Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Mediyes.EB.1 & TR/ATRAPS.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.06.2012, 19:28   #1
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Ich habe festgestellt, dass Mein Computer von den Trojanern TR/Medyies.EB.1 und TR/ATRAPS.Gen befallen ist. Was sollte ich jetzt machen?

Danke für die Hilfe


OTL-Code:
Code:
ATTFilter
OTL logfile created on: 01.06.2012 22:12:24 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 13.18 Gb Available Physical Memory | 82.45% Memory free
31.96 Gb Paging File | 28.83 Gb Available in Paging File | 90.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.67 Gb Total Space | 680.09 Gb Free Space | 74.35% Space Free | Partition Type: NTFS
 
Computer Name: ULTRA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avformat-54.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\avcodec-54.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (stllssvr) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/17
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.21\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\system32\d3dyqd21c.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D5F8CA5-7AFF-4038-9CEB-E03F84F088AA}: DhcpNameServer = 10.72.0.68 10.72.0.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57A9FC1-3BF3-4CD8-A14B-A3AE005A61BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAC56686-ECD0-4946-B81D-A473D51AD4AE}: DhcpNameServer = 10.9.11.21 10.9.11.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 21:43:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.18 11:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.05.15 14:53:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Curse
[2012.05.15 14:50:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.05.13 18:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.13 18:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 18:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.12 11:33:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.12 11:33:25 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.12 11:33:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.12 11:33:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.08 17:48:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SniperV2
[2012.05.08 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SKIDROW
[2012.05.08 17:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012.05.08 17:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012.05.07 18:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\jagexcache
[2012.05.04 20:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.04 20:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.04 20:26:10 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 22:12:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
[2012.06.01 22:10:52 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.01 22:08:06 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.01 21:43:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.01 19:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.01 17:01:37 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
[2012.06.01 16:48:40 | 000,002,371 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2012.06.01 16:47:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.05.31 18:16:58 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 18:16:58 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 18:12:52 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.31 18:12:52 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.31 18:12:52 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.31 18:12:52 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.31 18:12:52 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.31 18:08:28 | 4281,131,006 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 23:02:28 | 000,257,541 | ---- | M] () -- C:\Users\***\Documents\000.ducksauce-barbrastcof5.jpg
[2012.05.18 11:59:21 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.13 10:20:22 | 004,878,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 21:11:40 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:11:40 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.08 17:44:04 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012.05.07 18:42:45 | 000,000,001 | ---- | M] () -- C:\Users\***\random.dat
[2012.05.07 18:42:03 | 000,000,046 | ---- | M] () -- C:\Users\***\jagex_cl_runescape_LIVE.dat
[2012.05.06 12:52:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.04 20:26:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.04 20:26:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.06.01 22:10:52 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.01 22:08:06 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.05.29 23:02:29 | 000,257,541 | ---- | C] () -- C:\Users\***\Documents\000.ducksauce-barbrastcof5.jpg
[2012.05.18 11:12:24 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.08 17:44:04 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012.05.07 18:42:03 | 000,000,046 | ---- | C] () -- C:\Users\***\jagex_cl_runescape_LIVE.dat
