Trojaner-Board - TR/Crypt.XPACK.Gen2 auf meinem PC gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Crypt.XPACK.Gen2 auf meinem PC gefunden (https://www.trojaner-board.de/99940-tr-crypt-xpack-gen2-meinem-pc-gefunden.html)

TR/Crypt.XPACK.Gen2 auf meinem PC gefunden

Hallo,

Avira hat den oben genannten Trojaner auf meinem PC entdeckt. Ich habe daraufhin einen Qucikscan mit Malewarebytes druchgeführt. Anbei die Log-Datei:

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6768
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

04.06.2011 12:56:56

mbam-log-2011-06-04 (12-56-56).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 154089

Laufzeit: 5 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 5
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskn46.dll (Heuristics.Shuriken) -> Delete on reboot.

c:\Users\hubert\psloadwf3.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\Users\hubert\AppData\Local\Temp\9A02.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\Users\hubert\AppData\Local\Temp\B068.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\Users\hubert\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Danach habe ich den PC neu gestartet und Defogger ausgeführt.
Inhalt Log:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 13:21 on 04/06/2011 (hubert)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Danach einen Scan mit OTL gemacht.
Inhalt OTL:

Code:

OTL logfile created on: 04.06.2011 13:27:14 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\hubert\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,07% Memory free

6,19 Gb Paging File | 5,18 Gb Available in Paging File | 83,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 148,59 Gb Free Space | 68,66% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS

 

Computer Name: HUBERT-PC | User Name: hubert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.06.04 13:23:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hubert\Desktop\OTL.exe

PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.04.27 11:00:08 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.20 11:23:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.11.07 17:45:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.28 14:13:05 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe

PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007.11.03 00:49:23 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.06.04 13:23:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hubert\Desktop\OTL.exe

MOD - [2007.11.03 01:25:55 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.04.27 11:00:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.20 11:23:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.03.20 11:23:07 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.11.24 20:55:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)

DRV - [2007.08.01 16:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)

DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)

DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)

DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)

DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.11.19 19:56:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.28 14:13:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.02 18:40:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.25 09:36:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.25 09:36:41 | 000,000,000 | ---D | M]

 

[2008.12.02 19:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hubert\AppData\Roaming\mozilla\Extensions

[2011.05.16 19:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hubert\AppData\Roaming\mozilla\Firefox\Profiles\pjn8vo2u.default\extensions

[2010.05.02 14:28:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hubert\AppData\Roaming\mozilla\Firefox\Profiles\pjn8vo2u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.01.24 11:11:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\hubert\AppData\Roaming\mozilla\Firefox\Profiles\pjn8vo2u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011.05.16 19:30:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\hubert\AppData\Roaming\mozilla\Firefox\Profiles\pjn8vo2u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.10.20 12:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2008.06.11 14:17:17 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com

File not found (No name found) -- 

[2011.05.25 09:36:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll

[2010.10.13 19:15:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2011.05.25 09:36:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.05.25 09:36:39 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml

[2011.05.25 09:36:39 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.05.25 09:36:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.05.25 09:36:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.05.25 09:36:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - Startup: C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.06.04 13:23:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\hubert\Desktop\OTL.exe

[2011.06.04 12:46:26 | 000,000,000 | ---D | C] -- C:\Users\hubert\AppData\Roaming\Malwarebytes

[2011.06.04 12:46:19 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.06.04 12:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.06.04 12:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.06.04 12:46:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.06.04 12:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.06.02 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\hubert\AppData\Roaming\Avira

[2011.05.23 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\hubert\Documents\Privat

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.06.04 13:25:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D493EE9E-A341-4137-A90A-410DF3E58792}.job

[2011.06.04 13:23:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\hubert\Desktop\OTL.exe

[2011.06.04 13:21:35 | 000,000,000 | ---- | M] () -- C:\Users\hubert\defogger_reenable

[2011.06.04 13:20:19 | 000,050,477 | ---- | M] () -- C:\Users\hubert\Desktop\Defogger.exe

[2011.06.04 13:09:00 | 000,002,766 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml

[2011.06.04 13:09:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job

[2011.06.04 13:06:45 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.06.04 13:06:45 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.06.04 13:06:45 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.06.04 13:06:45 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.06.04 13:00:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.06.04 13:00:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.06.04 13:00:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.06.04 13:00:05 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys

[2011.06.04 12:59:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.06.04 12:46:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.05.27 10:01:54 | 000,002,631 | ---- | M] () -- C:\Users\hubert\Desktop\Microsoft Office Word 2007.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.06.04 13:21:35 | 000,000,000 | ---- | C] () -- C:\Users\hubert\defogger_reenable

[2011.06.04 13:20:19 | 000,050,477 | ---- | C] () -- C:\Users\hubert\Desktop\Defogger.exe

[2011.06.04 12:46:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.25 09:36:42 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2010.11.07 17:58:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2010.10.02 18:51:37 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp

[2010.10.02 18:34:19 | 000,179,449 | ---- | C] () -- C:\Windows\hpoins38.dat

[2010.10.02 18:34:19 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat

[2008.03.31 18:41:35 | 000,000,009 | ---- | C] () -- C:\Users\hubert\AppData\Roaming\mdb.bin

[2008.02.27 18:44:23 | 000,020,992 | ---- | C] () -- C:\Users\hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.02.09 16:57:20 | 000,000,094 | ---- | C] () -- C:\Users\hubert\AppData\Local\fusioncache.dat

[2008.01.09 18:18:51 | 000,146,253 | ---- | C] () -- C:\Windows\hpoins18.dat

[2007.12.17 18:23:44 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

[2007.03.01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2006.11.02 17:33:31 | 000,651,112 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:33:31 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,265,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,618,272 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,107,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2006.02.13 13:02:00 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll

[2006.02.09 04:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini

 
 ========== LOP Check ==========

 

[2010.11.07 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\hubert\AppData\Roaming\GoPal Assistant

[2010.10.02 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\hubert\AppData\Roaming\Image Zone Express

[2008.02.23 11:46:32 | 000,000,000 | ---D | M] -- C:\Users\hubert\AppData\Roaming\Printer Info Cache

[2008.10.02 19:15:19 | 000,000,000 | ---D | M] -- C:\Users\hubert\AppData\Roaming\T-Online

[2011.06.04 13:09:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\DMEPeriodicTask.job

[2011.06.04 12:59:13 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.06.04 13:25:01 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D493EE9E-A341-4137-A90A-410DF3E58792}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2008.01.09 16:05:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.06.02 17:44:51 | 000,000,000 | ---D | M] -- C:\Big Fish Games

[2007.12.18 03:10:07 | 000,000,000 | -HSD | M] -- C:\Boot

[2011.06.02 17:49:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2008.07.17 14:56:50 | 000,000,000 | ---D | M] -- C:\Daten_J08_2965_6

[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.01.09 16:01:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2007.12.17 18:24:06 | 000,000,000 | R--D | M] -- C:\DRIVER

