Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2011, 19:17   #1
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo,

ich habe während des surfens im Internet plötzlich ein Fenster mit folgendem Inhalt bekommen:

Warning! Your computer is at risk of malware attacks.
We recommend you to check your system immediately.
Press ok to start the process now.

Ok habe ich nicht gedrückt, sondern den Task im Task Manager beendet.
Danach habe ich nach dem Restart des PC bislang noch keine Auswirkungen bemerkt.

Welche Risiken bestehen und was ist am besten zu tun ?

Vielen Dank,

Thomas Schmidt

Alt 09.06.2011, 19:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 10.06.2011, 17:17   #3
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



So hier wären erst mal die Logs von Malwarebites

Zitat:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6822

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

10.06.2011 02:22:51
mbam-log-2011-06-10 (02-21-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 521663
Laufzeit: 2 Stunde(n), 56 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\a3tln9zm\cgbvd[1].htm.xxx (Rogue.SecuritySuite) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\uywx18ej\nezgb[1].htm.xxx (Trojan.Downloader) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\wjjjloyk\newsecureapp70700[1].exe (Malware.Packer.Gen) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\temp\addd.tmp.xxx (Rootkit.Dropper) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\temp\ae0c.tmp.xxx (Rootkit.Dropper) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\temp\ae6a.tmp.xxx (Rootkit.Dropper) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\temp\af35.tmp.xxx (Rootkit.Dropper) -> No action taken.
c:\windows.old\users\thomas schmidt\appdata\local\temp\esowaxrcnm.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows.old\Windows\System32\wininit.exe.xxx (Trojan.Patchload) -> No action taken.

Zitat:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6822

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

10.06.2011 02:32:42
mbam-log-2011-06-10 (02-32-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 521663
Laufzeit: 2 Stunde(n), 56 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\a3tln9zm\cgbvd[1].htm.xxx (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\uywx18ej\nezgb[1].htm.xxx (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\microsoft\windows\temporary internet files\content.ie5\wjjjloyk\newsecureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\temp\addd.tmp.xxx (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\temp\ae0c.tmp.xxx (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\temp\ae6a.tmp.xxx (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\temp\af35.tmp.xxx (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\windows.old\users\thomas schmidt\appdata\local\temp\esowaxrcnm.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\System32\wininit.exe.xxx (Trojan.Patchload) -> Quarantined and deleted successfully.

Und die von OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2011 17:40:07 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Thomas Schmidt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 65,28% Memory free
6,71 Gb Paging File | 4,99 Gb Available in Paging File | 74,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 308,03 Gb Free Space | 66,14% Space Free | Partition Type: NTFS
 
Computer Name: SCHMID-PC | User Name: Thomas Schmidt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.09 23:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Schmidt\Desktop\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.05 23:36:33 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.12.19 20:24:19 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.12.06 07:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.12.06 07:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.11.16 05:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010.11.10 03:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.11.10 02:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.27 23:22:28 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2010.08.04 03:51:36 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.04 03:51:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.05.07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010.05.07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.06.27 05:42:24 | 006,295,552 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.01.09 23:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.09 23:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Schmidt\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.12.19 20:24:19 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.08.27 23:22:28 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010.08.04 03:51:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (CrypKey License)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.01.14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007.01.12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.10 14:39:53 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.18 10:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110609.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.05.18 10:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110609.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.05.10 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.05.10 10:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.12.19 20:24:22 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.12.19 20:24:11 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2010.12.19 20:24:07 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.12.19 20:23:49 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.11.10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2010.11.10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20110609.001\IDSvix86.sys -- (IDSvix86)
DRV - [2010.08.27 23:23:11 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010.08.04 04:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.04 03:15:28 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:24 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.03.19 01:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\ckldrv.sys -- (NetworkX)
DRV - [2009.08.03 19:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.08.03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.08.03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009.08.03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.08.03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008.02.14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.04.14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.05 23:36:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 07:06:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 07:06:36 | 000,000,000 | ---D | M]
 