[2012.05.07 18:42:03 | 000,000,001 | ---- | C] () -- C:\Users\***\random.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.19 18:33:50 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.19 18:33:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.26 23:59:46 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.11.29 20:51:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.29 20:28:02 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.11.29 20:28:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.11.29 20:28:02 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.11.29 20:28:01 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.29 20:28:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.10 16:33:46 | 001,591,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.05.23 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.04.30 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.Nitrous
[2012.05.30 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.12.26 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fingertapps
[2012.02.26 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.04.24 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2012.03.04 00:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2012.04.21 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.12.26 01:08:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.19 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.04.30 14:25:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MinecraftTools
[2011.12.26 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.01.19 18:33:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2012.05.21 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.26 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.03.10 00:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.01.11 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.12.26 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4
[2012.05.06 12:52:03 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.20 10:35:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.01 16:47:13 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 03.06.2012, 23:16   #2
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 04.06.2012, 17:23   #3
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Ich habe deine Schritte befolgt, hier nun die Log-files:

aswMBR:

Ich habe deine Schritte befolgt, hier sind die Logs:

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-04 18:06:01
-----------------------------
18:06:01.613    OS Version: Windows x64 6.1.7601 Service Pack 1
18:06:01.613    Number of processors: 8 586 0x2A07
18:06:01.613    ComputerName: ULTRA  UserName: 
18:06:03.267    Initialize success
18:06:05.872    AVAST engine defs: 12060400
18:06:08.493    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:06:08.493    Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
18:06:08.493    Disk 0 MBR read successfully
18:06:08.493    Disk 0 MBR scan
18:06:08.508    Disk 0 Windows 7 default MBR code
18:06:08.508    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      180 MB offset 63
18:06:08.524    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        17066 MB offset 370688
18:06:08.539    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       936627 MB offset 35321856
18:06:08.539    Disk 0 scanning C:\Windows\system32\drivers
18:06:17.915    Service scanning
18:06:32.563    Modules scanning
18:06:32.563    Disk 0 trace - called modules:
18:06:32.579    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:06:32.579    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f365790]
18:06:32.579    3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d871050]
18:06:33.234    AVAST engine scan C:\Windows
18:06:34.545    AVAST engine scan C:\Windows\system32
18:09:43.742    AVAST engine scan C:\Windows\system32\drivers
18:09:54.007    AVAST engine scan C:\Users\***
18:13:18.242    AVAST engine scan C:\ProgramData
18:14:41.765    Scan finished successfully
18:15:24.150    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:15:24.150    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
18:18:27.0889 4972	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:18:28.0061 4972	============================================================
18:18:28.0061 4972	Current date / time: 2012/06/04 18:18:28.0061
18:18:28.0061 4972	SystemInfo:
18:18:28.0061 4972	
18:18:28.0061 4972	OS Version: 6.1.7601 ServicePack: 1.0
18:18:28.0061 4972	Product type: Workstation
18:18:28.0061 4972	ComputerName: ULTRA
18:18:28.0061 4972	UserName: ***
18:18:28.0061 4972	Windows directory: C:\Windows
18:18:28.0061 4972	System windows directory: C:\Windows
18:18:28.0061 4972	Running under WOW64
18:18:28.0061 4972	Processor architecture: Intel x64
18:18:28.0061 4972	Number of processors: 8
18:18:28.0061 4972	Page size: 0x1000
18:18:28.0061 4972	Boot type: Normal boot
18:18:28.0061 4972	============================================================
18:18:28.0451 4972	Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:28.0467 4972	============================================================
18:18:28.0467 4972	\Device\Harddisk0\DR0:
18:18:28.0467 4972	MBR partitions:
18:18:28.0467 4972	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5A800, BlocksNum 0x2155000
18:18:28.0467 4972	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21AF800, BlocksNum 0x72559800
18:18:28.0467 4972	============================================================
18:18:28.0498 4972	C: <-> \Device\Harddisk0\DR0\Partition1
18:18:28.0498 4972	============================================================
18:18:28.0498 4972	Initialize success
