d-----w- c:\program files\Microsoft
2012-05-06 09:58:11 -------- d-----w- c:\users\***\appdata\local\{2FBA9F0B-18BE-4257-859C-D367BAA5CC2A}
2012-05-06 09:57:47 -------- d-----w- c:\users\***\appdata\local\{68056A69-6E98-4B87-B0ED-C499B699F813}
2012-05-06 09:41:46 -------- d-----w- c:\users\***\appdata\local\{22981FB1-4AA9-4507-8545-C178D00425D4}
2012-05-06 09:41:29 -------- d-----w- c:\users\***\appdata\local\{7DBB0CD4-A660-459A-97A8-810AB994CAA8}
2012-05-05 19:56:06 -------- d-----w- c:\users\***\appdata\local\{1E4568FF-D593-4EE4-BD53-F05508807BF5}
2012-05-05 19:55:50 -------- d-----w- c:\users\***\appdata\local\{E432B964-8B03-44EC-ABCB-ED2207EF7010}
2012-05-05 17:24:28 147456 --sha-r- c:\windows\system32\KBDSORS1Z.dll
2012-05-05 10:19:54 -------- d-----w- c:\users\***\appdata\local\{94255DB9-AAFE-4C77-BD17-684EB1416DC8}
2012-05-05 10:19:36 -------- d-----w- c:\users\***\appdata\local\{4AD83AAB-92AD-47FD-86D1-4D6E1A64D180}
2012-05-04 20:45:10 -------- d-----w- c:\users\***\appdata\local\{5AFACC52-4D78-4544-AA9A-86574449B4A3}
2012-05-04 20:44:56 -------- d-----w- c:\users\***\appdata\local\{896C1CFB-0C8D-4E5C-8974-EFCBEB349ECA}
2012-05-04 10:40:40 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{928593b5-9c99-4f39-9475-32af45abcc6d}\mpengine.dll
2012-05-04 10:37:25 -------- d-----w- c:\users\***\appdata\local\{9283D59D-7B14-4AEF-A8C2-1A755B33EB65}
2012-05-04 10:36:59 -------- d-----w- c:\users\***\appdata\local\{54FCB7E8-A8F9-4EC8-818B-A1D8CB8B11AF}
2012-05-03 19:27:38 -------- d-----w- c:\users\***\appdata\local\{9995021B-4B7A-474C-BEA1-1A851A9175FC}
2012-05-03 11:18:25 -------- d-----w- c:\users\***\appdata\local\{5C119646-0146-4C72-8C6D-6EB079055331}
2012-05-03 11:18:11 -------- d-----w- c:\users\***\appdata\local\{5EBE7FBD-8793-4B44-AED1-417F98DEEAB1}
2012-05-02 09:55:29 -------- d-----w- c:\users\***\appdata\local\{E5EA879F-5ABD-40F9-9278-2640EA36C4F7}
2012-05-02 09:55:10 -------- d-----w- c:\users\***\appdata\local\{467418A1-4FA2-48B0-BBD6-9AD2C01951F8}
2012-05-01 21:47:06 -------- d-----w- c:\users\***\appdata\local\{836D36F3-A6A3-432C-B92F-CE03B301C1E1}
2012-05-01 21:46:50 -------- d-----w- c:\users\***\appdata\local\{C411CBD3-467D-41D1-AB56-8064C29674A0}
2012-05-01 12:50:20 -------- d-----w- c:\users\***\appdata\local\{C9A30B11-F81D-4588-B511-DE57A28A6976}
2012-04-30 23:54:51 -------- d-----w- c:\users\***\appdata\local\{8BBB67BE-597B-4DB1-813A-B73693A7DA08}
2012-04-30 20:54:08 -------- d-----w- c:\users\***\appdata\local\{FDC6AF1A-EC32-4828-B25C-AC3346E16587}
2012-04-30 20:53:54 -------- d-----w- c:\users\***\appdata\local\{A7735A53-2D16-4C4C-BB17-B9EF0413A3F8}
2012-04-30 20:48:09 -------- d-----w- c:\programdata\OMSI AM
2012-04-30 20:48:05 -------- d-----w- c:\users\***\appdata\local\OMSI AM