[2010.08.27 23:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Schmidt\AppData\Roaming\mozilla\Extensions
[2011.06.09 20:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\7huynouk.default\extensions
[2010.09.09 22:37:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\7huynouk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.27 23:49:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thomas Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\7huynouk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.27 23:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.05 23:36:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.10 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{18933589-066E-44BF-8C02-454940B86A62}
[2011.06.09 23:24:38 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas Schmidt\Desktop\OTL.exe
[2011.06.09 23:18:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Roaming\Malwarebytes
[2011.06.09 23:18:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.09 23:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.09 23:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.09 23:18:26 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.09 23:18:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.09 19:31:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{F63845E9-F40C-4AD4-B1B7-870F9C96DA3D}
[2011.06.07 22:21:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{ECC1A8F3-EF86-4AAF-9F24-4FFEC0B3FADA}
[2011.06.05 19:50:31 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{18C43A50-64BC-45B8-AA82-9EA7EEC29C13}
[2011.06.05 07:50:05 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{DEB255DE-A957-474C-B066-40E48DD8A924}
[2011.06.04 19:49:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{5486072D-CC65-453E-AA70-902A9096B2C2}
[2011.06.02 10:24:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{043DB7FD-D8E3-48D5-BC8A-C00DDB6BFABF}
[2011.06.01 22:23:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{CBA75D09-5019-4EE1-8FAB-BAAAABB0596F}
[2011.05.30 18:50:32 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{170D0045-EB6F-479C-B460-9DB6C2DF285E}
[2011.05.29 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{FFBCAB28-DD18-4263-9552-C7D632A49F80}
[2011.05.29 06:37:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{27022CD9-140B-4966-BAFC-13368CB4EA89}
[2011.05.28 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{DC66617C-D1EC-4A9A-8B41-B4AC9951F992}
[2011.05.27 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{3AD32200-B2A5-4638-BD4E-9EF2F69496C7}
[2011.05.26 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{9D24DE92-0E15-4F4F-967A-9F39B4DC485F}
[2011.05.25 22:54:38 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{88700BF9-0DC5-4A42-BC43-9D3BCEEA5404}
[2011.05.24 23:20:05 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{C08341B5-98DB-403A-8BE7-65DC1808CA90}
[2011.05.23 19:25:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{6883770E-7510-434B-83D7-F16CD391B361}
[2011.05.22 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{D5AC0041-0E88-436B-989E-80ED9667BA17}
[2011.05.22 07:38:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{9FDDEF95-7272-4520-A179-B65E04D7E33C}
[2011.05.21 19:37:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{185D1C83-AD2F-447C-B9E6-8FA9BDF7CC94}
[2011.05.21 07:37:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{9390AAA7-7829-49DA-AB4C-1D769E099536}
[2011.05.20 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{05DA59DC-6788-4876-BC01-A5113DCE879B}
[2011.05.19 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{7493AD8F-D272-438F-8934-84152A57CB72}
[2011.05.18 22:50:28 | 000,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2011.05.18 22:39:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{8327BC78-A4AC-4F00-8166-0B7E8342F112}
[2011.05.17 23:09:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{3DE05618-8F38-4C8B-9847-49708BC2DAE7}
[2011.05.16 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{11B82EF0-2EAC-4A90-BBCC-011B24D96669}
[2011.05.15 23:33:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{6689A909-AE54-4DAC-9432-50EF39360601}
[2011.05.14 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{800842E9-BE46-4130-88C3-0BEFB917638D}
[2011.05.14 07:18:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{98D67A8E-349D-4DEB-96EF-E39DD5DF2F36}
[2011.05.13 18:47:09 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{23EF82D6-076B-4C1D-803F-9DAC0D441E85}
[2011.05.12 22:59:25 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{8C195778-357A-4988-9E41-55CFE3DCD3B5}
[2011.05.11 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas Schmidt\AppData\Local\{DEA47A68-E31D-4E6E-97FC-2B5C42A39C09}
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.10 16:39:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 16:39:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 15:45:10 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.10 15:45:10 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.10 15:45:10 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.10 15:45:10 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.10 14:39:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.10 14:39:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.06.10 14:39:32 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.10 02:41:23 | 000,002,735 | ---- | M] () -- C:\Users\Thomas Schmidt\Desktop\Microsoft Office Outlook 2007.lnk
[2011.06.10 02:34:53 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.06.10 02:34:53 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2011.06.09 23:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Schmidt\Desktop\OTL.exe
[2011.06.09 23:18:30 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.07 22:23:28 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\FSC85.exe.lnk
[2011.06.02 10:46:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.30 22:36:34 | 000,000,600 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Thomas Schmidt.job
[2011.05.30 22:36:26 | 505,289,849 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.13 23:34:59 | 000,009,728 | ---- | M] () -- C:\Users\Thomas Schmidt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.06.09 23:18:30 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.02 10:46:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.18 22:50:28 | 000,010,537 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.cat
[2011.05.18 22:50:28 | 000,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
[2011.05.08 19:58:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.05.08 19:58:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.11 01:18:56 | 000,009,728 | ---- | C] () -- C:\Users\Thomas Schmidt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.10.01 22:55:27 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010.08.29 16:51:07 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2010.08.29 16:48:15 | 000,000,048 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.08.29 16:47:52 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010.08.29 16:47:52 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.08.28 18:03:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.28 18:03:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.28 17:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.28 08:49:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.27 23:35:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.27 23:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010.08.27 22:40:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.04 03:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.06.16 15:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.01.21 10:21:25 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,127,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,270,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.12.19 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Acronis
[2010.11.18 00:34:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Amazon
[2011.02.09 22:59:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Leadertech
[2011.06.10 09:08:19 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.19 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Acronis
[2010.09.02 19:55:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Adobe
[2010.11.18 00:34:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Amazon
[2010.08.28 17:35:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\ATI
[2010.08.27 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Identities
[2010.08.27 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\InstallShield
[2011.02.09 22:59:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Leadertech
[2010.08.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Macromedia
[2011.06.09 23:18:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Malwarebytes
[2011.02.28 23:34:47 | 000,000,000 | --SD | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Microsoft
[2010.08.27 23:35:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Mozilla
[2011.05.07 00:10:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Real
[2010.08.27 23:50:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas Schmidt\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.02.28 23:34:47 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Thomas Schmidt\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
Gruß

Thomas Schmidt
__________________

Alt 10.06.2011, 17:21   #4
wunderkind87
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo Thomsch,

sorry wenn ich mich hier einmische, aber hab gestern die selbe Meldung über Google wie du bekommen, mein Malwarebytes-Log fiel aber (Gott sei Dank) negativ aus. Aber als Laie (der wirklich nicht viel von solchen Dingen versteht) würde ich mal sagen dass dir das Service Pack 3 mal ganz dringend fehlt.

(BTW, könnte mir auch irgendwer die Sicherheit dass da nix böses ist in dem Thread den ich aufgemacht habe geben bitte. )

Alt 10.06.2011, 22:05   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Zitat:
Zitat von wunderkind87 Beitrag anzeigen
würde ich mal sagen dass dir das Service Pack 3 mal ganz dringend fehlt.
Gibt noch kein SP3 für Vista


@thomsch3:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Thomas Schmidt\AppData\Local\{*
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2011, 12:40   #6
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hier das Log nach dem Fix