18:18:28.0498 4972	============================================================
18:18:50.0054 3664	============================================================
18:18:50.0054 3664	Scan started
18:18:50.0054 3664	Mode: Manual; TDLFS; 
18:18:50.0054 3664	============================================================
18:18:50.0428 3664	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:18:50.0428 3664	1394ohci - ok
18:18:50.0475 3664	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:18:50.0475 3664	ACPI - ok
18:18:50.0491 3664	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:18:50.0491 3664	AcpiPmi - ok
18:18:50.0506 3664	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:18:50.0506 3664	adp94xx - ok
18:18:50.0537 3664	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:18:50.0537 3664	adpahci - ok
18:18:50.0553 3664	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:18:50.0553 3664	adpu320 - ok
18:18:50.0584 3664	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:18:50.0584 3664	AeLookupSvc - ok
18:18:50.0647 3664	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:18:50.0647 3664	AFD - ok
18:18:50.0678 3664	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:18:50.0678 3664	agp440 - ok
18:18:50.0709 3664	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:18:50.0709 3664	ALG - ok
18:18:50.0709 3664	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:18:50.0709 3664	aliide - ok
18:18:50.0787 3664	ALSysIO - ok
18:18:50.0834 3664	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:18:50.0834 3664	AMD External Events Utility - ok
18:18:50.0881 3664	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:18:50.0881 3664	amdide - ok
18:18:50.0896 3664	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:18:50.0912 3664	AmdK8 - ok
18:18:51.0068 3664	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:18:51.0177 3664	amdkmdag - ok
18:18:51.0255 3664	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:18:51.0255 3664	amdkmdap - ok
18:18:51.0286 3664	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:18:51.0286 3664	AmdPPM - ok
18:18:51.0317 3664	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:18:51.0317 3664	amdsata - ok
18:18:51.0364 3664	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:18:51.0380 3664	amdsbs - ok
18:18:51.0395 3664	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:18:51.0395 3664	amdxata - ok
18:18:51.0473 3664	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:18:51.0473 3664	AntiVirSchedulerService - ok
18:18:51.0489 3664	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:18:51.0489 3664	AntiVirService - ok
18:18:51.0536 3664	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:18:51.0536 3664	AppID - ok
18:18:51.0551 3664	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:18:51.0551 3664	AppIDSvc - ok
18:18:51.0567 3664	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:18:51.0567 3664	Appinfo - ok
18:18:51.0645 3664	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:18:51.0645 3664	Apple Mobile Device - ok
18:18:51.0707 3664	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:18:51.0707 3664	AppMgmt - ok
18:18:51.0723 3664	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:18:51.0723 3664	arc - ok
18:18:51.0754 3664	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:18:51.0754 3664	arcsas - ok
18:18:51.0832 3664	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:18:51.0848 3664	aspnet_state - ok
18:18:51.0863 3664	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:18:51.0863 3664	AsyncMac - ok
18:18:51.0895 3664	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:18:51.0895 3664	atapi - ok
18:18:51.0926 3664	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
18:18:51.0926 3664	AtiHDAudioService - ok
18:18:51.0988 3664	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:18:51.0988 3664	AudioEndpointBuilder - ok
18:18:52.0004 3664	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:18:52.0004 3664	AudioSrv - ok
18:18:52.0035 3664	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:18:52.0035 3664	avgntflt - ok
18:18:52.0051 3664	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:18:52.0051 3664	avipbb - ok
18:18:52.0082 3664	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:18:52.0082 3664	avkmgr - ok
18:18:52.0097 3664	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:18:52.0097 3664	AxInstSV - ok
18:18:52.0191 3664	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:18:52.0207 3664	b06bdrv - ok
18:18:52.0238 3664	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:18:52.0238 3664	b57nd60a - ok
18:18:52.0378 3664	BCM43XX         (0b0df4cd7c2c188c95c4e09c568ad54a) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:18:52.0409 3664	BCM43XX - ok
18:18:52.0425 3664	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:18:52.0425 3664	BDESVC - ok
18:18:52.0456 3664	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:18:52.0456 3664	Beep - ok
18:18:52.0519 3664	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:18:52.0519 3664	BFE - ok
18:18:52.0565 3664	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:18:52.0581 3664	BITS - ok
18:18:52.0581 3664	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:18:52.0597 3664	blbdrive - ok
18:18:52.0675 3664	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:18:52.0675 3664	Bonjour Service - ok
18:18:52.0706 3664	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:18:52.0706 3664	bowser - ok