2012-04-30 20:48:04 -------- d-----w- c:\program files\OMSI Addon Manager
2012-04-30 20:14:30 -------- d-----w- c:\program files\Verkehrs Gigant GOLD
2012-04-30 13:56:25 -------- d-----w- c:\program files\Aerosoft
2012-04-30 13:54:04 -------- d-----w- c:\users\***\appdata\local\{F1963EDB-39A4-40E2-8F4E-5B737FC87A1C}
2012-04-30 13:53:46 -------- d-----w- c:\users\***\appdata\local\{39FD7491-CACC-447F-A894-B3503591975E}
2012-04-29 21:36:23 -------- d-----w- c:\users\***\appdata\local\{D0669663-3BD8-4F22-B41F-F29874CEEBD4}
2012-04-29 20:12:20 -------- d-----w- c:\users\***\appdata\local\{5438B1FD-6B1F-4239-8EA4-3F3BE1B407A7}
2012-04-29 20:11:58 -------- d-----w- c:\users\***\appdata\local\{92511927-9015-485B-9BC4-2AEED6CF1F56}
2012-04-29 18:54:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-29 18:54:42 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-29 18:54:42 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-29 18:51:53 -------- d-----w- c:\users\***\appdata\local\{9B5F7DB5-3F32-453A-9505-52AECE1420AE}
2012-04-29 18:51:40 -------- d-----w- c:\users\***\appdata\local\{19A00583-1FEC-4211-A6F4-6C13DE15B88D}
2012-04-26 20:51:11 -------- d-----w- c:\users\***\appdata\local\{BFA9EA57-247A-4BF7-BBA2-8ABBEF6DC718}
2012-04-26 20:50:53 -------- d-----w- c:\users\***\appdata\local\{F68A8211-7D3D-4FBE-9B27-9849344CCDEF}
2012-04-25 20:26:31 -------- d-----w- c:\users\***\appdata\local\{31994863-DB7A-41EB-83C2-B614EEEA0EAF}
2012-04-25 20:26:19 -------- d-----w- c:\users\***\appdata\local\{58E20D62-617E-4BD0-940F-F7CBAD081014}
2012-04-25 07:57:13 -------- d-----w- c:\users\***\appdata\local\{75F90984-C061-438E-BAC0-50579559AEEF}
2012-04-25 07:56:56 -------- d-----w- c:\users\***\appdata\local\{79A399D0-FE86-4B2C-9C4B-E9549F426988}
2012-04-24 18:38:40 -------- d-----w- c:\users\***\appdata\local\{BEA040F8-C290-4051-85F3-97B388FD9F5F}
2012-04-24 18:38:15 -------- d-----w- c:\users\***\appdata\local\{ECDA9FD8-6935-4038-8A59-C38F5C60BB04}
2012-04-24 14:24:24 -------- d-----w- c:\users\***\appdata\local\{3E98D8A7-AED7-4856-A4D1-32E41EE6BF77}
2012-04-24 14:23:46 -------- d-----w- c:\users\***\appdata\local\{CE4CEB34-717C-4C5B-957D-2400274D5A81}
2012-04-24 13:28:19 -------- d-----w- c:\users\***\appdata\local\{6CDFBC41-CBBA-47C3-8166-AEAD7EE05940}
2012-04-24 09:24:41 -------- d-----w- c:\users\***\appdata\local\{E9F2CE31-4BA2-46F1-A114-EF29F3859E5C}
2012-04-24 09:24:27 -------- d-----w- c:\users\***\appdata\local\{6ED4466A-50A8-481F-AE80-CFB7F1CA6062}
2012-04-23 22:14:22 -------- d-----w- c:\programdata\Synetic
2012-04-23 20:38:17 -------- d-----w- c:\users\***\appdata\local\{A9DA4409-0DE9-4A3A-A73A-EE2097887EB1}
2012-04-23 20:38:04 -------- d-----w- c:\users\***\appdata\local\{3E1D5585-BC36-4636-A377-E9996428AE0E}