Zitat:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ .
File move failed. C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Thomas Schmidt\AppData\Local\{007EAD0D-4235-40D8-9368-8A146059E7F7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{01155D83-3816-4D97-90C4-810302E8A294} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{043DB7FD-D8E3-48D5-BC8A-C00DDB6BFABF} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{0474944C-3476-45CF-BC66-49A1B9902450} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{04ACB000-4221-400F-A638-640144EE18C5} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{05DA59DC-6788-4876-BC01-A5113DCE879B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{0E838953-F44B-4FA8-9D85-2061272673F4} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{11B14956-CE00-4F17-9CCF-793AC5125D9A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{11B82EF0-2EAC-4A90-BBCC-011B24D96669} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{154DE9F8-529B-4390-A314-F7EF7A043B23} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{170D0045-EB6F-479C-B460-9DB6C2DF285E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{179A8A6B-9A1D-4669-ADF7-4FDCFBB0C42B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{185D1C83-AD2F-447C-B9E6-8FA9BDF7CC94} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{18933589-066E-44BF-8C02-454940B86A62} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{18C43A50-64BC-45B8-AA82-9EA7EEC29C13} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{1CBEB39C-6C03-459C-A076-50E7DEE57131} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{23EF82D6-076B-4C1D-803F-9DAC0D441E85} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{26821C59-AFE7-4F69-8893-F626DCC8DC0C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{27022CD9-140B-4966-BAFC-13368CB4EA89} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{29B3D37F-0A5A-47D5-930D-0E6E1610B8C0} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{29E69F77-4195-490A-8773-FC3745E334A7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{30C1B95A-5B78-4E67-9F27-F0DAB9DE7DEA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3241FFB6-804F-45D2-81E8-533A7C76DF95} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{34393D73-E64E-4ED8-A31D-C57D00F79E41} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{354BAE03-2D88-4922-9E93-E111D4BC83CD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3AD32200-B2A5-4638-BD4E-9EF2F69496C7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3DE05618-8F38-4C8B-9847-49708BC2DAE7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3F0ACAB0-33D4-4C67-81E6-86A92CA170DA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{3FB5B74E-F000-4F3C-B853-F3982CFEB5FD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{49D52C3A-8D06-46CD-854D-4D8F1D3FFCE6} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{508220DD-2C59-4BE6-A9DD-09CCA412D320} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{536D5044-CE3A-4D72-9D1E-004DF5573C33} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5486072D-CC65-453E-AA70-902A9096B2C2} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{57D9FAE0-0A87-4750-895F-4C1FF647B34D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5A30E875-7AC3-4F36-98D1-EC727957E255} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5A85776A-08A7-4F4F-9A5C-06435633B053} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{5B009CD6-AF38-4BE2-809F-61DD5CB5E780} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{60D06F46-B75C-4401-ADCD-ADCE6CF30D4A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{65F68D5D-4C0E-4B7F-B565-0192DC040BFD} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6689A909-AE54-4DAC-9432-50EF39360601} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6883770E-7510-434B-83D7-F16CD391B361} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6CAB87B6-0D90-46B8-A2D5-6A7D4BA2DFF1} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6CD5151D-403E-4A9F-BE2E-23857795A34E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6D1F31D9-E261-40CA-8B7B-18F50B904870} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{6F4B14A7-4923-4E80-A8A2-5F1553761824} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{709D21C4-43BE-4372-ACFF-3FC8718C7477} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{71ABDEA6-16E6-4142-9FDE-AD9F83535DD3} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{7493AD8F-D272-438F-8934-84152A57CB72} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{7537243C-B794-4FE9-B449-1841968F6473} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{800842E9-BE46-4130-88C3-0BEFB917638D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8080DA22-1CE8-498B-917A-855589BC034F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8327BC78-A4AC-4F00-8166-0B7E8342F112} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{83600A4B-DD38-4D67-B9FA-0BF7621FC297} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{87EBC3E2-6DD5-471F-A6E8-6919496FBA76} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{88700BF9-0DC5-4A42-BC43-9D3BCEEA5404} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8AA5B8CA-8B86-44E8-808B-0C1A43832A1A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{8C195778-357A-4988-9E41-55CFE3DCD3B5} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{90BAD25D-2D69-4C82-8D69-99BDE62EE2FE} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{90E76C6B-56DE-49AE-98F0-15042C4845A3} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{91394053-1E4D-4601-B143-0C97E8F1276E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9390AAA7-7829-49DA-AB4C-1D769E099536} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9731722D-988A-461C-964F-6666798ABEBB} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{98D67A8E-349D-4DEB-96EF-E39DD5DF2F36} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9973BD31-4B71-4FC1-AF35-605E044B8EA1} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9D24DE92-0E15-4F4F-967A-9F39B4DC485F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{9FDDEF95-7272-4520-A179-B65E04D7E33C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A147C06F-4837-44CE-85F3-39ACB08F204A} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1706C2C-1E0C-40BA-8FA1-20A2D0846D93} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1A6D409-EAB5-454B-98AC-3A264BB2C24F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A1F5FCB1-AE5D-4A0F-8DB3-A9B7163118AC} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A78FD6F6-E3C9-49B1-8D48-9E4CF3DD2841} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{A83A50AF-44A8-4AEB-B847-B4232DC34028} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{AA492281-E00D-4523-82AC-577F46A09339} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{AC7729D6-48C6-4A81-8970-C6A802829872} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{B358ADBC-AF77-4F3E-BB79-57116FAF6693} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{BB14A324-03CC-4A01-97A7-09C5B80EDAEF} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C08341B5-98DB-403A-8BE7-65DC1808CA90} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C3F0CD89-7204-4939-8E3A-B7542F897897} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C55720E6-3B29-483F-BFBB-3F1BA8C3635F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C774A096-9687-47E2-875D-B2D149CE8D0C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{C79CDB9D-50EA-4A25-9F10-DB88914A5192} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CA0FFA28-5546-4B18-A8DE-BE2464A7064C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CA447037-74A1-4ED5-B28C-96AD2940762D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CBA75D09-5019-4EE1-8FAB-BAAAABB0596F} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{CEBD3CB1-687A-49D0-A565-BE15EC96C8E2} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D10E358D-DEC6-4170-8F23-E61E61A1694D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D3848DDC-4CBF-4D66-A243-5C86E7755821} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D5488BD2-24CC-474A-9D6C-A5EA9D616340} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{D5AC0041-0E88-436B-989E-80ED9667BA17} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DC66617C-D1EC-4A9A-8B41-B4AC9951F992} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DD7A840D-4BCC-4E7B-A7CE-1384B2C95A77} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DEA47A68-E31D-4E6E-97FC-2B5C42A39C09} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{DEB255DE-A957-474C-B066-40E48DD8A924} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E44110FA-9CA2-443F-ABF5-F73F2A315409} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E60E6188-2AB3-48BB-96A2-1F534DD4FC15} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{E88EE326-B6C2-41E7-8363-17ADF67844AB} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EA576239-1765-4626-945C-E86D5BE38019} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EC19D54B-097D-4B6E-84A8-92850C06773D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{ECA99AFE-172E-4448-BB9A-8807C5B80401} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{ECC1A8F3-EF86-4AAF-9F24-4FFEC0B3FADA} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EE639E41-6CE2-4B1C-BF21-69B3C91DB730} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{EF4FF1E3-1F6A-48E3-9FF1-BA36CD94073C} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F0E2E251-6EBF-45E9-87CF-8C9D1AA3CA1B} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F138363A-F06D-4739-A4E7-20B9AEBE55C4} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F28AA4D7-D3B7-428B-9E5B-AFA854198E7E} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F63845E9-F40C-4AD4-B1B7-870F9C96DA3D} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{F82556D1-EEEB-42AA-A17E-8BBFB7F99C12} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FA7FDF81-49FA-48D2-A984-EBEE47BF71D7} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FCDDD6CF-1A4F-427E-83E8-0E404E7EAC74} folder moved successfully.
C:\Users\Thomas Schmidt\AppData\Local\{FFBCAB28-DD18-4263-9552-C7D632A49F80} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_133351

Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 11.06.2011, 17:22   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.06.2011, 19:03   #8
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo,

hier das Logfile vom TDSSKiller.

