Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BOO/Alureon.C Fund durch Avira Anti Vir standard edition

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.07.2011, 11:34   #1
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hallo!

Ich habe heute direkt nach dem hochfahren meines Rechners folgende Fundmeldung von Anti Vir erhalten.

Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/Alureon.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Meldung ist daraufhin noch 3 mal also insgesamt 4 mal erschienen. Ich habe jeweils immer auf "entfernen" gedrückt.

Daraufhin habe ich mich informiert und folgende Scans durchgeführt:

1. OTL Scan
Zitat:
OTL Extras logfile created on: 13.07.2011 10:53:46 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\MEDION\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,10% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,00 Gb Total Space | 102,77 Gb Free Space | 55,25% Space Free | Partition Type: NTFS
Drive D: | 33,18 Gb Total Space | 20,95 Gb Free Space | 63,14% Space Free | Partition Type: FAT32

Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{637F58CA-E904-4880-8F23-5AB0807A9F77}" = protocol=17 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe |
"{889D0E7F-CF3F-4B1E-AC82-4CBD653EB633}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7090009-DEE1-4B51-9775-2A3D469FCC29}" = protocol=6 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe |
"{D84AF276-8636-4D49-9C99-9B2B694AC00D}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"TCP Query User{3B3E2E04-ABF7-4294-BFF1-776D924606BA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9EB704C7-72A3-43E1-B08B-0E1364603F88}C:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F0EA7D5C-A501-48D1-8FD4-C1E07B4C71DA}C:\program files\netbeans 6.9.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 6.9.1\bin\netbeans.exe |
"UDP Query User{029415F8-8D54-460F-AED1-497EC3C27938}C:\program files\netbeans 6.9.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 6.9.1\bin\netbeans.exe |
"UDP Query User{3ACE1855-356E-4686-90C3-58D75C333668}C:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8FA47A24-FFAC-443C-900C-F003161E39A4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{059FC833-447B-45E8-BA27-0189C4DC2D88}" = Cisco AnyConnect VPN Client
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB9033E-0564-4D12-81BB-70EA3DF14C0C}" = IIS 7.5 Express
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{13CEE5F4-1E7D-44F8-B77E-6B805680863F}" = Microsoft SQL Server 2008 R2 Native Client
"{167F6479-E5CD-411A-9E44-4296E51F64E5}" = Microsoft SQL Server VSS Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4133D8A2-2148-4B50-BBF9-0465B1AAACB0}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools - DEU
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4366F05B-950A-4698-863C-93B8C7671031}" = Nero 7 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58951FC6-706B-44BB-9670-49C5A4E8CB26}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools
"{5aa47dba-b584-4d47-a626-76e53f010300}" = JavaFX(TM) 1.3 SDK
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = SQL Server 2008 R2 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.2.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}" = Microsoft Visual Web Developer 2010 Express - DEU
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C627DDC-E0D3-4804-91A3-3EAB668B2F33}" = Microsoft SQL Server 2008 R2-Setup (Deutsch)
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92906ADC-9482-4DDB-870D-0F1F535EAD91}" = SQL Server 2008 R2 Common Files
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B429F838-F9DF-4D16-BEB9-0DF65707B058}" = Microsoft ADO.NET Entity Framework Feature CTP 5
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BE8DCA37-A15A-4C0B-B601-D18AC34C944D}" = NuGet
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB74BF-01F2-40F8-8459-B4467821B5A0}" = Sandcastle Help File Builder
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D1DC6950-AB46-4EA0-B9B6-6778E9A7F6AE}" = Visual Studio 2010 SP1 Tools für SQL Server Compact 4.0 DEU
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D69F93C9-549E-4228-B55E-059D7FB055C1}" = MySQL Server 5.1
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA20D1D5-34A7-4CC6-A7B7-74C69864A357}" = Sandcastle
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DB321C62-AD24-449E-859A-53A5F6C0270F}" = Microsoft Web Deploy 2.0
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E5599ADE-1740-483F-817E-3C3E09C95636}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools - DEU
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{E9380A3D-7A10-4988-B2A1-22A41C137D9F}" = SQL Server 2008 R2 Database Engine Shared
"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7
"{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}" = Microsoft SQL Server Compact 4.0 DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D7BBAA-7412-4388-B510-11E145D2C48B}" = Microsoft Web Platform Installer 3.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA2F9282-383C-3DAC-A2B7-DE19E6A528E9}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"FileZilla Client" = FileZilla Client 3.2.7.1
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"IsoBuster_is1" = IsoBuster 2.8
"LinuxLive USB Creator" = LinuxLive USB Creator
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Microsoft Visual Web Developer 2010 Express - DEU" = Microsoft Visual Web Developer 2010 Express - DEU
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.AccessR" = Microsoft Access 2010
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"SimCity 3000" = SimCity 3000
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR
"Wubi" = Ubuntu
"xampp" = XAMPP 1.7.4
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.06.2011 18:51:35 | Computer Name = MEDION-PC | Source = EventSystem | ID = 4621
Description =

Error - 25.06.2011 04:34:07 | Computer Name = MEDION-PC | Source = VSTO 4.0 | ID = 135168
Description =

Error - 25.06.2011 16:35:14 | Computer Name = MEDION-PC | Source = EventSystem | ID = 4622
Description =

Error - 26.06.2011 05:39:21 | Computer Name = MEDION-PC | Source = VSTO 4.0 | ID = 135168
Description =

Error - 26.06.2011 06:20:13 | Computer Name = MEDION-PC | Source = VSTO 4.0 | ID = 135168
Description =

Error - 26.06.2011 07:19:13 | Computer Name = MEDION-PC | Source = VSTO 4.0 | ID = 135168
Description =