2012-04-23 20:13:18 -------- d-----w- c:\users\***\appdata\local\{3101CFB3-F6AC-4A90-934E-2B77AEE38AC5}
2012-04-23 20:13:06 -------- d-----w- c:\users\***\appdata\local\{771AE7AC-03D7-449D-8D52-7D01C368AE62}
2012-04-22 21:08:43 -------- d-----w- c:\users\***\appdata\local\{13065B62-85EB-4F5E-B7DB-05EE8D2D0BF0}
2012-04-22 21:08:30 -------- d-----w- c:\users\***\appdata\local\{6B53E625-86EB-4A2B-A769-35BF7A5D19BE}
2012-04-22 18:14:11 -------- d-----w- c:\program files\JDownloader
2012-04-22 15:37:37 -------- d-----w- c:\users\***\appdata\local\{B8900D9F-E1DD-4DB0-A980-2ECA41619F9E}
2012-04-22 15:37:09 -------- d-----w- c:\users\***\appdata\local\{DA4BEC27-B6F6-4090-BA9B-9EE075A8C7B1}
2012-04-22 10:20:09 -------- d-----w- c:\program files\SystemRequirementsLab
2012-04-22 10:10:45 -------- d-----w- c:\users\***\appdata\local\{40C2AFB4-865F-4B71-93B3-C8B1B5768A85}
2012-04-22 10:10:32 -------- d-----w- c:\users\***\appdata\local\{EC9AA8FA-06FE-49A7-B4DB-861EE0E1505F}
2012-04-21 10:24:55 -------- d-----w- c:\users\***\appdata\local\{4211F51A-9D90-408D-BACA-8CF80E2324DF}
2012-04-21 10:24:42 -------- d-----w- c:\users\***\appdata\local\{571C918A-D68F-49F6-A6E1-DE89AD468584}
2012-04-20 20:29:34 -------- d-----w- c:\users\***\appdata\local\{09D51784-140F-44C4-B29B-66825C5FDDFF}
2012-04-20 20:29:21 -------- d-----w- c:\users\***\appdata\local\{D321E5CF-26D0-4B89-AAFA-B55EC960AFD1}
2012-04-18 20:53:41 -------- d-----w- c:\users\***\appdata\local\{48622396-515F-4687-933E-C485DDF27C12}
2012-04-18 20:53:19 -------- d-----w- c:\users\***\appdata\local\{A9759F10-3128-4DFA-8393-08E7135F9A1D}
2012-04-18 18:56:03 -------- d-----w- c:\users\***\appdata\local\{FBC30AFB-9AE2-4376-8CB5-D265FA5499AA}
2012-04-18 18:55:37 -------- d-----w- c:\users\***\appdata\local\{2DA7096E-F349-4C7A-927C-BB93160D3B4E}
2012-04-17 19:55:34 -------- d-----w- c:\users\***\appdata\local\{2281174C-E4C2-45B8-B754-B02284041C76}
2012-04-17 19:55:21 -------- d-----w- c:\users\***\appdata\local\{38187138-A5DE-451F-B602-7BEA6B1402EF}
2012-04-16 20:15:23 -------- d-----w- c:\users\***\appdata\local\{5DE81053-FCD0-4563-A798-6F766BF274DE}
2012-04-16 20:15:10 -------- d-----w- c:\users\***\appdata\local\{68C290F8-5CD8-42BE-9454-CF3AFDEE42AD}
2012-04-15 20:47:34 -------- d-----w- c:\users\***\appdata\local\{CB43B834-534E-4EC1-B936-D0DC06A1A110}
2012-04-15 20:47:22 -------- d-----w- c:\users\***\appdata\local\{8F088DC8-966B-4697-82A5-F7AB2992DF27}
2012-04-15 20:46:53 -------- d-----w- c:\users\***\appdata\local\{FEC4887B-3402-4446-9521-98C958D394F1}
2012-04-15 18:46:55 -------- d-----w- c:\users\***\appdata\local\{99EAAFBC-6E2D-4304-884D-9761664F35C7}
2012-04-15 15:18:26 -------- d-----w- c:\users\***\appdata\local\{0BB0C35D-CD4D-4E9C-B9B6-AD03D0456C25}