Zitat:
2011/06/13 20:00:53.0470 5900 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/13 20:00:55.0391 5900 ================================================================================
2011/06/13 20:00:55.0391 5900 SystemInfo:
2011/06/13 20:00:55.0391 5900
2011/06/13 20:00:55.0391 5900 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/13 20:00:55.0391 5900 Product type: Workstation
2011/06/13 20:00:55.0391 5900 ComputerName: SCHMID-PC
2011/06/13 20:00:55.0392 5900 UserName: Thomas Schmidt
2011/06/13 20:00:55.0392 5900 Windows directory: C:\Windows
2011/06/13 20:00:55.0392 5900 System windows directory: C:\Windows
2011/06/13 20:00:55.0392 5900 Processor architecture: Intel x86
2011/06/13 20:00:55.0392 5900 Number of processors: 2
2011/06/13 20:00:55.0392 5900 Page size: 0x1000
2011/06/13 20:00:55.0392 5900 Boot type: Normal boot
2011/06/13 20:00:55.0392 5900 ================================================================================
2011/06/13 20:00:56.0291 5900 Initialize success
2011/06/13 20:01:09.0775 4116 ================================================================================
2011/06/13 20:01:09.0775 4116 Scan started
2011/06/13 20:01:09.0775 4116 Mode: Manual;
2011/06/13 20:01:09.0775 4116 ================================================================================
2011/06/13 20:01:10.0384 4116 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/13 20:01:10.0432 4116 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/13 20:01:10.0471 4116 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/13 20:01:10.0500 4116 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/13 20:01:10.0584 4116 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/13 20:01:10.0668 4116 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys
2011/06/13 20:01:10.0712 4116 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/13 20:01:10.0751 4116 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/13 20:01:10.0855 4116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/13 20:01:10.0888 4116 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/13 20:01:10.0921 4116 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/13 20:01:10.0940 4116 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/13 20:01:10.0980 4116 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/13 20:01:11.0001 4116 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/13 20:01:11.0130 4116 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/13 20:01:11.0270 4116 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/13 20:01:11.0308 4116 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/13 20:01:11.0343 4116 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/13 20:01:11.0437 4116 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/13 20:01:11.0468 4116 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/13 20:01:11.0513 4116 AtiHDAudioService (8579387516ec86d76404ddffc22214c4) C:\Windows\system32\drivers\AtihdLH3.sys
2011/06/13 20:01:11.0632 4116 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/13 20:01:11.0666 4116 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/13 20:01:11.0708 4116 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/13 20:01:11.0739 4116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/13 20:01:11.0766 4116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/13 20:01:11.0858 4116 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/13 20:01:11.0880 4116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/13 20:01:11.0913 4116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/13 20:01:11.0931 4116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/13 20:01:11.0958 4116 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/13 20:01:12.0005 4116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/13 20:01:12.0048 4116 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/13 20:01:12.0131 4116 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/13 20:01:12.0175 4116 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/13 20:01:12.0205 4116 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/13 20:01:12.0236 4116 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/06/13 20:01:12.0259 4116 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/13 20:01:12.0280 4116 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/13 20:01:12.0389 4116 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/13 20:01:12.0447 4116 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/13 20:01:12.0492 4116 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/13 20:01:12.0534 4116 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/13 20:01:12.0636 4116 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/13 20:01:12.0672 4116 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/13 20:01:12.0737 4116 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/13 20:01:12.0843 4116 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/13 20:01:12.0912 4116 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/13 20:01:12.0936 4116 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/13 20:01:12.0995 4116 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/13 20:01:13.0019 4116 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/13 20:01:13.0112 4116 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/13 20:01:13.0156 4116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/13 20:01:13.0170 4116 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/13 20:01:13.0193 4116 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/13 20:01:13.0228 4116 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/13 20:01:13.0321 4116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/13 20:01:13.0337 4116 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/13 20:01:13.0367 4116 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\Windows\gdrv.sys
2011/06/13 20:01:13.0433 4116 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/06/13 20:01:13.0481 4116 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/13 20:01:13.0641 4116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/13 20:01:13.0682 4116 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/13 20:01:13.0715 4116 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/13 20:01:13.0736 4116 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/13 20:01:13.0785 4116 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/06/13 20:01:13.0822 4116 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/13 20:01:13.0933 4116 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/13 20:01:13.0983 4116 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/13 20:01:14.0097 4116 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110609.001\IDSvix86.sys
2011/06/13 20:01:14.0193 4116 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/13 20:01:14.0288 4116 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/13 20:01:14.0397 4116 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/13 20:01:14.0437 4116 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/13 20:01:14.0465 4116 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/13 20:01:14.0519 4116 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/13 20:01:14.0566 4116 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/13 20:01:14.0595 4116 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/13 20:01:14.0625 4116 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/13 20:01:14.0674 4116 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/13 20:01:14.0757 4116 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/13 20:01:14.0788 4116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/13 20:01:14.0817 4116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/13 20:01:14.0829 4116 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/13 20:01:14.0872 4116 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/13 20:01:14.0931 4116 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/13 20:01:15.0015 4116 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/13 20:01:15.0064 4116 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/13 20:01:15.0097 4116 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/13 20:01:15.0127 4116 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/13 20:01:15.0165 4116 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/06/13 20:01:15.0267 4116 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
2011/06/13 20:01:15.0374 4116 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/06/13 20:01:15.0512 4116 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/13 20:01:15.0557 4116 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/13 20:01:15.0609 4116 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/13 20:01:15.0645 4116 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/13 20:01:15.0747 4116 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/13 20:01:15.0784 4116 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/13 20:01:15.0806 4116 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/13 20:01:15.0823 4116 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/13 20:01:15.0847 4116 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/13 20:01:15.0868 4116 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/13 20:01:15.0895 4116 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/13 20:01:15.0977 4116 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/13 20:01:16.0006 4116 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/13 20:01:16.0038 4116 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/13 20:01:16.0066 4116 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/13 20:01:16.0079 4116 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/13 20:01:16.0106 4116 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/13 20:01:16.0133 4116 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/13 20:01:16.0259 4116 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/13 20:01:16.0291 4116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/13 20:01:16.0330 4116 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/13 20:01:16.0365 4116 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/13 20:01:16.0386 4116 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/13 20:01:16.0431 4116 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/13 20:01:16.0479 4116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/13 20:01:16.0511 4116 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/13 20:01:16.0528 4116 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/13 20:01:16.0572 4116 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/13 20:01:16.0699 4116 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110613.005\NAVENG.SYS
2011/06/13 20:01:16.0765 4116 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110613.005\NAVEX15.SYS
2011/06/13 20:01:16.0891 4116 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/13 20:01:16.0923 4116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/13 20:01:16.0942 4116 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/13 20:01:16.0991 4116 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/13 20:01:17.0004 4116 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/13 20:01:17.0065 4116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/13 20:01:17.0109 4116 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/13 20:01:17.0166 4116 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\Windows\System32\ckldrv.sys
2011/06/13 20:01:17.0215 4116 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/13 20:01:17.0244 4116 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/13 20:01:17.0289 4116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/13 20:01:17.0345 4116 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/13 20:01:17.0386 4116 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/13 20:01:17.0412 4116 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/13 20:01:17.0452 4116 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/13 20:01:17.0499 4116 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/13 20:01:17.0582 4116 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/13 20:01:17.0677 4116 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/13 20:01:17.0772 4116 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/06/13 20:01:17.0800 4116 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/13 20:01:17.0814 4116 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/13 20:01:17.0884 4116 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/13 20:01:17.0908 4116 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/13 20:01:17.0956 4116 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/13 20:01:18.0005 4116 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/13 20:01:18.0112 4116 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/13 20:01:18.0132 4116 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/13 20:01:18.0211 4116 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/13 20:01:18.0285 4116 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/13 20:01:18.0323 4116 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/13 20:01:18.0397 4116 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/13 20:01:18.0417 4116 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/13 20:01:18.0439 4116 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/13 20:01:18.0472 4116 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/13 20:01:18.0508 4116 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/13 20:01:18.0532 4116 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/13 20:01:18.0556 4116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/13 20:01:18.0578 4116 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/13 20:01:18.0630 4116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/13 20:01:18.0663 4116 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/13 20:01:18.0707 4116 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/13 20:01:18.0742 4116 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/13 20:01:18.0786 4116 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/13 20:01:18.0842 4116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/13 20:01:18.0870 4116 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/13 20:01:18.0939 4116 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/13 20:01:18.0968 4116 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/13 20:01:19.0017 4116 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/13 20:01:19.0047 4116 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/13 20:01:19.0073 4116 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/13 20:01:19.0118 4116 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/13 20:01:19.0160 4116 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/13 20:01:19.0207 4116 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/13 20:01:19.0266 4116 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/13 20:01:19.0311 4116 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/13 20:01:19.0378 4116 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/13 20:01:19.0451 4116 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/13 20:01:19.0517 4116 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/13 20:01:19.0541 4116 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
2011/06/13 20:01:19.0594 4116 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/06/13 20:01:19.0636 4116 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/06/13 20:01:19.0693 4116 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/13 20:01:19.0712 4116 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/13 20:01:19.0728 4116 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/13 20:01:19.0782 4116 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/13 20:01:19.0829 4116 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/13 20:01:19.0854 4116 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/06/13 20:01:19.0886 4116 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/13 20:01:19.0929 4116 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
2011/06/13 20:01:19.0948 4116 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/06/13 20:01:19.0985 4116 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/06/13 20:01:20.0005 4116 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/06/13 20:01:20.0022 4116 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/06/13 20:01:20.0051 4116 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/13 20:01:20.0072 4116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/13 20:01:20.0137 4116 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/13 20:01:20.0219 4116 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/13 20:01:20.0280 4116 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/13 20:01:20.0311 4116 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/13 20:01:20.0385 4116 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
2011/06/13 20:01:20.0428 4116 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/13 20:01:20.0503 4116 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/13 20:01:20.0536 4116 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/13 20:01:20.0615 4116 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/13 20:01:20.0663 4116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/13 20:01:20.0705 4116 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/13 20:01:20.0755 4116 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/13 20:01:20.0775 4116 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/13 20:01:20.0814 4116 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/13 20:01:20.0853 4116 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/13 20:01:20.0883 4116 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/13 20:01:20.0927 4116 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/13 20:01:20.0976 4116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/13 20:01:21.0037 4116 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/13 20:01:21.0081 4116 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/13 20:01:21.0114 4116 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/13 20:01:21.0146 4116 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/13 20:01:21.0269 4116 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/13 20:01:21.0321 4116 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/13 20:01:21.0334 4116 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/13 20:01:21.0368 4116 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/13 20:01:21.0397 4116 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/13 20:01:21.0434 4116 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/13 20:01:21.0464 4116 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/13 20:01:21.0548 4116 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/13 20:01:21.0613 4116 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/13 20:01:21.0646 4116 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/13 20:01:21.0671 4116 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/13 20:01:21.0703 4116 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/13 20:01:21.0725 4116 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/13 20:01:21.0762 4116 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/13 20:01:21.0804 4116 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/13 20:01:21.0866 4116 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/13 20:01:21.0886 4116 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/13 20:01:21.0928 4116 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/13 20:01:21.0948 4116 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 20:01:21.0959 4116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 20:01:21.0991 4116 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/13 20:01:22.0036 4116 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/13 20:01:22.0149 4116 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/13 20:01:22.0267 4116 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/13 20:01:22.0294 4116 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/13 20:01:22.0336 4116 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/13 20:01:22.0375 4116 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/13 20:01:22.0386 4116 ================================================================================
2011/06/13 20:01:22.0386 4116 Scan finished
2011/06/13 20:01:22.0386 4116 ================================================================================
2011/06/13 20:01:22.0396 3616 Detected object count: 0
2011/06/13 20:01:22.0396 3616 Actual detected object count: 0