Error - 26.06.2011 07:35:26 | Computer Name = MEDION-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26.06.2011 07:48:16 | Computer Name = MEDION-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26.06.2011 07:54:29 | Computer Name = MEDION-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26.06.2011 07:54:29 | Computer Name = MEDION-PC | Source = Windows Search Service | ID = 3013
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr:eterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread:rocessNotice File: .\MainThread.cpp Line: 5353
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
Function: CMainThread:rocessNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 08.07.2011 12:19:49 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 11.07.2011 00:25:41 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 13.07.2011 03:01:51 | Computer Name = MEDION-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 11.07.2011 15:39:47 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 12.07.2011 02:26:40 | Computer Name = MEDION-PC | Source = W3SVC | ID = 1004
Description =

Error - 12.07.2011 02:26:40 | Computer Name = MEDION-PC | Source = HTTP | ID = 15005
Description =

Error - 12.07.2011 02:27:10 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2011 02:27:10 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 13.07.2011 03:01:48 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 13.07.2011 03:25:55 | Computer Name = MEDION-PC | Source = W3SVC | ID = 1004
Description =

Error - 13.07.2011 03:25:55 | Computer Name = MEDION-PC | Source = HTTP | ID = 15005
Description =

Error - 13.07.2011 03:26:21 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13.07.2011 03:26:21 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
2. Anti Malware Bytes Quick Scan
Der Suchlauf wurde erfolgreich abgeschlossen. Es wurden keine infizierten Objekte gefunden.

3. bootkit remover
Siehe Screenshot im Anhang

4. Hijackthis logfile
Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:33, on 13.07.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\MEDION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MEDION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\MEDION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MEDION\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\MEDION\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEDION\AppData\Roaming\Gutscheinmieze\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7736 bytes
Ist mein System befallen, oder nicht? Über eine Antwort würde ich mich sehr freuen.

VG,
Peter
Miniaturansicht angehängter Grafiken
BOO/Alureon.C Fund durch Avira Anti Vir standard edition-bootkit_remover_2011_07_13.jpg  

Alt 13.07.2011, 12:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 13.07.2011, 14:07   #3
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Vielen Dan für die Antowrt! Hier der vollständige Scan... Leider habe ich keine älteren Logfiles, da ich die Software erst heute installiert habe!

Zitat:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7111

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.07.2011 13:50:01
mbam-log-2011-07-13 (13-50-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Durchsuchte Objekte: 378846
Laufzeit: 1 Stunde(n), 31 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 13.07.2011, 14:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Wo ist das andere Log von OTL? Du hast nur die extras.txt gepostet!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 14:37   #5
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hier die zugehörige OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.07.2011 10:53:46 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\MEDION\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,10% Memory free
6,19 Gb Paging File | 4,61 Gb Available in Paging File | 74,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,00 Gb Total Space | 102,77 Gb Free Space | 55,25% Space Free | Partition Type: NTFS
Drive D: | 33,18 Gb Total Space | 20,95 Gb Free Space | 63,14% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MEDION\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\MEDION\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VSPerfDrv100) -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RsFx0150) -- C:\Windows\System32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MEDION\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MEDION\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.21 10:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.23 11:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.22 01:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions
[2011.01.22 01:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.12 11:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\aplfm217.default\extensions
[2011.07.12 11:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\aplfm217.default\extensions\staged
[2011.07.06 08:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.11 11:42:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.06 08:07:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.07.11 11:42:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.06 08:07:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MEDION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APLFM217.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\MEDION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\APLFM217.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011.03.18 02:16:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.21 10:20:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.18 10:27:15 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEDION\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\MEDION\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\Shell - "" = AutoRun
O33 - MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.11 12:03:39 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\vlc
[2011.07.11 12:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.07.11 12:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011.07.11 11:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.10 10:32:31 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2011.07.09 10:56:45 | 000,016,384 | ---- | C] (Institut für Regelungstechnik (IRT), RWTH Aachen) -- C:\Users\MEDION\Desktop\MatlabInstallation.dll
[2011.07.09 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\netlabcmds
[2011.07.09 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\net
[2011.07.09 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\bin
[2011.07.09 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Netlab
[2011.07.08 15:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2011.07.08 15:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2011.07.08 15:57:22 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011.07.08 15:55:50 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\Sim City 3000
[2011.07.07 14:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011.07.06 08:06:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.07.06 08:06:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.07.06 08:06:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.07.04 21:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.07.02 15:42:56 | 000,360,448 | ---- | C] (LaMa-Creation) -- C:\Users\MEDION\Desktop\Portscanner.exe
[2011.06.23 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.06.23 16:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.06.20 19:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.06.20 18:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.06.20 18:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.06.19 19:27:33 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Documents\Marinas USB Stick Inhalt
[2011.06.19 17:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.06.19 17:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.06.16 22:50:24 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.16 22:50:23 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.16 22:50:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 22:50:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.16 22:50:23 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.16 22:50:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2007.11.26 12:26:00 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.11.26 12:25:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 10:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000UA.job
[2011.07.13 09:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 09:44:18 | 000,108,054 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\nvModes.001
[2011.07.13 09:25:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:25:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:24:35 | 3217,518,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.12 18:37:16 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000Core.job
[2011.07.11 12:03:00 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.07.11 11:42:14 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.10 16:45:33 | 000,790,394 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.10 16:45:33 | 000,741,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.10 16:45:33 | 000,186,068 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.10 16:45:33 | 000,157,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.10 10:32:31 | 000,000,562 | ---- | M] () -- C:\Users\MEDION\Desktop\XAMPP Control Panel.lnk
[2011.07.10 10:24:22 | 000,108,054 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\nvModes.dat
[2011.07.08 15:58:36 | 000,000,281 | ---- | M] () -- C:\Windows\EReg072.dat
[2011.07.08 15:11:18 | 000,003,584 | ---- | M] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 14:20:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.07.04 21:21:36 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.03 12:33:48 | 001,196,032 | ---- | M] () -- C:\Users\MEDION\Documents\Database7.accdb
[2011.07.01 14:55:15 | 001,146,880 | ---- | M] () -- C:\Users\MEDION\Documents\Database6.accdb
[2011.07.01 14:34:40 | 000,344,064 | ---- | M] () -- C:\Users\MEDION\Documents\Database5.accdb
[2011.07.01 14:03:30 | 000,344,064 | ---- | M] () -- C:\Users\MEDION\Documents\Database4.accdb
[2011.07.01 11:36:10 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.01 11:36:10 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.01 09:43:01 | 000,005,344 | ---- | M] () -- C:\Users\MEDION\Documents\ShareIt_Entwicklerdoku_HTMLCodeComments.shfbproj_MEDION
[2011.06.30 20:58:53 | 000,323,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.28 20:04:55 | 000,002,051 | ---- | M] () -- C:\Users\MEDION\Desktop\Google Chrome.lnk
[2011.06.20 19:07:51 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.19 17:58:02 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.06.18 11:58:58 | 000,000,548 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.06.18 10:50:58 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
 