18:18:52.0753 3664	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:18:52.0753 3664	BrFiltLo - ok
18:18:52.0753 3664	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:18:52.0753 3664	BrFiltUp - ok
18:18:52.0784 3664	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:18:52.0799 3664	Browser - ok
18:18:52.0815 3664	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:18:52.0815 3664	Brserid - ok
18:18:52.0831 3664	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:18:52.0831 3664	BrSerWdm - ok
18:18:52.0831 3664	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:18:52.0831 3664	BrUsbMdm - ok
18:18:52.0831 3664	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:18:52.0831 3664	BrUsbSer - ok
18:18:52.0831 3664	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:18:52.0831 3664	BTHMODEM - ok
18:18:52.0862 3664	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:18:52.0862 3664	bthserv - ok
18:18:52.0877 3664	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:18:52.0877 3664	cdfs - ok
18:18:52.0909 3664	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:18:52.0909 3664	cdrom - ok
18:18:52.0940 3664	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:18:52.0940 3664	CertPropSvc - ok
18:18:52.0940 3664	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:18:52.0940 3664	circlass - ok
18:18:52.0987 3664	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:18:52.0987 3664	CLFS - ok
18:18:53.0111 3664	CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
18:18:53.0127 3664	CLHNServiceForPowerDVD12 - ok
18:18:53.0205 3664	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:18:53.0221 3664	clr_optimization_v2.0.50727_32 - ok
18:18:53.0267 3664	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:18:53.0283 3664	clr_optimization_v2.0.50727_64 - ok
18:18:53.0361 3664	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:18:53.0361 3664	clr_optimization_v4.0.30319_32 - ok
18:18:53.0392 3664	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:18:53.0392 3664	clr_optimization_v4.0.30319_64 - ok
18:18:53.0408 3664	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:18:53.0408 3664	CmBatt - ok
18:18:53.0423 3664	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:18:53.0423 3664	cmdide - ok
18:18:53.0470 3664	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:18:53.0470 3664	CNG - ok
18:18:53.0486 3664	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:18:53.0486 3664	Compbatt - ok
18:18:53.0517 3664	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:18:53.0517 3664	CompositeBus - ok
18:18:53.0517 3664	COMSysApp - ok
18:18:53.0517 3664	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:18:53.0517 3664	crcdisk - ok
18:18:53.0564 3664	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:18:53.0564 3664	CryptSvc - ok
18:18:53.0611 3664	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:18:53.0611 3664	CSC - ok
18:18:53.0657 3664	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:18:53.0657 3664	CscService - ok
18:18:53.0735 3664	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:18:53.0735 3664	cvhsvc - ok
18:18:53.0798 3664	CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
18:18:53.0798 3664	CyberLink PowerDVD 12 Media Server Monitor Service - ok
18:18:53.0829 3664	CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
18:18:53.0829 3664	CyberLink PowerDVD 12 Media Server Service - ok
18:18:53.0891 3664	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:18:53.0891 3664	DcomLaunch - ok
18:18:53.0938 3664	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:18:53.0938 3664	defragsvc - ok
18:18:53.0969 3664	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:18:53.0969 3664	DfsC - ok
18:18:54.0016 3664	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:18:54.0016 3664	Dhcp - ok
18:18:54.0032 3664	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:18:54.0032 3664	discache - ok
18:18:54.0047 3664	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:18:54.0047 3664	Disk - ok
18:18:54.0094 3664	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:18:54.0094 3664	dmvsc - ok
18:18:54.0219 3664	Dnscache        (ad9228fc822020c075271e1f4384be3c) C:\Windows\System32\pouawfiuj.dll
18:18:54.0219 3664	Dnscache - ok
18:18:54.0266 3664	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:18:54.0266 3664	dot3svc - ok
18:18:54.0297 3664	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:18:54.0297 3664	DPS - ok
18:18:54.0313 3664	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:18:54.0313 3664	drmkaud - ok
18:18:54.0359 3664	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:18:54.0375 3664	DXGKrnl - ok
18:18:54.0406 3664	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:18:54.0406 3664	EapHost - ok
18:18:54.0515 3664	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:18:54.0547 3664	ebdrv - ok
18:18:54.0578 3664	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:18:54.0578 3664	EFS - ok
18:18:54.0640 3664	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:18:54.0656 3664	ehRecvr - ok
18:18:54.0687 3664	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:18:54.0687 3664	ehSched - ok
18:18:54.0749 3664	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:18:54.0749 3664	elxstor - ok
18:18:54.0749 3664	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:18:54.0749 3664	ErrDev - ok