[2008.01.09 16:06:52 | 000,000,000 | ---D | M] -- C:\ebay

[2008.01.09 16:06:52 | 000,000,000 | ---D | M] -- C:\FirstSteps

[2007.12.17 18:26:01 | 000,000,000 | ---D | M] -- C:\GDATA

[2007.12.17 18:24:06 | 000,000,000 | R--D | M] -- C:\MANUAL

[2007.12.17 18:30:11 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.09 16:08:54 | 000,000,000 | ---D | M] -- C:\nero

[2007.12.17 18:32:21 | 000,000,000 | ---D | M] -- C:\Off2007HSt

[2009.01.16 19:40:06 | 000,000,000 | ---D | M] -- C:\Oriolus

[2010.10.21 14:07:27 | 000,000,000 | ---D | M] -- C:\Poker

[2011.06.04 12:46:15 | 000,000,000 | R--D | M] -- C:\Programme

[2011.06.04 12:46:18 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2008.01.09 16:01:04 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.06.04 12:48:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2008.11.19 19:55:50 | 000,000,000 | ---D | M] -- C:\temp

[2007.12.18 04:31:03 | 000,000,000 | ---D | M] -- C:\TMP

[2008.01.09 16:04:57 | 000,000,000 | R--D | M] -- C:\Users

[2011.01.17 10:55:34 | 000,000,000 | ---D | M] -- C:\Windows

[2011.02.07 17:15:50 | 000,000,000 | ---D | M] -- C:\WinSV

[2007.12.17 18:18:47 | 000,000,000 | ---D | M] -- C:\x86

[2009.01.10 18:19:15 | 000,000,000 | ---D | M] -- C:\Z09_2965_3

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe

[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe

[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe

[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-15 14:16:22

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Inhalt Extras:

Code:

OTL Extras logfile created on: 04.06.2011 13:27:14 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\hubert\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,07% Memory free

6,19 Gb Paging File | 5,18 Gb Available in Paging File | 83,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 216,41 Gb Total Space | 148,59 Gb Free Space | 68,66% Space Free | Partition Type: NTFS

Drive D: | 107,22 Gb Total Space | 107,13 Gb Free Space | 99,92% Space Free | Partition Type: NTFS

 

Computer Name: HUBERT-PC | User Name: hubert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1"

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2268EF28-284C-483C-8AAA-9C0B65DFF9D7}" = lport=445 | protocol=6 | dir=in | app=system | 

"{43471E16-C5F9-45FF-948A-03F6AB32A025}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{457E59D0-7E57-42D8-9003-A8439883442C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4E38A536-F3E0-4F3F-843E-4897E25F419D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{570B0A12-4ADB-41B3-9CAD-1737F7FC24D3}" = lport=137 | protocol=17 | dir=in | app=system | 

"{633B91F8-103D-46FB-8299-1711AF1C90CA}" = lport=138 | protocol=17 | dir=in | app=system | 

"{6B087543-95D1-4072-A9BA-814EC01B6280}" = rport=138 | protocol=17 | dir=out | app=system | 

"{7F300DEA-6E65-45C0-99D6-A69113B3002E}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9D762D30-D9D7-443D-985F-F0A05BD7A161}" = rport=137 | protocol=17 | dir=out | app=system | 

"{E88B5EDD-7B33-4BA3-9E68-A39CE2ECD721}" = rport=445 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00FF0968-4643-4442-BE07-9E7A0F899A99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{0548584C-23BC-4445-AEA8-845D98CBF1C9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{0B07B4C9-EE84-4C59-A82C-36CBA996D6C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{1251E84F-B3EF-4AC1-B811-86218C149B61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{16B19EDD-EB9E-4449-82EA-A587DF69B051}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{24F4F56E-16E4-4FBF-B5DE-92AD4381AC4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{33B5D942-F85B-498C-B6B6-F17DB69B24CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{40363A62-F90F-44E3-8B3B-827FFD6B223D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{4FB3BD63-7B6C-4537-B8F4-ED5C16445853}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{4FC27D5D-5A76-4270-884E-E1266F1620C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{5F76AA2D-59F1-4E14-A8DB-395788C04840}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{601FBFD9-9BD5-4E83-B2BE-10C10F9EEC1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{6C98E007-7635-4FEC-9369-BE6238FD87DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{6F66F066-8064-43D5-8AF4-6000A67BBCA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{7494F21B-3568-41A1-918D-0D967D2F4CC6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{76F3993A-9C7A-486F-B528-B0183DE5DD40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{7A3A6AAC-7A2A-4348-92D6-7FE379237290}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{7C730DD3-ECC5-46EA-8191-33D9F725A846}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{9C10B84C-148D-44A7-98F9-57CD9ED141F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{A66BB5B6-BBF2-4BE1-B5C6-8BB4167208CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B448D70D-6D01-4B3D-B084-7CDD1ACDE8EC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{BE78E07B-2685-4E37-A181-FD3D1DB48519}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{C03F0103-1A95-43DB-8528-BBDAED7B44F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{CA513758-B007-47C1-979A-C3E54E01D6E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{D8C45C4B-DCD8-47EC-B842-84CB41CCEC60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{DA198E50-6D6B-4785-A1C7-7D189BD7F9A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{DE082770-CFAF-4FA2-A1F9-A64AF7A5CD6F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E8485558-1604-4F9E-B3E8-3FF58204EA6D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{F052ACA3-4A26-4913-AA5D-E3188EFD620F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{FC798A92-48D8-45E5-B598-6E1427A9B1DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{7926CB10-42AC-49D3-9F7F-2556BFDC7E1F}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 

"UDP Query User{1854A5F4-26C5-4178-BFFA-5A2AB3886539}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4D9F101-9C35-477E-88FC-935415CD9916}" = Norton Security Scan

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Big Fish Games Center" = Big Fish Games Center (remove only)

"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)

"Cradle of Rome" = Cradle of Rome (remove only)

"Google Desktop" = Google Desktop

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"Luxor Amun Rising" = Luxor Amun Rising (remove only)

"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Medion GoPal Assistant" = Medion GoPal Assistant 4.03.006

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)

"NVIDIA Drivers" = NVIDIA Drivers

"RealPlayer 6.0" = RealPlayer

"Shop for HP Supplies" = Shop for HP Supplies

"Version 1.1_is1" = Version 1.1

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Vollversion 5.2_is1" = Vollversion 5.2

"Vollversion 5.22_is1" = Vollversion 5.22

"WINZD_is1" = WINZD 2010-12

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04.06.2011 06:26:33 | Computer Name = hubert-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 04.06.2011 06:34:15 | Computer Name = hubert-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 04.06.2011 07:06:45 | Computer Name = hubert-PC | Source = WerSvc | ID = 5007

Description = 

 

[ System Events ]