========== Files Created - No Company Name ==========
 
[2011.07.11 12:03:00 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.07.11 11:42:14 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.10 10:32:31 | 000,000,562 | ---- | C] () -- C:\Users\MEDION\Desktop\XAMPP Control Panel.lnk
[2011.07.09 10:56:45 | 000,085,536 | ---- | C] () -- C:\Users\MEDION\Desktop\netlab_toolbox.mat
[2011.07.09 10:56:45 | 000,001,965 | ---- | C] () -- C:\Users\MEDION\Desktop\delete_netlab.m
[2011.07.09 10:56:45 | 000,001,404 | ---- | C] () -- C:\Users\MEDION\Desktop\create_netlab.m
[2011.07.08 15:58:36 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011.07.04 21:21:36 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.03 12:27:09 | 001,196,032 | ---- | C] () -- C:\Users\MEDION\Documents\Database7.accdb
[2011.07.01 14:46:32 | 001,146,880 | ---- | C] () -- C:\Users\MEDION\Documents\Database6.accdb
[2011.07.01 14:34:35 | 000,344,064 | ---- | C] () -- C:\Users\MEDION\Documents\Database5.accdb
[2011.07.01 14:03:03 | 000,344,064 | ---- | C] () -- C:\Users\MEDION\Documents\Database4.accdb
[2011.06.20 19:07:51 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.19 17:58:02 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.06.19 17:58:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.06.18 10:50:47 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011.06.01 17:45:04 | 531,045,840 | ---- | C] () -- C:\Program Files\WRAPPED.UHA
[2011.06.01 17:45:04 | 000,099,444 | ---- | C] () -- C:\Program Files\UHARC.EXE
[2011.06.01 17:45:04 | 000,005,152 | ---- | C] () -- C:\Program Files\uharcu.exe
[2011.06.01 17:45:04 | 000,004,364 | ---- | C] () -- C:\Program Files\D2
[2011.06.01 17:45:04 | 000,000,013 | ---- | C] () -- C:\Program Files\pack.bat
[2011.03.16 17:59:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.16 17:58:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.16 17:58:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.13 18:43:54 | 000,003,584 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.13 18:43:53 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.12 14:22:49 | 000,007,592 | ---- | C] () -- C:\Users\MEDION\AppData\Local\d3d9caps.dat
[2011.01.22 21:40:40 | 000,108,054 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\nvModes.001
[2011.01.22 21:40:35 | 000,108,054 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\nvModes.dat
[2011.01.22 12:17:11 | 000,000,548 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.01.21 21:17:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.11.26 12:27:25 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.11.26 12:25:59 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.11.26 12:25:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.11.26 12:25:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007.11.26 12:25:59 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007.11.26 12:14:00 | 000,000,132 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007.11.22 11:18:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 17:33:31 | 000,790,394 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,186,068 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,323,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,741,696 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,157,192 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         
--- --- ---


Alt 13.07.2011, 14:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\Shell - "" = AutoRun
O33 - MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O33 - MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\Shell\AutoRun\command - "" = G:\autorun.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> BOO/Alureon.C Fund durch Avira Anti Vir standard edition

Alt 13.07.2011, 15:30   #7
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hallo! Ich habe die Anweisungen hoffentlich genau befolgt und hier der erzeugte Log:

VG,
Peter

Zitat:
========== OTL ==========
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\MEDION\AppData\Roaming\Mozilla\FireFox\Profiles\aplfm217.default\user.js moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cd5bd88-23d3-11e0-9cd0-001cbf9bc213}\ not found.
File G:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d69daaa-5782-11e0-a4af-0016d388c64c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d69daaa-5782-11e0-a4af-0016d388c64c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d69daaa-5782-11e0-a4af-0016d388c64c}\ not found.
File G:\autorun.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07132011_152914

Alt 13.07.2011, 16:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 17:15   #9
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hallo! Danke für deine Mühe! Ich habe bisher keine versteckten Dateien bemerkt. Ich werde das unhide.exe Programm trotzdem nutzen. Hier der TDSSKiller Bericht:

VG,
Peter

Zitat:
2011/07/13 17:11:44.0286 1588 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 17:11:44.0511 1588 ================================================================================
2011/07/13 17:11:44.0511 1588 SystemInfo:
2011/07/13 17:11:44.0511 1588
2011/07/13 17:11:44.0511 1588 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/13 17:11:44.0511 1588 Product type: Workstation
2011/07/13 17:11:44.0511 1588 ComputerName: MEDION-PC
2011/07/13 17:11:44.0511 1588 UserName: MEDION
2011/07/13 17:11:44.0511 1588 Windows directory: C:\Windows
2011/07/13 17:11:44.0511 1588 System windows directory: C:\Windows
2011/07/13 17:11:44.0511 1588 Processor architecture: Intel x86
2011/07/13 17:11:44.0511 1588 Number of processors: 2
2011/07/13 17:11:44.0511 1588 Page size: 0x1000
2011/07/13 17:11:44.0511 1588 Boot type: Normal boot
2011/07/13 17:11:44.0511 1588 ================================================================================
2011/07/13 17:11:45.0078 1588 Initialize success
2011/07/13 17:12:46.0186 2704 ================================================================================
2011/07/13 17:12:46.0186 2704 Scan started
2011/07/13 17:12:46.0186 2704 Mode: Manual;
2011/07/13 17:12:46.0186 2704 ================================================================================
2011/07/13 17:12:46.0623 2704 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/13 17:12:46.0717 2704 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/13 17:12:46.0795 2704 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/13 17:12:46.0826 2704 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/13 17:12:46.0888 2704 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/13 17:12:47.0013 2704 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/13 17:12:47.0091 2704 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/07/13 17:12:47.0185 2704 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/13 17:12:47.0247 2704 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/13 17:12:47.0310 2704 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
2011/07/13 17:12:47.0372 2704 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/13 17:12:47.0403 2704 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
2011/07/13 17:12:47.0450 2704 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/13 17:12:47.0481 2704 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/13 17:12:47.0668 2704 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/13 17:12:47.0731 2704 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/13 17:12:47.0824 2704 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 17:12:47.0871 2704 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/13 17:12:47.0918 2704 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/13 17:12:47.0949 2704 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/13 17:12:47.0996 2704 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/13 17:12:48.0121 2704 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 17:12:48.0168 2704 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/13 17:12:48.0199 2704 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/13 17:12:48.0246 2704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/13 17:12:48.0277 2704 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/13 17:12:48.0308 2704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/13 17:12:48.0339 2704 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/13 17:12:48.0355 2704 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/13 17:12:48.0417 2704 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 17:12:48.0464 2704 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/13 17:12:48.0495 2704 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/13 17:12:48.0542 2704 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/13 17:12:48.0604 2704 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 17:12:48.0636 2704 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
2011/07/13 17:12:48.0682 2704 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 17:12:48.0807 2704 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/13 17:12:48.0854 2704 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/13 17:12:48.0963 2704 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 17:12:49.0010 2704 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/13 17:12:49.0119 2704 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 17:12:49.0182 2704 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 17:12:49.0244 2704 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/13 17:12:49.0353 2704 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/13 17:12:49.0447 2704 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/13 17:12:49.0556 2704 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/13 17:12:49.0618 2704 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 17:12:49.0665 2704 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 17:12:49.0712 2704 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 17:12:49.0743 2704 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 17:12:49.0790 2704 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 17:12:49.0821 2704 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 17:12:49.0884 2704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 17:12:49.0915 2704 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/13 17:12:49.0993 2704 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 17:12:50.0055 2704 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/13 17:12:50.0102 2704 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/13 17:12:50.0133 2704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/13 17:12:50.0180 2704 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/13 17:12:50.0274 2704 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/07/13 17:12:50.0305 2704 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/13 17:12:50.0367 2704 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 17:12:50.0398 2704 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/13 17:12:50.0461 2704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 17:12:50.0523 2704 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/13 17:12:50.0601 2704 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/13 17:12:50.0648 2704 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/13 17:12:50.0757 2704 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/13 17:12:50.0866 2704 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/13 17:12:50.0913 2704 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 17:12:50.0960 2704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 17:12:51.0038 2704 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/13 17:12:51.0100 2704 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/13 17:12:51.0132 2704 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/13 17:12:51.0163 2704 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/13 17:12:51.0210 2704 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/13 17:12:51.0272 2704 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/13 17:12:51.0319 2704 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/13 17:12:51.0381 2704 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/13 17:12:51.0428 2704 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/13 17:12:51.0475 2704 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 17:12:51.0568 2704 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 17:12:51.0631 2704 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/13 17:12:51.0662 2704 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/13 17:12:51.0693 2704 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/13 17:12:51.0756 2704 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/13 17:12:51.0818 2704 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/13 17:12:51.0880 2704 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/13 17:12:51.0958 2704 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/13 17:12:51.0990 2704 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 17:12:52.0036 2704 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 17:12:52.0099 2704 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 17:12:52.0146 2704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 17:12:52.0192 2704 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/13 17:12:52.0224 2704 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 17:12:52.0333 2704 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/13 17:12:52.0364 2704 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 17:12:52.0426 2704 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 17:12:52.0458 2704 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 17:12:52.0489 2704 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 17:12:52.0551 2704 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
2011/07/13 17:12:52.0614 2704 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/13 17:12:52.0660 2704 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 17:12:52.0707 2704 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/13 17:12:52.0754 2704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 17:12:52.0801 2704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 17:12:52.0832 2704 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 17:12:52.0879 2704 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 17:12:52.0926 2704 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/13 17:12:52.0972 2704 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 17:12:53.0019 2704 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/13 17:12:53.0082 2704 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 17:12:53.0144 2704 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/13 17:12:53.0238 2704 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 17:12:53.0300 2704 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 17:12:53.0331 2704 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 17:12:53.0362 2704 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 17:12:53.0394 2704 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 17:12:53.0425 2704 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 17:12:53.0565 2704 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/07/13 17:12:53.0674 2704 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/13 17:12:53.0768 2704 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/13 17:12:53.0846 2704 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/07/13 17:12:53.0908 2704 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/07/13 17:12:53.0955 2704 nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\Windows\system32\drivers\nmwcdnsu.sys