2012-04-15 13:10:14 -------- d-----w- c:\users\***\appdata\local\{8863D9E9-7472-45D4-BCC2-14612ADD559B}
2012-04-15 13:10:00 -------- d-----w- c:\users\***\appdata\local\{B9E301D2-8F73-4430-81AE-7790441C1B01}
2012-04-15 08:13:56 -------- d-----w- c:\users\***\appdata\local\{23D47A90-6BA0-4430-9C57-3631C6CE416D}
2012-04-15 08:13:44 -------- d-----w- c:\users\***\appdata\local\{EEF90904-FFE2-4CCD-B538-DC67497E0950}
2012-04-14 14:01:49 -------- d-----w- c:\users\***\appdata\local\{DC50A8FF-02BA-4171-8201-31B05ED8329B}
2012-04-14 14:01:33 -------- d-----w- c:\users\***\appdata\local\{43D79B80-63D2-44F0-87FE-1B987DC7EF2E}
2012-04-13 18:40:33 -------- d-----w- c:\users\***\appdata\local\Bus Simulator 2012
2012-04-13 15:25:52 -------- d-----w- c:\users\***\appdata\local\{4A6CFC23-8A88-43D1-881D-55B4781B5D42}
2012-04-13 15:25:29 -------- d-----w- c:\users\***\appdata\local\{6C7822DC-9456-402B-B36E-CF23D880536C}
2012-04-12 18:56:18 -------- d-----w- c:\users\***\appdata\local\{26187CEC-CFAD-4F5C-AAA7-85BD3B90DE71}
2012-04-12 18:56:06 -------- d-----w- c:\users\***\appdata\local\{133C9910-164D-42F7-8083-E90447A4D18D}
2012-04-12 16:08:55 -------- d-----w- c:\users\***\appdata\local\{AEC812D3-7A1C-44B3-96B3-CA7B7B58173D}
2012-04-12 16:08:29 -------- d-----w- c:\users\***\appdata\local\{C502C0C6-524B-4746-B161-722A9C03FCE7}
2012-04-11 20:41:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:41:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:41:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:41:04 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:40:43 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 20:40:43 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 17:47:04 -------- d-----w- c:\users\***\appdata\local\{F45F27B2-E4B5-4C32-9F72-E33C8C55441C}
2012-04-10 16:00:36 -------- d-----w- c:\users\***\appdata\local\{78B9B45A-8094-4353-9698-1EB90CB5504C}
2012-04-10 16:00:13 -------- d-----w- c:\users\***\appdata\local\{913BA59F-7B43-4D45-98BD-36F3A2FD8B6E}
2012-04-09 09:28:02 -------- d-----w- c:\users\***\appdata\local\{167E6C13-DF50-4CBB-B7F3-E8BF04A7AA65}
2012-04-09 09:27:49 -------- d-----w- c:\users\***\appdata\local\{FE3DB5D0-FD16-495F-ACD2-AE588D611F19}
.
==================== Find3M ====================
.
2012-05-08 19:43:23 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-05-08 19:43:06 17488 ----a-w- c:\windows\gdrv.sys
2012-05-05 13:08:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 13:08:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 12:17:37 17488 ----a-w- c:\windows\etdrv.sys
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 21:24:19 715038 ----a-w- c:\windows\unins000.exe
2012-02-29 19:21:24 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
============= FINISH: 23:40:38,34 ===============