Error - 09.05.2011 08:47:40 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 09.05.2011 08:47:42 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 09.05.2011 08:47:45 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 09.05.2011 08:47:47 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 09.05.2011 08:47:50 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 09.05.2011 08:47:52 | Computer Name = hubert-PC | Source = cdrom | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

 

Error - 01.06.2011 12:15:19 | Computer Name = hubert-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 01.06.2011 12:39:06 | Computer Name = hubert-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.06.2011 10:44:56 | Computer Name = hubert-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.06.2011 11:19:39 | Computer Name = hubert-PC | Source = Service Control Manager | ID = 7022

Description = 

 

 

< End of report >

Anschließend dann noch Scan mit Gmer. Inhalt Log:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-06-04 13:49:27

Windows 6.0.6000  

Running: jweb50es.exe; Driver: C:\Users\hubert\AppData\Local\Temp\kwlyrpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   8E59BE68                                  ZwOpenProcess

SSDT   8E59BE6D                                  ZwOpenThread
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8DADE340, 0x33F6F7, 0xE8000020]
 

---- EOF - GMER 1.0.15 ----

Was muss ich als nächstes machen, um den PC wieder sauber zu bekommen? Vielen Dank für die Unterstützung.

Zitat:

Avira hat den oben genannten Trojaner auf meinem PC entdeckt.

Log dazu? Einfach nur der Schädlingsname reicht nicht.

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hallo,

anbei die Log-Datei des Vollscans mit Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6797
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

07.06.2011 19:24:07

mbam-log-2011-06-07 (19-24-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|)

Durchsuchte Objekte: 246591

Laufzeit: 45 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Und hier der Bericht aus Avira:

Code:



Avira AntiVir Personal

Erstellungsdatum der Reportdatei: Dienstag, 7. Juni 2011  19:28
 

Es wird nach 2734128 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows Vista

Windowsversion : (plain)  [6.0.6000]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : HUBERT-PC
 

Versionsinformationen:

BUILD.DAT      : 10.0.0.648     31823 Bytes  01.04.2011 18:23:00

AVSCAN.EXE     : 10.0.4.2      442024 Bytes  27.04.2011 09:00:08

AVSCAN.DLL     : 10.0.3.0       56168 Bytes  30.03.2010 10:42:16

LUKE.DLL       : 10.0.3.2      104296 Bytes  08.12.2010 10:28:17

LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 16:22:55

VBASE002.VDF   : 7.11.3.0     1950720 Bytes  09.02.2011 15:20:16

VBASE003.VDF   : 7.11.5.225   1980416 Bytes  07.04.2011 13:55:42

VBASE004.VDF   : 7.11.8.178   2354176 Bytes  31.05.2011 15:54:36

VBASE005.VDF   : 7.11.8.179      2048 Bytes  31.05.2011 15:54:36

VBASE006.VDF   : 7.11.8.180      2048 Bytes  31.05.2011 15:54:36

VBASE007.VDF   : 7.11.8.181      2048 Bytes  31.05.2011 15:54:36

VBASE008.VDF   : 7.11.8.182      2048 Bytes  31.05.2011 15:54:37

VBASE009.VDF   : 7.11.8.183      2048 Bytes  31.05.2011 15:54:37

VBASE010.VDF   : 7.11.8.184      2048 Bytes  31.05.2011 15:54:37

VBASE011.VDF   : 7.11.8.185      2048 Bytes  31.05.2011 15:54:37

VBASE012.VDF   : 7.11.8.186      2048 Bytes  31.05.2011 15:54:37

VBASE013.VDF   : 7.11.8.222    121856 Bytes  02.06.2011 10:27:31

VBASE014.VDF   : 7.11.9.7      134656 Bytes  04.06.2011 13:44:03

VBASE015.VDF   : 7.11.9.42     136192 Bytes  06.06.2011 15:54:23

VBASE016.VDF   : 7.11.9.72     117248 Bytes  07.06.2011 15:54:24

VBASE017.VDF   : 7.11.9.73       2048 Bytes  07.06.2011 15:54:24

VBASE018.VDF   : 7.11.9.74       2048 Bytes  07.06.2011 15:54:24

VBASE019.VDF   : 7.11.9.75       2048 Bytes  07.06.2011 15:54:24

VBASE020.VDF   : 7.11.9.76       2048 Bytes  07.06.2011 15:54:24

VBASE021.VDF   : 7.11.9.77       2048 Bytes  07.06.2011 15:54:24

VBASE022.VDF   : 7.11.9.78       2048 Bytes  07.06.2011 15:54:24

VBASE023.VDF   : 7.11.9.79       2048 Bytes  07.06.2011 15:54:25

VBASE024.VDF   : 7.11.9.80       2048 Bytes  07.06.2011 15:54:25

VBASE025.VDF   : 7.11.9.81       2048 Bytes  07.06.2011 15:54:25

VBASE026.VDF   : 7.11.9.82       2048 Bytes  07.06.2011 15:54:25

VBASE027.VDF   : 7.11.9.83       2048 Bytes  07.06.2011 15:54:25

VBASE028.VDF   : 7.11.9.84       2048 Bytes  07.06.2011 15:54:25

VBASE029.VDF   : 7.11.9.85       2048 Bytes  07.06.2011 15:54:25

VBASE030.VDF   : 7.11.9.86       2048 Bytes  07.06.2011 15:54:25

VBASE031.VDF   : 7.11.9.88       6656 Bytes  07.06.2011 15:54:25

Engineversion  : 8.2.5.12  

AEVDF.DLL      : 8.1.2.1       106868 Bytes  01.08.2010 17:30:32

AESCRIPT.DLL   : 8.1.3.65     1606010 Bytes  01.06.2011 15:54:55

AESCN.DLL      : 8.1.7.2       127349 Bytes  24.11.2010 18:54:59

AESBX.DLL      : 8.2.1.34      323957 Bytes  04.06.2011 10:27:42

AERDL.DLL      : 8.1.9.9       639347 Bytes  25.03.2011 18:11:09

AEPACK.DLL     : 8.2.6.8       557430 Bytes  16.05.2011 17:32:50

AEOFFICE.DLL   : 8.1.1.25      205178 Bytes  04.06.2011 10:27:41

AEHEUR.DLL     : 8.1.2.123    3502456 Bytes  04.06.2011 10:27:41

AEHELP.DLL     : 8.1.17.2      246135 Bytes  23.05.2011 10:02:18

AEGEN.DLL      : 8.1.5.6       401780 Bytes  23.05.2011 10:02:17

AEEMU.DLL      : 8.1.3.0       393589 Bytes  24.11.2010 18:54:51

AECORE.DLL     : 8.1.21.1      196983 Bytes  25.05.2011 07:38:08

AEBB.DLL       : 8.1.1.0        53618 Bytes  13.06.2010 16:53:22

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 10:59:10

AVPREF.DLL     : 10.0.0.0       44904 Bytes  14.01.2010 10:59:07

AVREP.DLL      : 10.0.0.10     174120 Bytes  23.05.2011 10:02:29

AVREG.DLL      : 10.0.3.2       53096 Bytes  07.11.2010 15:45:30

AVSCPLR.DLL    : 10.0.4.2       84840 Bytes  27.04.2011 09:00:08

AVARKT.DLL     : 10.0.22.6     231784 Bytes  08.12.2010 10:28:15

AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  26.01.2010 08:53:25

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53

AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54

NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 13:40:55

RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 12:10:08

RCTEXT.DLL     : 10.0.58.0      98152 Bytes  07.11.2010 15:45:30
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: avguard_async_scan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e2acb24\guard_slideup.avp