18:18:54.0812 3664	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:18:54.0812 3664	EventSystem - ok
18:18:54.0812 3664	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:18:54.0812 3664	exfat - ok
18:18:54.0843 3664	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:18:54.0843 3664	fastfat - ok
18:18:54.0890 3664	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:18:54.0905 3664	Fax - ok
18:18:54.0905 3664	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:18:54.0905 3664	fdc - ok
18:18:54.0921 3664	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:18:54.0921 3664	fdPHost - ok
18:18:54.0937 3664	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:18:54.0937 3664	FDResPub - ok
18:18:54.0968 3664	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:18:54.0968 3664	FileInfo - ok
18:18:54.0983 3664	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:18:54.0983 3664	Filetrace - ok
18:18:55.0046 3664	FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:18:55.0061 3664	FLEXnet Licensing Service - ok
18:18:55.0061 3664	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:18:55.0061 3664	flpydisk - ok
18:18:55.0093 3664	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:18:55.0093 3664	FltMgr - ok
18:18:55.0155 3664	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:18:55.0171 3664	FontCache - ok
18:18:55.0233 3664	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:55.0233 3664	FontCache3.0.0.0 - ok
18:18:55.0249 3664	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:18:55.0249 3664	FsDepends - ok
18:18:55.0280 3664	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:18:55.0280 3664	Fs_Rec - ok
18:18:55.0311 3664	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:18:55.0311 3664	fvevol - ok
18:18:55.0327 3664	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:18:55.0327 3664	gagp30kx - ok
18:18:55.0358 3664	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:18:55.0358 3664	GEARAspiWDM - ok
18:18:55.0405 3664	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:18:55.0420 3664	gpsvc - ok
18:18:55.0483 3664	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:18:55.0483 3664	hamachi - ok
18:18:55.0498 3664	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:18:55.0498 3664	hcw85cir - ok
18:18:55.0545 3664	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:18:55.0545 3664	HdAudAddService - ok
18:18:55.0592 3664	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:18:55.0592 3664	HDAudBus - ok
18:18:55.0592 3664	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:18:55.0592 3664	HidBatt - ok
18:18:55.0607 3664	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:18:55.0623 3664	HidBth - ok
18:18:55.0639 3664	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:18:55.0639 3664	HidIr - ok
18:18:55.0654 3664	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:18:55.0654 3664	hidserv - ok
18:18:55.0685 3664	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:18:55.0685 3664	HidUsb - ok
18:18:55.0701 3664	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:18:55.0701 3664	hkmsvc - ok
18:18:55.0717 3664	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:18:55.0732 3664	HomeGroupListener - ok
18:18:55.0748 3664	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:18:55.0748 3664	HomeGroupProvider - ok
18:18:55.0763 3664	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:18:55.0763 3664	HpSAMD - ok
18:18:55.0810 3664	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:18:55.0810 3664	HTTP - ok
18:18:55.0826 3664	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:18:55.0826 3664	hwpolicy - ok
18:18:55.0841 3664	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:18:55.0857 3664	i8042prt - ok
18:18:55.0904 3664	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
18:18:55.0904 3664	iaStor - ok
18:18:55.0951 3664	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:18:55.0951 3664	IAStorDataMgrSvc - ok
18:18:55.0982 3664	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:18:55.0982 3664	iaStorV - ok
18:18:56.0075 3664	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:18:56.0091 3664	IDriverT - ok
18:18:56.0153 3664	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:18:56.0169 3664	idsvc - ok
18:18:56.0200 3664	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:18:56.0200 3664	iirsp - ok
18:18:56.0263 3664	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:18:56.0263 3664	IKEEXT - ok
18:18:56.0294 3664	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
18:18:56.0294 3664	Impcd - ok
18:18:56.0419 3664	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
18:18:56.0434 3664	IntcAzAudAddService - ok
18:18:56.0497 3664	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:18:56.0497 3664	IntcDAud - ok
18:18:56.0512 3664	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:18:56.0512 3664	intelide - ok
18:18:56.0559 3664	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:18:56.0559 3664	intelppm - ok
18:18:56.0590 3664	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:18:56.0590 3664	IPBusEnum - ok
18:18:56.0621 3664	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:56.0621 3664	IpFilterDriver - ok
18:18:56.0668 3664	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:18:56.0684 3664	iphlpsvc - ok
18:18:56.0684 3664	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:18:56.0684 3664	IPMIDRV - ok
18:18:56.0684 3664	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:18:56.0699 3664	IPNAT - ok