attach.txt.

Zitat:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03.05.2011 15:51:38
System Uptime: 08.05.2012 21:42:01 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-D3L
Processor: AMD Athlon(tm) II X4 640 Processor | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is FIXED (NTFS) - 465 GiB total, 172,376 GiB free.
C: is FIXED (NTFS) - 466 GiB total, 315,805 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
@BIOS
18 Wheels of Steel: American Long Haul
Abloadtool
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.0.1) - Deutsch
Alan Wake
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2 REINFORCEMENTS Uninstall
ArmA2 Uninstall
ATI AVIVO Codecs
ATI Problem Report Wizard
Audacity 1.2.6
AutoGreen B10.0525.1
Avanquest update
Avira AntiVir Personal - Free Antivirus
Babylon toolbar on IE
Badoo Desktop
BattlEye for OA Uninstall
BattlEye Uninstall
Bonjour
Browser Configuration Utility
Bus- & Cable Car-Simulator
Bus-Simulator 2012
C-Media USB Mass Storage Driver
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
Cities in Motion
CL-Eye Driver
Cobra 11 - Highway Nights (remove only)
Command & Conquer 3
Command & Conquer™ 3: Kanes Rache
Crysis 2 German Patch Installation 1.00
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
Dead Island MULTI-7 Untertitel-Patch Incl. Patch & Crack 1.2.0 für die UNLOCKED Version 1.00
Debut Video Capture Software
Die Sims 2
Die Sims 2: Family Fun - Accessoires
Die Sims 2: Nightlife
Die Sims 2: Wilde Campus-Jahre
Die Sims™ 2 Apartment-Leben
Die Sims™ 2 Freizeit-Spaß
Die Sims™ 2 Gute Reise
Die Sims™ 2 H&M®-Fashion-Accessoires
Die Sims™ 2 Haustiere
Die Sims™ 2 IKEA® Home-Accessoires
Die Sims™ 2 Vier Jahreszeiten
Die Sims™ 2 Villen- und Garten-Accessoires
Die Sims™ 3
Die Sims™ 3 Einfach tierisch
Die Sims™ 3 Late Night
Die Sims™ 3 Lebensfreude
Die Sims™ 3 Reiseabenteuer
Die Sims™ 3 Traumkarrieren
Driver San Francisco
Easy Tune 6 B10.0728.1
EasySaver B9.1214.1
Evil Genius
F1 2011
Flatcast Viewer Plugin 5.3.0.784
Fraps
Free Audio CD Burner version 1.4.8
Free Audio Converter version 5.0.3.1206
Free Video to iPod Converter version 4.2.19.426
Free YouTube to iPhone Converter version 2.10.33.426
Free YouTube to MP3 Converter version 3.10.6.727
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
GTR Evolution
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HydraVision
ICQ7.5
Internet Manager
IrfanView (remove only)
iTunes
Jagged Alliance Back in Action Demo Version 1.0
Java Auto Updater
Java(TM) 6 Update 29
JDownloader 0.9
Lexmark 1200 Series
Logitech Gaming Software
LogMeIn Hamachi
Malwarebytes Anti-Malware Version 1.61.0.1400
Mass Effect
Mass Effect 2
Mass Effect™ 3
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MouseConnect Tool
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyPhoneExplorer
NAVIGON Fresh 3.3.2
Need for Speed: The Run
Nero 8
neroxml
NVIDIA PhysX
OMSI - Der Omnibussimulator
OMSI Addon Manager Version 1.2.4
ON_OFF Charge B10.0427.1
OpenAL
PunkBuster Services
QuickTime
Rapture3D 2.4.9 Game
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3
Runaway - A road adventure 1.00
RUNAWAY 2 - The dream of the turtle
RUNAWAY: A TWIST OF FATE
Saints Row: The Third
Sam & Max All-Zeit Bereit
Screenshot Captor 2.102.01
Screets 3
SecondLife (remove only)
SecondLifeViewer (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
shopping-preise.de - AddOn für Firefox
SimCity™ Societies
SimCity™ Societies Reisewelten
simfy
Sims 2 Album 0.8.2
Sony Ericsson Update Engine
Sony PC Companion 2.10.053
Steam
Steganos Password Manager 12
Stellarium 0.10.6.1
Streamripper (Remove only)
System Requirements Lab CYRI
TeamViewer 6
The Guild 2 - Renaissance
The Movies(TM)
The Movies(TM) Stunts & Spezialeffekte
The Sims 2 Open For Business
TheMovies Directors Cut
TMDC Tutorials Tools Extras
Tropico 3 1.00
Tropico 4 1.00
Ubisoft Game Launcher
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VCRedistSetup
Verkehrs Gigant GOLD
VLC media player 1.1.11
W&G - Lizenz zum Putten!
Warhammer® 40,000™: Dawn of War® II
WeGame Client 2.4.3.0
Winamp
Winamp Erkennungs-Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-Bit)
Xfire (remove only)
Yahoo! Detect
.
==== End Of File ===========================