2011/07/13 17:12:54.0049 2704 nmwcdnsuc (7804e9747bc27eddc6a8382bbf35cf25) C:\Windows\system32\drivers\nmwcdnsuc.sys
2011/07/13 17:12:54.0096 2704 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 17:12:54.0142 2704 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 17:12:54.0205 2704 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 17:12:54.0267 2704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/13 17:12:54.0298 2704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/13 17:12:54.0548 2704 nvlddmkm (3f6d9decad6e6ef48b7fb0bb560b76bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/13 17:12:54.0610 2704 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 17:12:54.0642 2704 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 17:12:54.0688 2704 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/13 17:12:54.0798 2704 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/13 17:12:54.0860 2704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/13 17:12:54.0907 2704 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 17:12:54.0938 2704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/13 17:12:55.0000 2704 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/07/13 17:12:55.0047 2704 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/13 17:12:55.0094 2704 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
2011/07/13 17:12:55.0125 2704 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/13 17:12:55.0188 2704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/13 17:12:55.0328 2704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 17:12:55.0375 2704 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/13 17:12:55.0422 2704 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 17:12:55.0484 2704 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/13 17:12:55.0531 2704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/13 17:12:55.0593 2704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 17:12:55.0624 2704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 17:12:55.0671 2704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 17:12:55.0718 2704 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 17:12:55.0749 2704 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 17:12:55.0796 2704 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 17:12:55.0827 2704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 17:12:55.0890 2704 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/13 17:12:55.0921 2704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 17:12:55.0968 2704 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 17:12:56.0077 2704 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/07/13 17:12:56.0170 2704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 17:12:56.0217 2704 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/13 17:12:56.0248 2704 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/07/13 17:12:56.0311 2704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/13 17:12:56.0358 2704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 17:12:56.0404 2704 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/13 17:12:56.0436 2704 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/13 17:12:56.0482 2704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/13 17:12:56.0560 2704 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/07/13 17:12:56.0592 2704 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/13 17:12:56.0638 2704 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/13 17:12:56.0654 2704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/13 17:12:56.0716 2704 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/13 17:12:56.0763 2704 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/13 17:12:56.0810 2704 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/13 17:12:56.0841 2704 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/13 17:12:56.0904 2704 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
2011/07/13 17:12:56.0935 2704 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/07/13 17:12:56.0982 2704 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/07/13 17:12:57.0013 2704 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/13 17:12:57.0060 2704 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/13 17:12:57.0091 2704 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/13 17:12:57.0169 2704 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 17:12:57.0278 2704 SNP2UVC (279c771ed7d5d6132d7fe08efc781fa4) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/13 17:12:57.0372 2704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/13 17:12:57.0450 2704 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 17:12:57.0512 2704 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 17:12:57.0574 2704 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 17:12:57.0637 2704 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/13 17:12:57.0699 2704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/13 17:12:57.0746 2704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/13 17:12:57.0777 2704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/13 17:12:57.0808 2704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/13 17:12:57.0871 2704 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/13 17:12:57.0949 2704 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 17:12:58.0011 2704 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 17:12:58.0058 2704 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 17:12:58.0105 2704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 17:12:58.0136 2704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 17:12:58.0183 2704 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 17:12:58.0230 2704 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/13 17:12:58.0323 2704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 17:12:58.0370 2704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/13 17:12:58.0417 2704 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 17:12:58.0464 2704 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/13 17:12:58.0526 2704 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 17:12:58.0573 2704 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/13 17:12:58.0604 2704 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/13 17:12:58.0635 2704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/13 17:12:58.0682 2704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/13 17:12:58.0729 2704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/13 17:12:58.0791 2704 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/07/13 17:12:58.0854 2704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/13 17:12:58.0900 2704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/13 17:12:58.0963 2704 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/13 17:12:59.0010 2704 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 17:12:59.0041 2704 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/13 17:12:59.0072 2704 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/13 17:12:59.0119 2704 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/07/13 17:12:59.0197 2704 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/07/13 17:12:59.0228 2704 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/13 17:12:59.0259 2704 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/13 17:12:59.0322 2704 usbvideo (8cffeb4af074fd3e24bad6381cc33361) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/13 17:12:59.0431 2704 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 17:12:59.0493 2704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/13 17:12:59.0524 2704 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/13 17:12:59.0556 2704 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/13 17:12:59.0602 2704 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
2011/07/13 17:12:59.0649 2704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/13 17:12:59.0712 2704 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 17:12:59.0758 2704 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/13 17:12:59.0805 2704 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
2011/07/13 17:12:59.0868 2704 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/13 17:13:00.0024 2704 VSPerfDrv100 (143c873a90e834f38733bb05d686a9e7) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/07/13 17:13:00.0086 2704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/13 17:13:00.0117 2704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 17:13:00.0133 2704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 17:13:00.0195 2704 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/13 17:13:00.0258 2704 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 17:13:00.0382 2704 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/13 17:13:00.0460 2704 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/13 17:13:00.0492 2704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 17:13:00.0570 2704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 17:13:00.0616 2704 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/07/13 17:13:00.0663 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/13 17:13:00.0944 2704 Boot (0x1200) (39ad37a7cf470063f2fc6d454f7fa9c9) \Device\Harddisk0\DR0\Partition0
2011/07/13 17:13:00.0944 2704 Boot (0x1200) (98dd62fd28d84b4e0c1d4c95c737201a) \Device\Harddisk0\DR0\Partition1
2011/07/13 17:13:00.0960 2704 ================================================================================
2011/07/13 17:13:00.0960 2704 Scan finished
2011/07/13 17:13:00.0960 2704 ================================================================================
2011/07/13 17:13:00.0975 5632 Detected object count: 0
2011/07/13 17:13:00.0975 5632 Actual detected object count: 0