Protokollierung.......................: niedrig

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: hoch
 

Beginn des Suchlaufs: Dienstag, 7. Juni 2011  19:28
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NOTEPAD.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TestHandler.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'hpwuSchd2.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\hubert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BD65B3V\info[1].exe'

C:\Users\hubert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BD65B3V\info[1].exe

    [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
 

Beginne mit der Desinfektion:

C:\Users\hubert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BD65B3V\info[1].exe

    [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2

    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a63c49e.qua' verschoben!
 
 

Ende des Suchlaufs: Dienstag, 7. Juni 2011  19:28

Benötigte Zeit: 00:01 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     60 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     59 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise
 
 

Die Suchergebnisse werden an den Guard übermittelt.

Komisch ist, dass Malwarebytes keinen Fund anzeigt und Avira eine Warnung bringt.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Anbei die LOG:

Code:

========== OTL ==========

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_175405

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

anbei der Report von TDSSKiller:

Code:

2011/06/16 17:44:00.0096 2832        TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/16 17:44:00.0456 2832        ================================================================================

2011/06/16 17:44:00.0456 2832        SystemInfo:

2011/06/16 17:44:00.0456 2832        

2011/06/16 17:44:00.0456 2832        OS Version: 6.0.6000 ServicePack: 0.0

2011/06/16 17:44:00.0456 2832        Product type: Workstation

2011/06/16 17:44:00.0456 2832        ComputerName: HUBERT-PC

2011/06/16 17:44:00.0471 2832        UserName: hubert

2011/06/16 17:44:00.0471 2832        Windows directory: C:\Windows

2011/06/16 17:44:00.0471 2832        System windows directory: C:\Windows

2011/06/16 17:44:00.0471 2832        Processor architecture: Intel x86

2011/06/16 17:44:00.0471 2832        Number of processors: 2

2011/06/16 17:44:00.0471 2832        Page size: 0x1000

2011/06/16 17:44:00.0471 2832        Boot type: Normal boot

2011/06/16 17:44:00.0471 2832        ================================================================================

2011/06/16 17:44:07.0065 2832        !crdlk

2011/06/16 17:44:07.0206 2832        Initialize success

2011/06/16 17:44:17.0143 1448        ================================================================================

2011/06/16 17:44:17.0143 1448        Scan started

2011/06/16 17:44:17.0143 1448        Mode: Manual; 

2011/06/16 17:44:17.0143 1448        ================================================================================

2011/06/16 17:44:20.0971 1448        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/06/16 17:44:21.0159 1448        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/06/16 17:44:21.0456 1448        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/06/16 17:44:21.0627 1448        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/06/16 17:44:21.0924 1448        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/06/16 17:44:22.0237 1448        AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/06/16 17:44:23.0362 1448        agp440          (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys

2011/06/16 17:44:24.0143 1448        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/06/16 17:44:24.0721 1448        aliide          (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys

2011/06/16 17:44:25.0081 1448        amdagp          (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys

2011/06/16 17:44:25.0627 1448        amdide          (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys

2011/06/16 17:44:26.0081 1448        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/06/16 17:44:26.0502 1448        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/06/16 17:44:27.0065 1448        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/06/16 17:44:27.0409 1448        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/06/16 17:44:27.0784 1448        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/16 17:44:28.0081 1448        atapi           (0b77f93ab73798f97e8e0a0aa4ccbeef) C:\Windows\system32\drivers\atapi.sys

2011/06/16 17:44:28.0440 1448        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/06/16 17:44:28.0752 1448        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/06/16 17:44:29.0206 1448        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/06/16 17:44:29.0721 1448        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/16 17:44:29.0956 1448        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/06/16 17:44:30.0362 1448        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/06/16 17:44:30.0612 1448        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/06/16 17:44:30.0940 1448        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/06/16 17:44:31.0268 1448        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/06/16 17:44:31.0534 1448        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/06/16 17:44:32.0034 1448        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/06/16 17:44:32.0518 1448        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/16 17:44:32.0846 1448        cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/16 17:44:33.0377 1448        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/06/16 17:44:33.0659 1448        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/06/16 17:44:34.0018 1448        cmdide          (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys

2011/06/16 17:44:34.0424 1448        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys

2011/06/16 17:44:34.0659 1448        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/06/16 17:44:34.0924 1448        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/06/16 17:44:35.0409 1448        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/06/16 17:44:36.0127 1448        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/06/16 17:44:36.0549 1448        Dot4            (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys

2011/06/16 17:44:36.0893 1448        Dot4Print       (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/06/16 17:44:37.0174 1448        dot4usb         (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/06/16 17:44:37.0643 1448        drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/06/16 17:44:38.0174 1448        DslMNLwf        (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys

2011/06/16 17:44:38.0518 1448        dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys

2011/06/16 17:44:38.0815 1448        DXGKrnl         (2d13d9e98caf6321f219b28921af214c) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/16 17:44:39.0284 1448        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/06/16 17:44:39.0737 1448        Ecache          (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys

2011/06/16 17:44:40.0143 1448        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/06/16 17:44:40.0440 1448        fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/06/16 17:44:40.0706 1448        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/16 17:44:40.0987 1448        FET5X86V        (491318d9061e80949988164ef973b315) C:\Windows\system32\DRIVERS\fetnd5bv.sys

2011/06/16 17:44:41.0127 1448        FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys

2011/06/16 17:44:41.0206 1448        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/06/16 17:44:41.0252 1448        Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/06/16 17:44:41.0299 1448        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/16 17:44:41.0346 1448        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/06/16 17:44:41.0409 1448        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/16 17:44:41.0456 1448        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/06/16 17:44:41.0596 1448        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/06/16 17:44:41.0721 1448        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/16 17:44:41.0768 1448        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/06/16 17:44:41.0877 1448        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/06/16 17:44:41.0940 1448        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/16 17:44:41.0987 1448        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/06/16 17:44:42.0096 1448        HTTP            (481b86e8939289f77fbcea1b24cec687) C:\Windows\system32\drivers\HTTP.sys

2011/06/16 17:44:42.0206 1448        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/06/16 17:44:42.0268 1448        i8042prt        (bea9838cd25d36beba3f94386a761d60) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/16 17:44:42.0487 1448        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys

2011/06/16 17:44:42.0659 1448        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/06/16 17:44:42.0737 1448        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/06/16 17:44:43.0081 1448        IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys

2011/06/16 17:44:43.0143 1448        intelide        (4a6b4c4fab7716c869fa9d19ac8ca5a5) C:\Windows\system32\drivers\intelide.sys

2011/06/16 17:44:43.0237 1448        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/16 17:44:43.0315 1448        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/16 17:44:43.0393 1448        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/06/16 17:44:43.0440 1448        IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/06/16 17:44:43.0471 1448        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/06/16 17:44:43.0534 1448        isapnp          (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys

2011/06/16 17:44:43.0581 1448        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/16 17:44:43.0721 1448        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/06/16 17:44:43.0784 1448        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/06/16 17:44:43.0815 1448        JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys

2011/06/16 17:44:43.0862 1448        kbdclass        (c9b0cf786d5f151a43c7be8e243f2819) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/16 17:44:43.0909 1448        kbdhid          (97ab2fb84e8e77d93cee85550f4cf7f9) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/06/16 17:44:44.0034 1448        KSecDD          (b6fac1ff7d4a05c06da9e53dbf5e9e7a) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/16 17:44:44.0159 1448        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/16 17:44:44.0237 1448        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/06/16 17:44:44.0299 1448        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/06/16 17:44:44.0331 1448        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/06/16 17:44:44.0393 1448        luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/06/16 17:44:44.0487 1448        MBAMProtector   (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys

2011/06/16 17:44:44.0971 1448        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/06/16 17:44:45.0049 1448        Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/06/16 17:44:45.0206 1448        monitor         (ee05f7a5e2cefb275b08f3e3fcc2a8eb) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/16 17:44:45.0252 1448        mouclass        (4a00b3cf90ad075193ca5aeece71154c) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/16 17:44:45.0487 1448        mouhid          (8d9b701d716843c39e93b3432cb721fc) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/16 17:44:45.0549 1448        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/06/16 17:44:45.0784 1448        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/06/16 17:44:45.0846 1448        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/16 17:44:46.0049 1448        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/06/16 17:44:46.0143 1448        MRxDAV          (08f0c494a69cf3106ee7ffc48d8e5ac7) C:\Windows\system32\drivers\mrxdav.sys

2011/06/16 17:44:46.0268 1448        mrxsmb          (bbb0d31b477cff3b4f737ed0367f635f) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/16 17:44:46.0331 1448        mrxsmb10        (a6130566ac4178473b5dac8f8f74407d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/16 17:44:46.0518 1448        mrxsmb20        (3d475e770d3ab2d0c5e3e1386871f9da) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/16 17:44:46.0565 1448        msahci          (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys

2011/06/16 17:44:46.0612 1448        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/06/16 17:44:46.0690 1448        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/06/16 17:44:46.0752 1448        msisadrv        (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys

2011/06/16 17:44:46.0815 1448        MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/16 17:44:46.0862 1448        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/16 17:44:46.0924 1448        MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/06/16 17:44:46.0987 1448        MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/06/16 17:44:47.0065 1448        mssmbios        (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/16 17:44:47.0174 1448        MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/06/16 17:44:47.0268 1448        Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/06/16 17:44:47.0440 1448        NativeWifiP     (be8c26e61be5c5a49a6babd17aeed1b7) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/16 17:44:47.0549 1448        NDIS            (6e8dfface597629cef5df7d69217628f) C:\Windows\system32\drivers\ndis.sys

2011/06/16 17:44:47.0799 1448        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/16 17:44:47.0909 1448        Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/16 17:44:48.0081 1448        NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/16 17:44:48.0174 1448        NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/06/16 17:44:48.0362 1448        NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/16 17:44:48.0456 1448        netbt           (231f6ccfdb7a604221f18fb0852c8560) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/16 17:44:48.0643 1448        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/06/16 17:44:48.0721 1448        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/06/16 17:44:48.0768 1448        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/16 17:44:48.0862 1448        Ntfs            (f08824715ca6076f5e73e005ab83b9c8) C:\Windows\system32\drivers\Ntfs.sys

2011/06/16 17:44:49.0127 1448        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/06/16 17:44:49.0190 1448        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/06/16 17:44:49.0440 1448        nvlddmkm        (0ad2e0a3933aac2a392f0c6a68e2d2f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/06/16 17:44:50.0159 1448        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/06/16 17:44:50.0206 1448        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys

2011/06/16 17:44:50.0252 1448        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/06/16 17:44:50.0315 1448        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys

2011/06/16 17:44:50.0409 1448        nv_agp          (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys

2011/06/16 17:44:50.0674 1448        ohci1394        (8994cbfc215a9ef4495e6ae7992954fc) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/16 17:44:50.0987 1448        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/06/16 17:44:51.0190 1448        partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/06/16 17:44:51.0502 1448        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/06/16 17:44:51.0971 1448        pci             (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys

2011/06/16 17:44:52.0659 1448        pciide          (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys

2011/06/16 17:44:53.0237 1448        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/06/16 17:44:53.0502 1448        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/06/16 17:44:53.0862 1448        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/16 17:44:53.0924 1448        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/06/16 17:44:54.0034 1448        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/16 17:44:54.0096 1448        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/06/16 17:44:54.0159 1448        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/06/16 17:44:54.0221 1448        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/16 17:44:54.0268 1448        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/16 17:44:54.0315 1448        Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/16 17:44:54.0346 1448        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/16 17:44:54.0393 1448        rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/16 17:44:54.0471 1448        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/16 17:44:54.0534 1448        rdpdr           (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys

2011/06/16 17:44:54.0581 1448        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/16 17:44:54.0643 1448        RDPWD           (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys

2011/06/16 17:44:54.0737 1448        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/16 17:44:54.0784 1448        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/06/16 17:44:54.0862 1448        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/16 17:44:54.0909 1448        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/16 17:44:54.0956 1448        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys

2011/06/16 17:44:55.0002 1448        sermouse        (2baf2abc0da0d50ebe8289c720977052) C:\Windows\system32\drivers\sermouse.sys

2011/06/16 17:44:55.0127 1448        sffdisk         (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys

2011/06/16 17:44:55.0159 1448        sffp_mmc        (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/16 17:44:55.0190 1448        sffp_sd         (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/16 17:44:55.0237 1448        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/06/16 17:44:55.0331 1448        sisagp          (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys

2011/06/16 17:44:55.0377 1448        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/06/16 17:44:55.0456 1448        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/06/16 17:44:55.0518 1448        Smb             (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys

2011/06/16 17:44:55.0581 1448        spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/06/16 17:44:55.0674 1448        srv             (081be0d7a95af38d2aa238afcfc103aa) C:\Windows\system32\DRIVERS\srv.sys

2011/06/16 17:44:55.0784 1448        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/16 17:44:55.0831 1448        srvnet          (3d2ca9f958fb6e28447da61f65b9deba) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/16 17:44:55.0940 1448        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/06/16 17:44:55.0987 1448        swenum          (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/16 17:44:56.0034 1448        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/06/16 17:44:56.0081 1448        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/06/16 17:44:56.0127 1448        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/06/16 17:44:56.0252 1448        Tcpip           (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys

2011/06/16 17:44:56.0346 1448        Tcpip6          (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/16 17:44:56.0393 1448        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/16 17:44:56.0424 1448        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/06/16 17:44:56.0487 1448        TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/06/16 17:44:56.0518 1448        tdx             (7973f7239486800cd79e4fdbab6a07df) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/16 17:44:56.0581 1448        TermDD          (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/16 17:44:56.0706 1448        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/16 17:44:56.0752 1448        tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/06/16 17:44:56.0815 1448        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/16 17:44:56.0862 1448        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/06/16 17:44:56.0924 1448        udfs            (deea398a92952ccc421ba5b39662cabe) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/16 17:44:57.0002 1448        uliagpkx        (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/16 17:44:57.0065 1448        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/06/16 17:44:57.0112 1448        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/06/16 17:44:57.0190 1448        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/06/16 17:44:57.0221 1448        umbus           (dc8828971d997de009647fce59e0ce8f) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/16 17:44:57.0315 1448        usbccgp         (3f795d59734259a00d385fbd65191bf4) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/16 17:44:57.0377 1448        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/06/16 17:44:57.0424 1448        usbehci         (5555f6df13a1a1c327d67e9da7b99aee) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/16 17:44:57.0674 1448        usbhub          (8dabb8cb47e0736930cf6492aed361a6) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/16 17:44:57.0752 1448        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/06/16 17:44:57.0784 1448        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/16 17:44:57.0831 1448        usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/16 17:44:57.0862 1448        USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/16 17:44:57.0893 1448        usbuhci         (718fdf0b0f16e1d3b992f95eadf1af75) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/16 17:44:57.0971 1448        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/16 17:44:58.0034 1448        VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/06/16 17:44:58.0065 1448        viaagp          (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys

2011/06/16 17:44:58.0096 1448        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/06/16 17:44:58.0174 1448        viaide          (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys

2011/06/16 17:44:58.0221 1448        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys

2011/06/16 17:44:58.0284 1448        ViBus           (aa3e6722843540b9c8ec5257e3d4b675) C:\Windows\system32\DRIVERS\ViBus.sys

2011/06/16 17:44:58.0346 1448        ViPrt           (a1b7cffe5f09b825fba506c4de9fdac7) C:\Windows\system32\DRIVERS\ViPrt.sys

2011/06/16 17:44:58.0377 1448        volmgr          (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys

2011/06/16 17:44:58.0487 1448        volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/06/16 17:44:58.0518 1448        volsnap         (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys

2011/06/16 17:44:58.0627 1448        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/06/16 17:44:58.0690 1448        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/06/16 17:44:58.0721 1448        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/16 17:44:58.0752 1448        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/16 17:44:58.0831 1448        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/06/16 17:44:58.0893 1448        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/16 17:44:59.0159 1448        WINUSB          (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS

2011/06/16 17:44:59.0206 1448        WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys

2011/06/16 17:44:59.0299 1448        ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/16 17:44:59.0424 1448        WUDFRd          (ee0974d4042da9cf4c569ac4eca8c9c0) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/16 17:44:59.0471 1448        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/06/16 17:44:59.0487 1448        ================================================================================

2011/06/16 17:44:59.0487 1448        Scan finished

2011/06/16 17:44:59.0487 1448        ================================================================================

2011/06/16 17:44:59.0518 3668        Detected object count: 0

2011/06/16 17:44:59.0518 3668        Actual detected object count: 0

Auf Dokumente/Eigene Dateien kann ich noch zugreifen.

Zitat:

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

Ähm, das ist ja ein Vista völlig ohne Updates! Nichtmal SP1!!
Wir sind bei Vista beim SP2 und IE9. Mehr dazu später.

Zitat:

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus

Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Log von Combofix:

Code:

ComboFix 11-06-17.04 - hubert 18.06.2011  11:18:58.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3070.1864 [GMT 2:00]

ausgeführt von:: c:\users\hubert\Desktop\cofi.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\firststeps\FirstSteps.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-18 bis 2011-06-18  ))))))))))))))))))))))))))))))

.

.

2011-06-18 09:23 . 2011-06-18 09:23        --------        d-----w-        c:\users\hubert\AppData\Local\temp

2011-06-18 09:17 . 2011-06-18 09:17        --------        d-----w-        C:\32788R22FWJFW

2011-06-18 09:16 . 2011-05-24 17:12        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B8A5B31-2282-4EB6-A67C-D5FD5F44DD6F}\mpengine.dll

2011-06-09 15:54 . 2011-06-09 15:54        --------        d-----w-        C:\_OTL

2011-06-07 17:35 . 2011-06-07 17:35        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-04 10:46 . 2011-06-04 10:46        --------        d-----w-        c:\users\hubert\AppData\Roaming\Malwarebytes

2011-06-04 10:46 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-04 10:46 . 2011-06-04 10:46        --------        d-----w-        c:\programdata\Malwarebytes

2011-06-04 10:46 . 2011-06-04 10:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-06-04 10:46 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-02 14:56 . 2011-06-02 14:56        --------        d-----w-        c:\users\hubert\AppData\Roaming\Avira

2011-05-25 07:36 . 2011-05-25 07:36        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-25 07:36 . 2011-05-25 07:36        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2011-05-25 07:36 . 2011-05-25 07:36        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-25 07:36 . 2011-05-25 07:36        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2011-05-25 07:36 . 2011-05-25 07:36        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-25 07:36 . 2011-05-25 07:36        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-25 07:36 . 2011-05-25 07:36        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-25 07:36 . 2011-05-25 07:36        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-23 12:55 . 2011-05-23 12:55        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 17:14 . 2009-10-06 16:38        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-05-25 07:36 . 2011-05-25 07:36        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-01 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-01 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-01 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-11 29744]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2008-3-23 1085440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

.

R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [2007-09-12 26816]

R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-11 29744]

S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]

S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]

S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

bthsvcs        REG_MULTI_SZ           BthServ

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-11 c:\windows\Tasks\DMEPeriodicTask.job

- c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]

.

2009-07-10 c:\windows\Tasks\Norton Security Scan.job

- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 21:42]

.

2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{D493EE9E-A341-4137-A90A-410DF3E58792}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\hubert\AppData\Roaming\Mozilla\Firefox\Profiles\pjn8vo2u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-06-18 11:23

Windows 6.0.6000  NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

Zeit der Fertigstellung: 2011-06-18  11:25:05

ComboFix-quarantined-files.txt  2011-06-18 09:25

.

Vor Suchlauf: 20 Verzeichnis(se), 162.156.720.128 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 162.736.037.888 Bytes frei

.