Alt 14.06.2011, 08:22   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.06.2011, 22:11   #10
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo Arne,

hier das zuletzt angeforderte Analysefile.

Eine Frage noch zum weiteren Vorgehen. Wie erfolgversprechend sind die bisherigen Schritte gewesen? Ich weiß nicht so recht, wo ich grade stehe.
Welche Gefahren bestehen im aktuellen Zustand des PCs? Muss ich trotz aller Maßnahmen den PC neu aufsetzen?

Besten Dank außerdem noch für die umfangreiche Hilfe!

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-14.01 - Thomas Schmidt 14.06.2011  22:28:33.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.3326.1998 [GMT 2:00]
ausgeführt von:: c:\users\Thomas Schmidt\Desktop\cofi.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-14 bis 2011-06-14  ))))))))))))))))))))))))))))))
.
.
2011-06-14 20:39 . 2011-06-14 20:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-14 20:39 . 2011-06-14 20:39	--------	d-----w-	c:\users\Tristan Schmidt\AppData\Local\temp
2011-06-14 20:25 . 2011-06-14 20:25	--------	d-----w-	C:\32788R22FWJFW
2011-06-14 20:06 . 2011-06-14 20:06	--------	d-----w-	c:\users\Thomas Schmidt\AppData\Local\{04573C6F-6FAE-49CA-AD94-16967AD62726}
2011-06-13 17:39 . 2011-06-13 17:39	--------	d-----w-	c:\users\Thomas Schmidt\AppData\Local\{218C6EF4-E3E4-417C-801E-4C027E1D605C}
2011-06-11 16:30 . 2011-06-11 16:31	--------	d-----w-	c:\users\Johannes Schmidt\AppData\Local\VirtualStore
2011-06-11 11:33 . 2011-06-11 11:33	--------	d-----w-	C:\_OTL
2011-06-10 20:29 . 2011-06-10 20:29	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{BC02C523-964A-4EEF-B72A-D39412767B15}
2011-06-10 06:24 . 2011-06-10 06:24	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{3223E2D0-37C8-4CA1-9C83-651A0588A57F}
2011-06-10 06:22 . 2011-06-10 06:22	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Roaming\Malwarebytes
2011-06-10 06:21 . 2011-06-10 06:22	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\VirtualStore
2011-06-09 21:18 . 2011-06-09 21:18	--------	d-----w-	c:\users\Thomas Schmidt\AppData\Roaming\Malwarebytes
2011-06-09 21:18 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 21:18 . 2011-06-09 21:18	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-09 21:18 . 2011-06-09 21:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-09 21:18 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-08 15:47 . 2011-06-08 15:47	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{4C31C222-E212-4E21-845B-FC3C745529EE}
2011-06-07 15:56 . 2011-06-07 15:56	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{849D7E3D-2E05-4CE4-B566-F10A7A48551B}
2011-06-06 12:26 . 2011-06-06 12:27	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{1CDE8B86-E255-4B84-9CFD-9E2B137F0A33}
2011-05-31 13:01 . 2011-05-31 13:01	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{635D30FD-8ED1-4F71-827F-5B60EAC47F65}
2011-05-30 08:40 . 2011-05-30 08:40	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{D3432F75-255D-4B42-87B1-3B6ACA5E8B95}
2011-05-27 07:17 . 2011-05-27 07:17	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{4274B57E-49EB-4051-9008-88E3E899B721}
2011-05-26 16:10 . 2011-05-26 16:10	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{941AEE0F-1A98-442A-9C3B-3D43B53C47AE}
2011-05-24 20:23 . 2011-05-24 20:23	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{9C62193D-811E-4400-87BE-AE37F4B440F2}
2011-05-24 07:01 . 2011-05-24 07:01	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{88ACC87C-568A-4B9D-9D7A-9D4F111A8ACB}
2011-05-22 20:46 . 2011-05-22 20:46	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{3CD7B423-B311-4612-A2B7-E08CFFB52C46}
2011-05-19 12:34 . 2011-05-19 12:34	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{3227E748-5269-4050-A298-75E857B13587}
2011-05-18 20:50 . 2008-07-30 15:42	23888	----a-w-	c:\windows\system32\drivers\COH_Mon.sys
2011-05-17 13:11 . 2011-05-17 13:11	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{8BEE96E8-A9A2-45B3-85F6-60D19ECA8175}
2011-05-16 13:56 . 2011-05-16 13:56	--------	d-----w-	c:\users\Silvia Schmidt\AppData\Local\{AF8C96FF-9250-4DBC-B973-7DBF32CB6170}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 20:04 . 2010-08-27 20:40	16608	----a-w-	c:\windows\gdrv.sys
2011-06-10 00:34 . 2010-12-25 16:43	1409	----a-w-	c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-06 5578920]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-25 77824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-05 273544]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2010-12-19 752128]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20110609.001\IDSvix86.sys [2010-09-15 287792]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-19 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-19 167968]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-08-03 38448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-13 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Thomas Schmidt.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Thomas Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\7huynouk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-14 22:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-14  22:43:56
ComboFix-quarantined-files.txt  2011-06-14 20:43
.
Vor Suchlauf: 11 Verzeichnis(se), 328.149.680.128 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 330.940.481.536 Bytes frei
.
- - End Of File - - 5FD38947333BF1224E8068FA2ADC2027
         