Und die gmer.txt
Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-09 11:30:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80
Running: o4s8rx4c.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\uglyauoc.sys


---- System - GMER 1.0.15 ----

SSDT 8EC5387E ZwCreateSection
SSDT 8EC53883 ZwSetContextThread
SSDT 8EC5381F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83443359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8347CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83483ECC 4 Bytes [7E, 38, C5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8348426C 4 Bytes [83, 38, C5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 83484344 4 Bytes [1F, 38, C5, 8E]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9E430000, 0x39CB05, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x83179300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x831E6300, 0x1BEE, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B301F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B301F123 629 Bytes [A5, 01, B3, FE, 05, 34, A5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B301F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B301F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B301F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502603
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502603@8400d29d168b 0x52 0xE1 0x63 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd502603@8400d22e4948 0xF3 0x60 0xA2 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502603 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502603@8400d29d168b 0x52 0xE1 0x63 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd502603@8400d22e4948 0xF3 0x60 0xA2 0xE9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 670
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlModified 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlErrors 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlRetries 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671@CrawlType 5
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\671@LogStartAddId 5
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\5@CrawlNumberInProgress 671

---- EOF - GMER 1.0.15 ----

Schonmal jetzt ein grosses Dankeschön an alle Helfer ;)

markusg 12.05.2012 19:06
hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

SebastianW 12.05.2012 22:43
So ich musste ich die OTL.txt und die Extra.txt anhängen, da die zu gross waren.

markusg 14.05.2012 17:16
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2012.05.05 19:24:28 | 000,147,456 | RHS- | M] () -- C:\Windows\System32\KBDSORS1Z.dll
[2012.05.05 19:24:28 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Ukildao.job
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

SebastianW 17.05.2012 11:54
Hallo markusg,

hier der Inhalt des Textdokumentes

Code:
All processes killed
========== OTL ==========
C:\Windows\System32\KBDSORS1Z.dll moved successfully.
C:\Windows\Tasks\Ukildao.job moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56466 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Flash cache emptied: 60998 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 33750740 bytes
->Temporary Internet Files folder emptied: 83733931 bytes
->Java cache emptied: 295961 bytes
->FireFox cache emptied: 65000237 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141282808 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 311,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05172012_123416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Noch eine kurze Frage. Soll ich den Inhalt des Textdokumentes auch hochladen in den Upload Channel? Der Upload der gezippen MovedFiles hat problemlos geklappt.

markusg 22.05.2012 18:54
sehr gut
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SebastianW 27.05.2012 18:40
Hallo,