Alt 13.07.2011, 20:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.07.2011, 19:52   #11
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hallo! Bitte entschuldigt die Verzögerung, aber ich habe zur Zeit Klausuren!
Im Folgenden der der Inhalt der Combofix.txt

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-07-14.03 - MEDION 14.07.2011  17:28:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1881 [GMT 2:00]
ausgeführt von:: c:\users\MEDION\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\MyMoneyDB.accdb
c:\data\shareit.mdb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-14 bis 2011-07-14  ))))))))))))))))))))))))))))))
.
.
2011-07-14 15:39 . 2011-07-14 15:39	--------	d-----w-	c:\users\MEDION\AppData\Local\temp
2011-07-14 15:23 . 2011-07-14 15:24	--------	d-----w-	C:\32788R22FWJFW
2011-07-13 13:29 . 2011-07-13 13:29	--------	d-----w-	C:\_OTL
2011-07-13 10:07 . 2011-04-20 15:55	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 10:07 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 08:58 . 2011-07-13 08:58	--------	d-----w-	c:\users\MEDION\AppData\Roaming\Malwarebytes
2011-07-13 08:58 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-13 08:58 . 2011-07-13 08:58	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-13 08:58 . 2011-07-13 08:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-13 08:58 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-13 07:31 . 2011-06-02 13:34	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-12 06:32 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8989502B-31AB-4D82-BA86-A56F9D9A913C}\mpengine.dll
2011-07-11 10:03 . 2011-07-11 10:04	--------	d-----w-	c:\users\MEDION\AppData\Roaming\vlc
2011-07-11 10:02 . 2011-07-11 10:02	--------	d-----w-	c:\program files\VideoLAN
2011-07-09 08:56 . 2011-07-09 08:56	--------	d-----w-	c:\users\MEDION\Netlab
2011-07-08 13:57 . 2011-07-08 13:57	--------	d-----w-	c:\program files\Maxis
2011-07-08 13:57 . 1998-01-23 10:22	304128	----a-w-	c:\windows\IsUninst.exe
2011-07-07 12:08 . 2011-07-07 12:09	--------	d-----w-	c:\windows\system32\Adobe
2011-07-03 08:52 . 2011-07-03 08:52	--------	d-----w-	c:\users\Nicht Peter\AppData\Local\Adobe
2011-06-29 09:36 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-23 14:19 . 2011-06-23 14:19	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-06-20 17:07 . 2011-06-20 17:07	--------	d-----w-	c:\program files\CCleaner
2011-06-20 16:20 . 2011-06-20 16:20	--------	d-----w-	c:\program files\Sophos
2011-06-19 15:57 . 2011-06-19 15:58	--------	d-----w-	c:\program files\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 12:20 . 2011-05-18 05:58	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 09:36 . 2011-01-21 22:59	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-01 09:36 . 2011-01-21 22:59	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-05-24 17:14 . 2011-01-21 19:18	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-02-06 17:20	472808	----a-w-	c:\windows\system32\deployJava1.dll
2000-07-10 07:02 . 2011-06-01 15:45	13	----a-w-	c:\program files\pack.bat
2000-04-03 23:20 . 2011-06-01 15:45	5152	----a-w-	c:\program files\uharcu.exe
1997-12-20 22:20 . 2011-06-01 15:45	99444	----a-w-	c:\program files\UHARC.EXE
2011-05-21 08:20 . 2011-04-22 17:17	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\MEDION\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\MEDION\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\MEDION\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52	40368	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\MEDION\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1BC9.tmp [x]
R3 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-02-04 63304]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 uxddrv;Dynamically loaded UxdDrv;g:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2011-01-18 54144]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-01-10 603896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000Core.job
- c:\users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 19:07]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000UA.job
- c:\users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 19:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.medion.com/
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\aplfm217.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
MSConfigStartUp-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-14 17:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1BC9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-14  17:50:25
ComboFix-quarantined-files.txt  2011-07-14 15:50
.
Vor Suchlauf: 14 Verzeichnis(se), 110.117.416.960 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 112.685.719.552 Bytes frei
.
- - End Of File - - 2FE483989BAA1DB4E448AF86DC278387
         
--- --- ---

Alt 14.07.2011, 19:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2011, 14:45   #13
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-15 14:32:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: zot9mi7w.exe; Driver: C:\Users\MEDION\AppData\Local\Temp\ugdiypod.sys


---- System - GMER 1.0.15 ----

SSDT            8C7C1DDE                                                                                               ZwCreateSection
SSDT            8C7C1DE3                                                                                               ZwSetContextThread
SSDT            8C7C1D7F                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                          822B1998 4 Bytes  [DE, 1D, 7C, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                          822B1CF0 4 Bytes  [E3, 1D, 7C, 8C] {JECXZ 0x1f; JL 0xffffffffffffff90}
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                          822B1DA4 4 Bytes  [7F, 1D, 7C, 8C] {JG 0x1f; JL 0xffffffffffffff90}
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                               section is writeable [0x8E800360, 0x35BF98, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!y!f!c!`!j!t!f!t!t!e!d!c!s!f!  19583823

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:39:44 on 15.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000Core.job" - "Google Inc." - C:\Users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3730576925-1742224285-2887581169-1000UA.job" - "Google Inc." - C:\Users\MEDION\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\MEDION\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz134" (cpuz134) - ? - C:\Users\MEDION\AppData\Local\Temp\cpuz134\cpuz134_x32.sys  (File not found)
"Dynamically loaded UxdDrv" (uxddrv) - ? - G:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys  (File not found)
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\1BC9.tmp  (File not found)
"Performance Tools Driver 10.0" (VSPerfDrv100) - "Microsoft Corporation" - C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugdiypod" (ugdiypod) - ? - C:\Users\MEDION\AppData\Local\Temp\ugdiypod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Gutscheinmieze" - "Synatix GmbH" - C:\Users\MEDION\AppData\Roaming\Gutscheinmieze\toolbar.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10r.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "Gutscheinmieze" - "Synatix GmbH" - C:\Users\MEDION\AppData\Roaming\Gutscheinmieze\toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{DDA57003-0068-4ed2-9D32-4D1EC707D94D} "Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - c:\xampp\apache\bin\httpd.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - c:\xampp\FileZillaFTP\FileZillaServer.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MySQL" (MySQL) - ? - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe  (File found, but it contains no detailed information)
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Webbereitstellungs-Agent-Dienst" (MsDepSvc) - "Microsoft Corporation" - C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