- - End Of File - - 9239055115499F2DE6B66967296BB9EC

Dass Vista ohne Updates ist, ist seltsam. Ich habe nämlich "Updates automatisch installieren" aktiviert.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Log Gmer:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-06-20 18:41:11

Windows 6.0.6000  Harddisk0\DR0 -> \Device\0000004f 360320AS_____________________________ rev.AM___

Running: gjz2g9mz.exe; Driver: C:\Users\hubert\AppData\Local\Temp\kwlyrpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   8E115398                                                                                            ZwOpenProcess

SSDT   8E11539D                                                                                            ZwOpenThread
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8E2DE340, 0x33F6F7, 0xE8000020]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [741CFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7419B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7418A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [7418CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74188AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7419CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74187D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74187CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74186A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7421C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [741A7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [741890CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74192179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [741921A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74197F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74197D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT    C:\Windows\Explorer.EXE[348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [741C83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Log Osam:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:50:33 on 20.06.2011
 

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe

"Norton Security Scan.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Nss.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\hubert\AppData\Local\Temp\catchme.sys  (File not found)

"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\dsltestSp5.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"kwlyrpow" (kwlyrpow) - ? - C:\Users\hubert\AppData\Local\Temp\kwlyrpow.sys  (Hidden registry entry, rootkit activity | File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll  (File not found)

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

{0124123D-61B4-456f-AF86-78C53A0790C5} "{0124123D-61B4-456f-AF86-78C53A0790C5}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

"Google Desktop Manager 5.7.802.22438" (GoogleDesktopManager-022208-143751) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Log MBR:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Home Premium Edition

Windows Information:                 (build 6000), 32-bit

Base Board Manufacturer:        FUJITSU SIEMENS

BIOS Manufacturer:                Phoenix Technologies, LTD

System Manufacturer:                FUJITSU SIEMENS

System Product Name:                MS-7293VP

Logical Drives Mask:                0x000007fc
 

Kernel Drivers (total 140):

  0x82000000 \SystemRoot\system32\ntkrnlpa.exe

  0x823A2000 \SystemRoot\system32\hal.dll

  0x802C6000 \SystemRoot\system32\kdcom.dll

  0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x8025D000 \SystemRoot\system32\PSHED.dll

  0x80255000 \SystemRoot\system32\BOOTVID.dll

  0x8021A000 \SystemRoot\system32\CLFS.SYS

  0x8051F000 \SystemRoot\system32\CI.dll

  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x80461000 \SystemRoot\system32\drivers\acpi.sys

  0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x80459000 \SystemRoot\system32\drivers\msisadrv.sys

  0x80434000 \SystemRoot\system32\drivers\pci.sys

  0x80425000 \SystemRoot\system32\drivers\volmgr.sys

  0x80415000 \SystemRoot\System32\drivers\mountmgr.sys

  0x8040D000 \SystemRoot\system32\drivers\viaide.sys

  0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x80404000 \SystemRoot\system32\DRIVERS\ViBus.sys

  0x807D9000 \SystemRoot\system32\drivers\nvraid.sys

  0x807B8000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x8076E000 \SystemRoot\System32\drivers\volmgrx.sys

  0x80766000 \SystemRoot\system32\drivers\atapi.sys

  0x80748000 \SystemRoot\system32\drivers\ataport.SYS

  0x80738000 \SystemRoot\system32\DRIVERS\ViPrt.sys

  0x8071A000 \SystemRoot\system32\drivers\vsmraid.sys

  0x806DA000 \SystemRoot\system32\drivers\storport.sys

  0x806A9000 \SystemRoot\system32\drivers\fltmgr.sys

  0x80699000 \SystemRoot\system32\drivers\fileinfo.sys

  0x81EFC000 \SystemRoot\system32\drivers\ndis.sys

  0x8066E000 \SystemRoot\system32\drivers\msrpc.sys

  0x80635000 \SystemRoot\system32\drivers\NETIO.SYS

  0x828F8000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x81E92000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x81E5C000 \SystemRoot\system32\drivers\volsnap.sys

  0x8062D000 \SystemRoot\System32\Drivers\spldr.sys

  0x8061E000 \SystemRoot\System32\drivers\partmgr.sys

  0x8060F000 \SystemRoot\System32\Drivers\mup.sys

  0x81E37000 \SystemRoot\System32\drivers\ecache.sys

  0x81E26000 \SystemRoot\system32\drivers\disk.sys

  0x80606000 \SystemRoot\system32\drivers\crcdisk.sys

  0x8C820000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8C93F000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x8C812000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x8E2DE000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x8DF31000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8B088000 \SystemRoot\System32\drivers\watchdog.sys

  0x8DF19000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8C802000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8DEDC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8DECE000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8DEC3000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys

  0x82A40000 \SystemRoot\system32\DRIVERS\ohci1394.sys

  0x8DEB5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

  0x8DE9B000 \SystemRoot\system32\DRIVERS\serial.sys

  0x8C86B000 \SystemRoot\system32\DRIVERS\serenum.sys

  0x8E22C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8E201000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x8DE90000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8E1EA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x8E1DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x8E1BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x82874000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8E1A9000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8E18C000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8E181000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8E176000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x80600000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8E14C000 \SystemRoot\system32\DRIVERS\ks.sys

  0x8E23E000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8B095000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8E118000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x82A10000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x8EC20000 \SystemRoot\system32\drivers\RTKVHDA.sys

  0x8E0DB000 \SystemRoot\system32\drivers\portcls.sys

  0x8E0B6000 \SystemRoot\system32\drivers\drmk.sys

  0x8C95A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8DE53000 \SystemRoot\System32\Drivers\Null.SYS

  0x8DE5A000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8DE61000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x8E06A000 \SystemRoot\System32\drivers\vga.sys

  0x8E049000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8C9E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8C9E8000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8E01E000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8E19B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x82883000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x8EF2A000 \SystemRoot\System32\drivers\tcpip.sys

  0x8E005000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8EC0B000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8EF16000 \SystemRoot\system32\DRIVERS\smb.sys

  0x8EECF000 \SystemRoot\system32\drivers\afd.sys

  0x8EE9D000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8EE87000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8C8D5000 \SystemRoot\system32\DRIVERS\dslmnlwf.sys

  0x8EE79000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8EE66000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8C893000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x8EE2B000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x8E248000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x8EE14000 \SystemRoot\System32\Drivers\dfsc.sys

  0x8F16A000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x8B0AF000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x82A60000 \SystemRoot\System32\Drivers\dump_ViPrt.sys

  0x8F00B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x8B037000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x95DE9000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x8C963000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x82AE0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x8C900000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x96800000 \SystemRoot\System32\win32k.sys

  0x8E252000 \SystemRoot\System32\drivers\Dxapi.sys

  0x8B013000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x8F10B000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x80E00000 \SystemRoot\System32\TSDDD.dll

  0x80E10000 \SystemRoot\System32\cdd.dll

  0x80C75000 \SystemRoot\system32\drivers\luafv.sys

  0x99E6B000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x9AE37000 \SystemRoot\system32\drivers\spsys.sys