Hier die Combofix.txt

Code:
ComboFix 12-05-27.02 - *** 27.05.2012  18:48:44.1.4 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3326.1983 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\auth.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\burnlib.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\dsp_sps.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_fhgaac.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_flac.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_lame.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_vorbis.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_wav.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\enc_wma.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_classicart.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_crasher.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_ff.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_find_on_disk.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_hotkeys.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_jumpex.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_ml.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_nopro.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_orgler.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_skinmanager.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_timerestore.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_tray.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\gen_undo.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_avi.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_cdda.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_dshow.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_flac.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_flv.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_linein.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_midi.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_mkv.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_mod.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_mp3.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_mp4.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_nsv.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_swf.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_vorbis.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_wav.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_wave.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_wm.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\in_wv.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_addons.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_autotag.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_bookmarks.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_devices.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_disc.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_downloads.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_enqplay.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_history.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_impex.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_local.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_nowplaying.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_online.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_orb.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_playlists.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_plg.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_pmp.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_rg.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_transcode.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ml_wire.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\ombrowser.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\out_disk.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\out_ds.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\out_wave.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\playlist.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_activesync.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_android.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_ipod.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_njb.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_p4s.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_usb.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\pmp_wifi.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\tagz.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\vis_avs.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\vis_milk2.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\vis_nsfs.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\winamp.lng
c:\users\SEBAST~1\AppData\Local\Temp\WLZ1DF3.tmp\winampa.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\auth.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\burnlib.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\dsp_sps.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_fhgaac.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_flac.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_lame.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_vorbis.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_wav.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\enc_wma.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_classicart.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_crasher.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_ff.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_find_on_disk.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_hotkeys.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_jumpex.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_ml.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_nopro.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_orgler.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_skinmanager.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_timerestore.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_tray.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\gen_undo.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_avi.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_cdda.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_dshow.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_flac.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_flv.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_linein.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_midi.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_mkv.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_mod.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_mp3.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_mp4.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_nsv.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_swf.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_vorbis.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_wav.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_wave.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_wm.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\in_wv.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_addons.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_autotag.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_bookmarks.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_devices.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_disc.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_downloads.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_enqplay.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_history.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_impex.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_local.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_nowplaying.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_online.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_orb.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_playlists.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_plg.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_pmp.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_rg.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_transcode.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ml_wire.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\ombrowser.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\out_disk.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\out_ds.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\out_wave.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\playlist.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_activesync.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_android.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_ipod.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_njb.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_p4s.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_usb.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\pmp_wifi.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\tagz.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\vis_avs.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\vis_milk2.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\vis_nsfs.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\winamp.lng