MBR_Check:
Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: MEDION
System Product Name: WIM2190
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 155):
0x82205000 \SystemRoot\system32\ntkrnlpa.exe
0x825BF000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\system32\drivers\intelide.sys
0x80784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A20F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A2D6000 \SystemRoot\system32\drivers\atapi.sys
0x8A2DE000 \SystemRoot\system32\drivers\ataport.SYS
0x8A2FC000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8A332000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8A358000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A38A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A39A000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8A406000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A477000 \SystemRoot\system32\drivers\ndis.sys
0x8A582000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5AD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A605000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A953000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8A955000 \SystemRoot\System32\Drivers\mup.sys
0x8A964000 \SystemRoot\System32\drivers\ecache.sys
0x8A98B000 \SystemRoot\system32\drivers\disk.sys
0x8A99C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9DE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9E7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A9F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF47000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFE7000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A39D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E40E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E49B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F000000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8F229000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F22D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F240000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F24B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F279000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F27B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F286000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F29E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F2CD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F30E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F319000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F330000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F33B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F35E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F36D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F381000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F396000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F3A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F3A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F3D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F3DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E4B3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F3E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F801000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E4E8000 \SystemRoot\system32\drivers\portcls.sys
0x8E515000 \SystemRoot\system32\drivers\drmk.sys
0x8FA03000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8FB1F000 \SystemRoot\system32\drivers\modem.sys
0x8FB2C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FB35000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB3C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB4C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FB53000 \SystemRoot\System32\drivers\vga.sys
0x8FB5F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB80000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB88000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB90000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB9B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FBA9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FBB2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FBC8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E53A000 \SystemRoot\system32\drivers\afd.sys
0x8E582000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FBDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E5B4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB43000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x807A2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FB49000 \SystemRoot\System32\Drivers\Hotkey.SYS
0x8E5C7000 \SystemRoot\System32\Drivers\dfsc.sys
0x805B5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FE08000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8FE30000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8FFDC000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8FFE9000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8FFF0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A70A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E5DE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E5E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FE00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A7E0000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x9C260000 \SystemRoot\System32\win32k.sys
0x8E400000 \SystemRoot\System32\drivers\Dxapi.sys
0x8A5E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C480000 \SystemRoot\System32\TSDDD.dll
0x8A3DB000 \SystemRoot\system32\drivers\luafv.sys
0x807DE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8E5F7000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0xA3604000 \SystemRoot\system32\drivers\spsys.sys
0xA36B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA36C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA36EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA36F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA370B000 \SystemRoot\system32\drivers\HTTP.sys
0xA3778000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3795000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA37AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA37C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x805DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4839000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA4851000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4879000 \SystemRoot\System32\DRIVERS\srv.sys
0xA48E0000 \SystemRoot\system32\drivers\peauth.sys
0xA49BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAAA03000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xAAA8F000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xAAAC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAAAD1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAAAE6000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAAAF8000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xAAB01000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAAB17000 \??\C:\Windows\system32\drivers\mbam.sys
0x9C4C0000 \SystemRoot\System32\cdd.dll
0xAAB30000 \??\C:\Users\MEDION\AppData\Local\Temp\ugdiypod.sys
0x77870000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
632 csrss.exe
696 C:\Windows\System32\wininit.exe
732 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\SLsvc.exe
1388 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1872 C:\Windows\System32\spoolsv.exe
1896 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1908 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\taskeng.exe
2788 C:\Windows\System32\agrsmsvc.exe
2824 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2848 C:\xampp\apache\bin\httpd.exe
2888 C:\Windows\System32\svchost.exe
2924 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3004 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3096 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3136 C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
3192 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
3228 C:\Windows\System32\svchost.exe
3240 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3492 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
3512 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3544 C:\Windows\System32\svchost.exe
3592 C:\Windows\System32\svchost.exe
3624 C:\Windows\System32\svchost.exe
3648 C:\Windows\System32\SearchIndexer.exe
3780 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
1860 WUDFHost.exe
612 C:\xampp\apache\bin\httpd.exe
4424 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4492 C:\Program Files\Launch Manager\WisLMSvc.exe
4588 WmiPrvSE.exe
5712 C:\Windows\System32\svchost.exe
4908 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
548 csrss.exe
5512 C:\Windows\System32\winlogon.exe
4952 C:\Windows\System32\taskeng.exe
5760 C:\Windows\System32\dwm.exe
2540 C:\Windows\explorer.exe
2336 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1548 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2508 C:\Program Files\Launch Manager\LaunchAp.exe
4872 C:\Program Files\Launch Manager\HotkeyApp.exe
4260 C:\Program Files\Launch Manager\OSD.exe
5892 C:\Program Files\Launch Manager\WButton.exe
4920 C:\Windows\RtHDVCpl.exe
4968 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
5820 C:\Windows\System32\rundll32.exe
2436 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5084 C:\Windows\System32\rundll32.exe
4632 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3852 C:\Windows\System32\wuauclt.exe
3200 C:\Windows\System32\SearchProtocolHost.exe
2264 C:\Windows\System32\SearchFilterHost.exe
2612 dllhost.exe
2476 dllhost.exe
4248 C:\Users\MEDION\Desktop\MBRCheck.exe
6108 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000042`39da2800 (FAT32)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Alt 15.07.2011, 15:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2011, 21:21   #15
Ebin
 
BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Standard

BOO/Alureon.C Fund durch Avira Anti Vir standard edition



Hier die Ergebnisse von SUPERAntiSpyware und Malwarebytes, sowie ESET:

Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/15/2011 at 04:57 PM

Application Version : 4.55.1000

Core Rules Database Version : 7411
Trace Rules Database Version: 5223

Scan type : Quick Scan
Total Scan Time : 00:15:02

Memory items scanned : 735
Memory threats detected : 0
Registry items scanned : 2513
Registry threats detected : 0
File items scanned : 10894
File threats detected : 372