--- --- ---

Alt 15.06.2011, 08:52   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.06.2011, 10:26   #12
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Also hier die nächsten drei Logs:

GMER (hier bin ich mir nicht sicher ob das Program fertig war, weil keine derartige Meldung kam, aber da es sehr lange an einer Stelle nicht mehr gearbeitet hat, habe ich einfach das Log zu diesem Zeitpunkt gespeichert):

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-16 23:56:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDP725050GLA360 rev.GM4OA5CA
Running: ht4hyr4t.exe; Driver: C:\Users\THOMAS~1\AppData\Local\Temp\pwliqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            8780BAA8                                                                                                             ZwAlertResumeThread
SSDT            8780BB88                                                                                                             ZwAlertThread
SSDT            877294F0                                                                                                             ZwAllocateVirtualMemory
SSDT            878633B0                                                                                                             ZwConnectPort
SSDT            8780B7F8                                                                                                             ZwCreateMutant
SSDT            87731D48                                                                                                             ZwCreateThread
SSDT            87819450                                                                                                             ZwFreeVirtualMemory
SSDT            8780B8E8                                                                                                             ZwImpersonateAnonymousToken
SSDT            8780B9C8                                                                                                             ZwImpersonateThread
SSDT            87819370                                                                                                             ZwMapViewOfSection
SSDT            8780B718                                                                                                             ZwOpenEvent
SSDT            87731D10                                                                                                             ZwOpenProcessToken
SSDT            8780B0C8                                                                                                             ZwOpenThreadToken
SSDT            878185B8                                                                                                             ZwResumeThread
SSDT            878199C0                                                                                                             ZwSetContextThread
SSDT            8780B1B8                                                                                                             ZwSetInformationProcess
SSDT            878198D0                                                                                                             ZwSetInformationThread
SSDT            8780B638                                                                                                             ZwSuspendProcess
SSDT            8780BCB0                                                                                                             ZwSuspendThread
SSDT            877806F0                                                                                                             ZwTerminateProcess
SSDT            878197F0                                                                                                             ZwTerminateThread
SSDT            878192D0                                                                                                             ZwUnmapViewOfSection
SSDT            87819520                                                                                                             ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                                        822F38A0 8 Bytes  [A8, BA, 80, 87, 88, BB, 80, ...]
.text           ntkrnlpa.exe!KeSetEvent + 131                                                                                        822F38B4 4 Bytes  [F0, 94, 72, 87]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                        822F3944 4 Bytes  [B0, 33, 86, 87]
.text           ntkrnlpa.exe!KeSetEvent + 1F5                                                                                        822F3978 4 Bytes  [F8, B7, 80, 87]
.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                        822F39A4 4 Bytes  [48, 1D, 73, 87]
.text           ...                                                                                                                  
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                             section is writeable [0x8F00F000, 0x331A84, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[4080] kernel32.dll!SetUnhandledExceptionFilter                 774DA84F 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Logitech\Vid HD\Vid.exe[2740] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [03953880] C:\Windows\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Program Files\Logitech\Vid HD\Vid.exe[2740] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose]                [03953A60] C:\Windows\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Program Files\Logitech\Vid HD\Vid.exe[2740] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [03953930] C:\Windows\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Program Files\Logitech\Vid HD\Vid.exe[2740] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [039539D0] C:\Windows\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

---- EOF - GMER 1.0.15 ----[/QUOTE]
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:13:51 on 17.06.2011

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - Systemprüfung ausführen - Thomas Schmidt.job" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
-----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )-----
"{Default}" - ? - "%1" %*  (Hidden registry entry, rootkit activity | System default value)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"QuickTime.cpl" - "Apple Computer, Inc." - C:\Windows\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis Try&Decide and Restore Points filter (build 273)" (tdrpman273) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm273.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"catchme" (catchme) - ? - C:\Users\THOMAS~1\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\Windows\gdrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110616.005\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110616.005\NAVEX15.SYS
"NetworkX" (NetworkX) - ? - C:\Windows\System32\ckldrv.sys  (File found, but it contains no detailed information)
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\Windows\System32\Drivers\SRTSPX.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110609.001\IDSvix86.sys
"SYMDNS" (SYMDNS) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMDNS.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMFW.SYS
"SYMIDS" (SYMIDS) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMIDS.SYS
"SYMNDISV" (SYMNDISV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMNDISV.SYS
"SYMREDRV" (SYMREDRV) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMREDRV.SYS
"SYMTDI" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\SYMTDI.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} "DeviceVM Url Search Hook" - "DeviceVM Inc." - C:\Windows\System32\dvmurl.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{90222687-F593-4738-B738-FBEE9C7B26DF} "Show Norton Toolbar" - ? - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - ? - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll  (File not found)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} "{1E8A6170-7264-4D0F-BEAE-D42A53123C75}" - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thomas Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
"ccApp" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime
"SAOB Monitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
"TrueImageMonitor.exe" - "Acronis" - "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Nonstop Backup-Dienst" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"COM Host" (comHost) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
"CrypKey License" (CrypKey License) - "CrypKey (Canada) Ltd." - C:\Windows\system32\crypserv.exe
"GEST Service for program management." (GEST Service) - ? - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe  (File found, but it contains no detailed information)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
"Symantec AppCore Service" (SymAppCore) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
"Symantec Core LC" (Symantec Core LC) - ? - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec IS Password Validation" (ISPwdSvc) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\isPwdSvc.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