c:\users\***\AppData\Local\Temp\WLZ1DF3.tmp\winampa.lng
c:\windows\IsUn0407.exe
c:\windows\PFRO.log
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-27 bis 2012-05-27  ))))))))))))))))))))))))))))))
.
.
2012-05-27 16:59 . 2012-05-27 16:59        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-05-27 16:59 . 2012-05-27 16:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-17 22:40 . 2012-05-17 22:41        --------        d-----w-        c:\users\***\AppData\Local\Google
2012-05-17 22:40 . 2012-05-17 22:40        --------        d-----w-        c:\program files\Google
2012-05-17 10:34 . 2012-05-17 10:46        --------        d-----w-        C:\_OTL
2012-05-11 21:51 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-11 21:51 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 21:51 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 21:51 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 21:51 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 21:51 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-11 21:51 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-11 21:51 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 21:51 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-11 21:51 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-09 13:33 . 2012-05-09 13:50        --------        d-----w-        c:\users\***\AppData\Roaming\calibre
2012-05-09 13:33 . 2012-05-09 13:33        --------        d-----w-        c:\program files\Calibre2
2012-05-09 12:41 . 2011-04-13 13:38        110992        ----a-w-        c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2012-05-09 12:41 . 2011-04-13 13:38        151952        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2012-05-09 12:41 . 2012-05-09 13:19        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2012-05-09 12:41 . 2012-05-09 13:19        97961        ----a-w-        c:\windows\system32\drivers\klick.dat
2012-05-09 12:40 . 2012-05-27 16:37        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-05-09 12:40 . 2012-05-09 12:40        --------        d-----w-        c:\program files\Kaspersky Lab
2012-05-06 09:59 . 2012-05-06 09:59        --------        d-----w-        c:\program files\Microsoft
2012-05-04 10:40 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{928593B5-9C99-4F39-9475-32AF45ABCC6D}\mpengine.dll
2012-05-02 00:46 . 2012-05-02 00:46        4472832        ----a-w-        c:\windows\system32\GPhotos.scr
2012-04-30 20:48 . 2012-04-30 20:48        --------        d-----w-        c:\programdata\OMSI AM
2012-04-30 20:48 . 2012-04-30 20:48        --------        d-----w-        c:\users\***\AppData\Local\OMSI AM
2012-04-30 20:48 . 2012-04-30 20:48        --------        d-----w-        c:\program files\OMSI Addon Manager
2012-04-30 20:14 . 2012-04-30 20:17        --------        d-----w-        c:\program files\Verkehrs Gigant GOLD
2012-04-30 13:56 . 2012-04-30 13:56        --------        d-----w-        c:\program files\Aerosoft
2012-04-29 18:54 . 2012-04-29 18:54        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-04-29 18:54 . 2012-04-29 18:54        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-29 18:54 . 2012-04-29 18:54        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 09:44 . 2011-05-03 14:50        24944        ----a-w-        c:\windows\system32\drivers\GVTDrv.sys
2012-05-27 09:43 . 2011-05-04 10:08        17488        ----a-w-        c:\windows\gdrv.sys
2012-05-05 13:08 . 2012-04-02 17:38        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-05 13:08 . 2011-05-29 10:07        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 12:17 . 2011-05-07 23:13        17488        ----a-w-        c:\windows\etdrv.sys
2012-04-04 13:56 . 2011-09-23 19:51        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-05 21:24 . 2012-03-05 21:24        715038        ----a-w-        c:\windows\unins000.exe
2012-03-01 05:46 . 2012-04-11 20:41        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 20:41        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 20:41        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 20:41        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 19:21 . 2012-02-29 19:21        42392        ----a-w-        c:\windows\system32\xfcodec.dll
2012-02-28 05:38 . 2012-04-11 17:56        981504        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-11 17:56        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-29 18:54 . 2011-05-03 15:18        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-03-14 446136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" [2011-04-13 387696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\Gigabyte\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2011-5-3 845584]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28        124480        ----a-w-        c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 17:10        1688872        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 GVTDrv;GVTDrv; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-03 17488]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-12-13 11136]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-12-27 13224]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-12-13 13184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-16 218688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2010-03-12 36864]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to iPhone Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{43B9D79D-4929-4659-B5F7-CE2EB24BE78A}: NameServer = 10.129.32.1 10.111.81.129
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hzj3d2ey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.simforum.de/
FF - prefs.js: network.proxy.http - 84.41.108.74
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - acbbaa260000000000001c6f6587bf84
FF - user.js: extensions.BabylonToolbar_i.hardId - acbbaa260000000000001c6f6587bf84
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-EADM - c:\program files\Origin\Origin.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-BattlEye for OA - c:\program files\Bohemia Interactive\ArmAExpansion\BattlEye\UnInstallBE.exe
AddRemove-Crysis 2 German Patch Installation 1.00 - b:\program files\Crysis2\Uninstall.exe
AddRemove-Dead Island MULTI-7 Untertitel-Patch Incl. Patch & Crack 1.2.0 für die UNLOCKED Version 1.00 - b:\program files\Black_Box\Dead Island\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a1,a8,fe,60,6c,53,8d,33,47,01,fb,73,26,3e,5f,ce,ca,49,93,f8,c5,10,b9,
  c1,14,96,a8,a9,3c,d6,6d,e8,8b,0a,59,8f,59,18,42,50,06,ff,07,de,40,c5,5a,ff,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\SecuROM\License information*]
"datasecu"=hex:59,15,aa,79,70,fb,a8,f6,48,68,26,a6,01,5e,38,68,c6,31,64,32,b5,
  01,03,a3,05,26,62,5d,9b,3b,9a,7c,a0,47,30,2f,f4,ab,87,a2,6a,c3,3e,6f,06,6b,\
"rkeysecu"=hex:41,36,0c,57,3e,a1,e3,d1,18,7f,44,fe,e5,5d,18,70
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\b:\Program Files\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\b:\Program Files\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\b:\program files\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-3670287685-878628291-3504229498-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\b:\program files\Battlefield 3\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-27  19:10:37
ComboFix-quarantined-files.txt  2012-05-27 17:10
.
Vor Suchlauf: 13 Verzeichnis(se), 330.339.737.600 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 330.238.042.112 Bytes frei
.
- - End Of File - - 213EA6507E334592DFBB9D7D94692FC2


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131