  0x82A30000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x9CBED000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x9CA0F000 \SystemRoot\system32\drivers\HTTP.sys

  0x9CB36000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x9CF67000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x9CF53000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x9CF33000 \SystemRoot\system32\drivers\mrxdav.sys

  0x9CF15000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x9CEDC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x9CECA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x9CEA6000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x9CE15000 \SystemRoot\System32\DRIVERS\srv.sys

  0xA1CA2000 \SystemRoot\system32\drivers\peauth.sys

  0x8E266000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x95CB8000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x9AF4B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x9D85B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

  0x9D845000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0xA386B000 \??\C:\Windows\system32\drivers\mbam.sys

  0xA2D28000 \??\C:\Users\hubert\AppData\Local\Temp\kwlyrpow.sys

  0x772D0000 \Windows\System32\ntdll.dll
 

Processes (total 65):

       0 System Idle Process

       4 System

     492 C:\Windows\System32\smss.exe

     560 csrss.exe

     612 C:\Windows\System32\wininit.exe

     624 csrss.exe

     660 C:\Windows\System32\services.exe

     672 C:\Windows\System32\lsass.exe

     680 C:\Windows\System32\lsm.exe

     816 C:\Windows\System32\svchost.exe

     852 C:\Windows\System32\winlogon.exe

     932 C:\Windows\System32\svchost.exe

     964 C:\Windows\System32\svchost.exe

    1020 C:\Windows\System32\svchost.exe

    1052 C:\Windows\System32\svchost.exe

    1092 C:\Windows\System32\svchost.exe

    1164 C:\Windows\System32\audiodg.exe

    1224 C:\Windows\System32\SLsvc.exe

    1340 C:\Windows\System32\svchost.exe

    1448 C:\Windows\System32\svchost.exe

    1624 C:\Windows\System32\spoolsv.exe

    1652 C:\Program Files\Avira\AntiVir Desktop\sched.exe

    1664 C:\Windows\System32\svchost.exe

    2020 C:\Windows\System32\dwm.exe

    2028 C:\Windows\System32\taskeng.exe

     348 C:\Windows\explorer.exe

    1988 C:\Windows\System32\rundll32.exe

     344 C:\Windows\RtHDVCpl.exe

    1984 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    1812 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    1776 C:\Windows\WindowsMobile\wmdc.exe

    1280 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    2004 C:\Windows\ehome\ehtray.exe

    1276 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    1764 C:\Windows\ehome\ehmsas.exe

    1728 C:\Windows\System32\rundll32.exe

    1428 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    1964 C:\Windows\System32\svchost.exe

    2068 C:\Windows\System32\svchost.exe

    2164 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    2192 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    2284 C:\Windows\System32\svchost.exe

    2332 C:\Windows\System32\svchost.exe

    2356 C:\Windows\System32\svchost.exe

    2408 C:\Windows\System32\svchost.exe

    2448 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe

    2492 C:\Windows\System32\svchost.exe

    2524 C:\Windows\System32\SearchIndexer.exe

    2652 WUDFHost.exe

    3112 C:\Windows\System32\svchost.exe

    4020 C:\Windows\System32\taskeng.exe

    2308 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

    2912 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    1104 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    2932 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    3584 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    1736 C:\Users\hubert\Downloads\gjz2g9mz.exe

    2816 C:\Program Files\Mozilla Firefox\firefox.exe

    1712 C:\Windows\System32\notepad.exe

    1352 C:\Windows\System32\SearchProtocolHost.exe

    3012 C:\Windows\System32\SearchFilterHost.exe

     792 dllhost.exe

     436 dllhost.exe

    1676 C:\Users\hubert\Desktop\MBRCheck.exe

    2896 C:\Windows\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`08100000  (NTFS)
 

PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.AAM   
 

      Size  Device Name          MBR Status

  --------------------------------------------

    335 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Log Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6925
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

23.06.2011 16:41:46

mbam-log-2011-06-23 (16-41-46).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)

Durchsuchte Objekte: 242485

Laufzeit: 1 Stunde(n), 5 Minute(n), 55 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Log SuperAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 06/23/2011 at 05:16 PM
 

Application Version : 4.54.1000
 

Core Rules Database Version : 7313

Trace Rules Database Version: 5125
 

Scan type       : Complete Scan

Total Scan Time : 01:29:36
 

Memory items scanned      : 667

Memory threats detected   : 0

Registry items scanned    : 8408

Registry threats detected : 0

File items scanned        : 97022

File threats detected     : 52
 

Adware.Tracking Cookie

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@serving-sys[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@www.active-tracking[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@mediaplex[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@zanox[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@tracking-nvag-ew.diacc[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@advertising[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@casalemedia[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@bs.serving-sys[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@ads.heias[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@questionmarket[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@im.banner.t-online[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@imrworldwide[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@smartadserver[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@ehg-tiscover.hitbox[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@www.googleadservices[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@apmebf[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@as1.falkag[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@indextools[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@de.sitestat[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@www.googleadservices[3].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@ad.adnet[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@tradedoubler[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@track.adform[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@ads.planetactive[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@adx.chip[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@statse.webtrendslive[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@windowsmedia[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@mediaplayer.t-online[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@www.zanox-affiliate[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@statcounter[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@atdmt[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@adfarm1.adition[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@partners.webmasterplan[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@ad.zanox[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@clicks.pangora[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@adopt.euroclick[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@fastclick[2].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@adtech[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@nl.sitestat[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@msnportal.112.2o7[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@zanox-affiliate[1].txt

        C:\Users\hubert\AppData\Roaming\Microsoft\Windows\Cookies\hubert@hitbox[2].txt

        m.de.2mdn.net [ C:\Users\hubert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F656H5RT ]

        media1.shufuni.com [ C:\Users\hubert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F656H5RT ]

        vht.tradedoubler.com [ C:\Users\hubert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F656H5RT ]

Log von ESET liefer ich noch nach.

Ok. Bislang auch nur harmlose Cookies.

Log von ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=3b7de35ad2b0764298f87e7d6d33c5a0

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-23 04:34:26

# local_time=2011-06-23 06:34:26 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6000 NT 

# compatibility_mode=1797 16775141 100 94 9580 45381647 2366 0

# compatibility_mode=4096 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776637 100 100 8819 146377519 0 0

# compatibility_mode=8192 67108863 100 0 283 283 0 0

# scanned=88157

# found=0

# cleaned=0

# scan_time=2096

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=3b7de35ad2b0764298f87e7d6d33c5a0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-25 10:16:12

# local_time=2011-06-25 12:16:12 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6000 NT 

# compatibility_mode=1797 16775125 100 94 88094 45530253 0 0

# compatibility_mode=4096 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776637 100 100 87759 146526125 0 0

# compatibility_mode=8192 67108863 100 0 148889 148889 0 0

# scanned=100297

# found=0

# cleaned=0

# scan_time=3596