MBRCheck:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP43-S3L
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 157):
0x8223D000 \SystemRoot\system32\ntkrnlpa.exe
0x8220A000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80697000 \SystemRoot\system32\drivers\acpi.sys
0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EE000 \SystemRoot\system32\drivers\pci.sys
0x80715000 \SystemRoot\System32\drivers\partmgr.sys
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\system32\drivers\pciide.sys
0x80784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A2000 \SystemRoot\system32\drivers\atapi.sys
0x807AA000 \SystemRoot\system32\drivers\ataport.SYS
0x807C8000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC7C000 \SystemRoot\system32\drivers\ndis.sys
0x8AD87000 \SystemRoot\system32\drivers\msrpc.sys
0x8ADB2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE08000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AF0D000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8B009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B119000 \SystemRoot\system32\drivers\volsnap.sys
0x8B20B000 \SystemRoot\system32\DRIVERS\tdrpm273.sys
0x8B2C1000 \SystemRoot\System32\Drivers\spldr.sys
0x8B2C9000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8B2F1000 \SystemRoot\System32\Drivers\mup.sys
0x8B300000 \SystemRoot\System32\drivers\ecache.sys
0x8B327000 \SystemRoot\system32\drivers\disk.sys
0x8B338000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B359000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B382000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B38D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B396000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B3A5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F005000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F625000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F6C5000 \SystemRoot\System32\drivers\watchdog.sys
0x8F6D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F75E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F769000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F7A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F7B6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F7D7000 \SystemRoot\system32\DRIVERS\parport.sys
0x8B3DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B152000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B181000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F7EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B1C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AFAE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AFC2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AFD7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AFE7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFF2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F7FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B3F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FA07000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FA3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FA4D000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x8FA69000 \SystemRoot\system32\drivers\portcls.sys
0x8FA96000 \SystemRoot\system32\drivers\drmk.sys
0x8FE01000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9000D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90016000 \SystemRoot\System32\Drivers\Null.SYS
0x9001D000 \SystemRoot\System32\Drivers\Beep.SYS
0x9002D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90034000 \SystemRoot\System32\drivers\vga.sys
0x90040000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90061000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90069000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90071000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9007C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9008A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90093000 \SystemRoot\system32\DRIVERS\tdx.sys
0x900A9000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x900D6000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x900FB000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x90100000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x90102000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x9010D000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x9012F000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0x90138000 \SystemRoot\system32\DRIVERS\smb.sys
0x9014C000 \SystemRoot\system32\drivers\afd.sys
0x90194000 \SystemRoot\System32\DRIVERS\netbt.sys
0x901C6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x901DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x901EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FABB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8FAC5000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x8FB2E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FB6A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FB74000 \SystemRoot\System32\ckldrv.sys
0x8FB7E000 \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110609.001\IDSvix86.sys
0x9080B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x90869000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x90887000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90890000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x908A0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x908A2000 \SystemRoot\System32\Drivers\dfsc.sys
0x908B9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x908D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90A0F000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x90E2D000 \SystemRoot\system32\drivers\usbaudio.sys
0x90E3F000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x90E83000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90E8C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90E99000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90EA4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98C20000 \SystemRoot\System32\win32k.sys
0x90EAC000 \SystemRoot\System32\drivers\Dxapi.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98E40000 \SystemRoot\System32\TSDDD.dll
0x98E60000 \SystemRoot\System32\cdd.dll
0x90EC5000 \SystemRoot\system32\drivers\luafv.sys
0x90EE0000 \SystemRoot\system32\drivers\spsys.sys
0x90F90000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90FA0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x908D8000 \SystemRoot\system32\drivers\HTTP.sys
0x90FB3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90FD0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90FE9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90945000 \SystemRoot\system32\drivers\mrxdav.sys
0x90966000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x90985000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x909BE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x909D6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81A0F000 \SystemRoot\System32\DRIVERS\srv.sys
0x81A5E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x81A67000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x81A6E000 \SystemRoot\system32\drivers\peauth.sys
0x81B4C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x81B56000 \SystemRoot\System32\drivers\tcpipreg.sys
0x81B62000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x81B8A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA1C02000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110616.005\NAVEX15.SYS
0xA1D79000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110616.005\NAVENG.SYS
0xA1D8D000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xA1D92000 \??\C:\Windows\gdrv.sys
0xA1D95000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x98E70000 \SystemRoot\System32\ATMFD.DLL
0xA1DAB000 \??\C:\Windows\system32\drivers\mbam.sys
0x77540000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
600 C:\Windows\System32\smss.exe
716 csrss.exe
780 C:\Windows\System32\wininit.exe
788 csrss.exe
824 C:\Windows\System32\services.exe
848 C:\Windows\System32\lsass.exe
856 C:\Windows\System32\lsm.exe
1004 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\winlogon.exe
1100 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\atiesrxx.exe
1220 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\SLsvc.exe
1492 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\atieclxx.exe
1672 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1912 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
200 C:\Windows\System32\spoolsv.exe
428 C:\Windows\System32\svchost.exe
1544 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2076 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
2088 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2156 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2176 C:\Windows\System32\Crypserv.exe
2208 C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
2236 C:\Windows\System32\taskeng.exe
2268 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2428 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2652 C:\Windows\System32\SearchIndexer.exe
2716 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3488 C:\Windows\System32\taskeng.exe
3640 C:\Windows\System32\dwm.exe
3704 C:\Windows\explorer.exe
3924 C:\Windows\RtHDVCpl.exe
3936 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4048 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4060 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
472 C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
1928 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2416 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
1000 C:\Program Files\QuickTime\qttask.exe
2484 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
896 C:\Program Files\Real\RealPlayer\Update\realsched.exe
2696 C:\Program Files\FreePDF_XP\fpassist.exe
2692 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2916 C:\Program Files\Logitech\Vid HD\Vid.exe
3036 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1060 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
4084 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
1556 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4124 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4208 C:\Program Files\Mozilla Firefox\firefox.exe
4732 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4844 C:\Windows\System32\svchost.exe
5516 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
6016 C:\Program Files\Mozilla Firefox\plugin-container.exe
2464 C:\Windows\System32\wuauclt.exe
4588 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
4660 <unknown>
3852 <unknown>
6052 C:\Users\Thomas Schmidt\Desktop\MBRCheck.exe
5760 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Aber nochmal die Frage: Sieht es momentan danach aus als ob wir auf dem Weg der Besserung wären, oder ist die Wahrscheinlichkeit hoch das System hinterher doch Neuaufsetzen zu müssen? Nicht dass ich für die Anweisungen nicht sehr dankbar wäre, aber ich möchte eben auch nicht dass dann alles umsonst war .