Adware.Tracking Cookie
C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Cookies\medion@smartadserver[2].txt
C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Cookies\medion@doubleclick[1].txt
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
de.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.de.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adviva.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.im.banner.t-online.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.olympiaverlag.122.2o7.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
de.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
de.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ero-advertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.adnet.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.gs [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.zanox-affiliate.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accounts.youtube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.adform.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fr.sitestat.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
mediapartner.bigpoint.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads3.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads4.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.adnet.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.adnet.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads4.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads3.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads3.net2day.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.maxis.112.2o7.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
m1.webstats.motigo.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.crakmedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dafuckbook.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.crakmedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.zeusclicks.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornhub.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntubemate.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.porntubemate.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.porntube.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.3gnet.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pornerbros.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.mofosex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mofosex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mofosex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mofosex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.xxxkinky.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.xxxkinky.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xxxkinky.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xxxkinky.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xxxkinky.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficholder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.1malemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.adserver01.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.im.banner.t-online.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.dyntracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.im.banner.t-online.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.zeusclicks.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.adform.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adform.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adx.chip.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adx.chip.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.dyntracker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox-affiliate.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
eas.apm.emediate.eu [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad3.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.quisma.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
track.effiliation.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad1.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webmasterplan.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zanox.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traffictrack.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.de.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.de.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.de.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.de.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.partypoker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornrabbit.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornrabbit.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pornrabbit.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.gridlockparadise.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.gridlockparadise.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.gridlockparadise.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.adultrevads.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alphaporno.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ero-advertising.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
delivery.trafficbroker.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ww251.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad4.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad2.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adfarm1.adition.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.trafficjunky.net [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpansion.com [ C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cdn1.pics.mofosex.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
cdn1.static1.pornrabbit.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
secure-uk.imrworldwide.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
www.alphaporno.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
www.pornerbros.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
www.pornhub.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
www.porntube.com [ C:\Users\MEDION\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5GT3ZS3Q ]
secure-uk.imrworldwide.com [ C:\Users\Nicht Peter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QD9F4FVQ ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eu.gomeotrack[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartadserver[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adultfriendfinder[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.creative-serving[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p418t1s4361650.kronos.bravenetmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficengine[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.cpcadnet[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.jamba[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad4.adfarm1.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad3.adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@upvalue1.easymedia-adserver[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.pangora[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
Zitat:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7147

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.07.2011 18:49:05
mbam-log-2011-07-15 (18-49-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Durchsuchte Objekte: 380594
Laufzeit: 1 Stunde(n), 18 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0ddaea7be4a1d146b44c26ccd190a4bd
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-15 05:01:21
# local_time=2011-07-15 07:01:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 209576 47286102 202332 0
# compatibility_mode=5892 16776573 100 100 30311 148282009 0 0
# compatibility_mode=8192 67108863 100 0 207 207 0 0
# scanned=6
# found=0
# cleaned=0
# scan_time=99
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0ddaea7be4a1d146b44c26ccd190a4bd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-15 06:50:50
# local_time=2011-07-15 08:50:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 209715 47286241 202471 0
# compatibility_mode=5892 16776573 100 100 30450 148282148 0 0
# compatibility_mode=8192 67108863 100 0 346 346 0 0
# scanned=210596
# found=0
# cleaned=0
# scan_time=6429

Antwort

Themen zu BOO/Alureon.C Fund durch Avira Anti Vir standard edition
antivir guard, avira, bho, desktop, ebay, entfernen, error, failed, firefox, flash player, fundmeldung, google, google chrome, google earth, hijack, hijackthis, home, install.exe, launch, logfile, malware, malware bytes, mozilla thunderbird, object, office 2007, programm, realtek, registry, security, security update, server, shell32.dll, shortcut, software, sophos anti-rootkit, studio, usb 2.0, virus, vista, visual studio



Ähnliche Themen: BOO/Alureon.C Fund durch Avira Anti Vir standard edition


  1. Cisco-Gateways durch Standard-SSH-Schlüssel angreifbar
    Nachrichten - 26.06.2015 (0)
  2. Trojaner Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (22)
  3. Windows 8: Adware Fund durch Avira
    Log-Analyse und Auswertung - 08.03.2015 (17)
  4. Windows 7 Ultimate 32-bit: Fund durch AVIRA EXP/JAVA.Edilage.Gen
    Log-Analyse und Auswertung - 08.12.2014 (9)
  5. Fund TR/Crypt.XPACK.Gen2 durch Avira
    Log-Analyse und Auswertung - 25.11.2014 (32)
  6. Win32 Dropper Gen Meldung von Avast, aber kein Fund durch Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2014 (14)
  7. Virus TR/ATRAPS.Gen2 durch Avira entdeckt. Keine Lösung durch Avira
    Log-Analyse und Auswertung - 29.10.2013 (3)
  8. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  9. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  10. Fund durch Avira: TR/Dropper.Gen in D:\Sonstiges\Treiber\CREATIVE\Audible\Manager_Creative.cab
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (1)
  11. Bluescreen nach Crypt.XPACK.Gen3 -Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (6)
  12. Windows Server 2008R2 Standard Edition
    Alles rund um Windows - 12.10.2010 (13)
  13. Drop.A.zaq.52224 fund durch Avira
    Log-Analyse und Auswertung - 21.08.2010 (26)
  14. ALUREON-Fund
    Log-Analyse und Auswertung - 11.02.2010 (1)
  15. Trojaner-Fund TR/Click.Yabector.262830 durch Avira
    Log-Analyse und Auswertung - 04.02.2010 (24)
  16. AVG Anti-Virus Free Small Business Edition
    Antiviren-, Firewall- und andere Schutzprogramme - 20.10.2009 (0)
  17. BitDefender 7.1 Standard Edition
    Antiviren-, Firewall- und andere Schutzprogramme - 25.09.2003 (2)

Zum Thema BOO/Alureon.C Fund durch Avira Anti Vir standard edition - Hallo! Ich habe heute direkt nach dem hochfahren meines Rechners folgende Fundmeldung von Anti Vir erhalten. Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder unerwünschtes Programm 'BOO/Alureon.C' [virus] gefunden. - BOO/Alureon.C Fund durch Avira Anti Vir standard edition...
Archiv
Du betrachtest: BOO/Alureon.C Fund durch Avira Anti Vir standard edition auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.