Alt 17.06.2011, 10:44   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.06.2011, 22:50   #14
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Hallo,

hier erst mal der Malwarebytes Log.

Zitat:
alwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6880

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

17.06.2011 23:46:08
mbam-log-2011-06-17 (23-46-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 522183
Laufzeit: 2 Stunde(n), 36 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 18.06.2011, 19:52   #15
thomsch3
 
Verdacht auf Malware - Standard

Verdacht auf Malware



Und hier noch der Log von SUPERAntiSpyware

Zitat:
UPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/18/2011 at 08:27 PM

Application Version : 4.54.1000

Core Rules Database Version : 7286
Trace Rules Database Version: 5098

Scan type : Complete Scan
Total Scan Time : 03:29:50

Memory items scanned : 866
Memory threats detected : 0
Registry items scanned : 7697
Registry threats detected : 0
File items scanned : 332334
File threats detected : 72

Adware.Tracking Cookie
C:\Users\Thomas Schmidt\AppData\Roaming\Microsoft\Windows\Cookies\thomas_schmidt@atdmt[3].txt
imagesrv.adition.com [ C:\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LLQM9YQF ]
serving-sys.com [ C:\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LLQM9YQF ]
www.click-six.com [ C:\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LLQM9YQF ]
imagesrv.adition.com [ C:\Users\Tristan Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Y2USSTM3 ]
a.banner.t-online.de [ C:\Windows.old\Users\Johannes Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4TLNBDZC ]
cdn2.themis-media.com [ C:\Windows.old\Users\Johannes Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4TLNBDZC ]
cdn4.specificclick.net [ C:\Windows.old\Users\Johannes Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4TLNBDZC ]
files.youporn.com [ C:\Windows.old\Users\Johannes Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4TLNBDZC ]
imagesrv.adition.com [ C:\Windows.old\Users\Johannes Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4TLNBDZC ]
cdn1.eyewonder.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
cdn5.specificclick.net [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
ds.serving-sys.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
media.scanscout.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
msntest.serving-sys.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
s0.2mdn.net [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
secure-us.imrworldwide.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
serving-sys.com [ C:\Windows.old\Users\Silvia Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4FDUC6F7 ]
bc.youporn.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
broadcast.piximedia.fr [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cdn.insights.gravity.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cdn1.eyewonder.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cdn2.invitemedia.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cdn4.specificclick.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cdn5.specificclick.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
cloud.video.unrulymedia.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
content.yieldmanager.edgesuite.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
convoad.technoratimedia.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
ds.serving-sys.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
googleads.g.doubleclick.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
hottraffic.nl [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
ia.media-imdb.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
interclick.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
kinksterbdsm.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
m1.2mdn.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media.jambocast.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media.mtvnservices.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media.pornphase.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media.scanscout.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media.socialvibe.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
media1.break.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
msnbcmedia.msn.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
msntest.serving-sys.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
naiadsystems.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
nakedcumshots.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
piximedia.fr [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
pornme.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
pornoprinzen.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
s0.2mdn.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
secure-us.imrworldwide.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
serving-sys.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
static.sexsearchcom.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
udn.specificclick.net [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
vidii.hardsextube.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.ardmediathek.de [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.freeporn.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.fucktube.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.mofosex.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.momisnaked.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.nakedcumshots.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.nl-porn.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.pornhub.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.sexbot.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.sexkiste.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.sexmovs4u.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.sexymusclegirls.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.shareadult.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.soundclick.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
www.sunporno.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
wwwstatic.megaporn.com [ C:\Windows.old\Users\Thomas Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TQB6WGDM ]
imagesrv.adition.com [ C:\Windows.old\Users\Tristan Schmidt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S26G9D74 ]

Trojan.Dropper/Storm
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\FSVK.EXE.EXE

Antwort

Themen zu Verdacht auf Malware
auswirkungen, check, compu, fenster, folge, inter, interne, malwar, malware, malware.packer.gen, plötzlich, process, risiken, rogue.securitysuite, rootkit.dropper, spyware.passwords.xgen, start, system, task manager, trojan.downloader, trojan.patchload



Ähnliche Themen: Verdacht auf Malware


  1. PC langsam-Verdacht auf Malware
    Log-Analyse und Auswertung - 16.01.2015 (15)
  2. Mac Verdacht auf Malware: SamsungAiOBonjourAgent.app
    Alles rund um Mac OSX & Linux - 16.11.2014 (8)
  3. Verdacht auf malware oder addware!
    Log-Analyse und Auswertung - 03.07.2014 (8)
  4. Vista: Verdacht auf Malware?
    Log-Analyse und Auswertung - 12.02.2014 (11)
  5. Verdacht auf Malware
    Log-Analyse und Auswertung - 08.01.2014 (140)
  6. Unerwartet hohe Speicherauslastung (Verdacht auf Malware)
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (27)
  7. Verdacht auf spyware oder malware
    Log-Analyse und Auswertung - 12.08.2013 (3)
  8. Verdacht auf Malware
    Log-Analyse und Auswertung - 08.08.2011 (1)
  9. Verdacht auf Adobe Reader X Malware
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (10)
  10. Starker Verdacht auf Malware
    Plagegeister aller Art und deren Bekämpfung - 06.02.2010 (8)
  11. Verdacht auf Malware von Bot-Site
    Log-Analyse und Auswertung - 28.11.2009 (5)
  12. Verdacht auf Malware etc. !
    Log-Analyse und Auswertung - 11.09.2009 (1)
  13. Malware-Verdacht !
    Log-Analyse und Auswertung - 18.06.2009 (2)
  14. Malware/Trojaner Verdacht!
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (5)
  15. Verdacht auf Trojaner oder Malware
    Plagegeister aller Art und deren Bekämpfung - 04.08.2008 (0)
  16. spy/malware verdacht. evt. mehr
    Plagegeister aller Art und deren Bekämpfung - 17.07.2008 (3)
  17. Logfile... verdacht auf Malware
    Log-Analyse und Auswertung - 28.11.2006 (5)

Zum Thema Verdacht auf Malware - Hallo, ich habe während des surfens im Internet plötzlich ein Fenster mit folgendem Inhalt bekommen: Warning! Your computer is at risk of malware attacks. We recommend you to check your - Verdacht auf Malware...
Archiv
Du betrachtest: Verdacht auf Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.