18:18:56.0777 3664	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:18:56.0793 3664	iPod Service - ok
18:18:56.0809 3664	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:18:56.0809 3664	IRENUM - ok
18:18:56.0824 3664	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:18:56.0824 3664	isapnp - ok
18:18:56.0855 3664	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:18:56.0855 3664	iScsiPrt - ok
18:18:56.0902 3664	k57nd60a        (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:18:56.0902 3664	k57nd60a - ok
18:18:56.0918 3664	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:18:56.0918 3664	kbdclass - ok
18:18:56.0933 3664	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:18:56.0933 3664	kbdhid - ok
18:18:56.0949 3664	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:18:56.0949 3664	KeyIso - ok
18:18:56.0965 3664	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:18:56.0965 3664	KSecDD - ok
18:18:56.0980 3664	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:18:56.0980 3664	KSecPkg - ok
18:18:56.0996 3664	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:18:56.0996 3664	ksthunk - ok
18:18:57.0043 3664	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:18:57.0043 3664	KtmRm - ok
18:18:57.0089 3664	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:18:57.0089 3664	LanmanServer - ok
18:18:57.0121 3664	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:18:57.0121 3664	lltdio - ok
18:18:57.0152 3664	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:18:57.0152 3664	lltdsvc - ok
18:18:57.0167 3664	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:18:57.0167 3664	lmhosts - ok
18:18:57.0214 3664	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:18:57.0214 3664	LSI_FC - ok
18:18:57.0230 3664	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:18:57.0230 3664	LSI_SAS - ok
18:18:57.0230 3664	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:18:57.0245 3664	LSI_SAS2 - ok
18:18:57.0245 3664	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:18:57.0245 3664	LSI_SCSI - ok
18:18:57.0261 3664	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:18:57.0261 3664	luafv - ok
18:18:57.0292 3664	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:18:57.0292 3664	Mcx2Svc - ok
18:18:57.0308 3664	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:18:57.0308 3664	megasas - ok
18:18:57.0308 3664	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:18:57.0308 3664	MegaSR - ok
18:18:57.0355 3664	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:18:57.0355 3664	MEIx64 - ok
18:18:57.0370 3664	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:18:57.0370 3664	MMCSS - ok
18:18:57.0386 3664	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:18:57.0386 3664	Modem - ok
18:18:57.0386 3664	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:18:57.0386 3664	monitor - ok
18:18:57.0417 3664	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:18:57.0417 3664	mouclass - ok
18:18:57.0417 3664	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:18:57.0417 3664	mouhid - ok
18:18:57.0448 3664	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:18:57.0448 3664	mountmgr - ok
18:18:57.0448 3664	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:18:57.0448 3664	mpio - ok
18:18:57.0464 3664	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:18:57.0464 3664	mpsdrv - ok
18:18:57.0526 3664	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:18:57.0526 3664	MpsSvc - ok
18:18:57.0542 3664	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:18:57.0542 3664	MRxDAV - ok
18:18:57.0573 3664	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:57.0573 3664	mrxsmb - ok
18:18:57.0604 3664	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:57.0604 3664	mrxsmb10 - ok
18:18:57.0635 3664	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:57.0635 3664	mrxsmb20 - ok
18:18:57.0667 3664	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:18:57.0667 3664	msahci - ok
18:18:57.0698 3664	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:18:57.0713 3664	msdsm - ok
18:18:57.0745 3664	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:18:57.0745 3664	MSDTC - ok
18:18:57.0760 3664	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:18:57.0760 3664	Msfs - ok
18:18:57.0776 3664	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:18:57.0776 3664	mshidkmdf - ok
18:18:57.0791 3664	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:18:57.0791 3664	msisadrv - ok
18:18:57.0838 3664	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:18:57.0838 3664	MSiSCSI - ok
18:18:57.0838 3664	msiserver - ok
18:18:57.0854 3664	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:18:57.0854 3664	MSKSSRV - ok
18:18:57.0869 3664	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:57.0869 3664	MSPCLOCK - ok
18:18:57.0869 3664	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:18:57.0869 3664	MSPQM - ok
18:18:57.0901 3664	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:18:57.0901 3664	MsRPC - ok
18:18:57.0916 3664	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:18:57.0916 3664	mssmbios - ok
18:18:57.0916 3664	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:18:57.0916 3664	MSTEE - ok
18:18:57.0916 3664	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:18:57.0916 3664	MTConfig - ok
18:18:57.0932 3664	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:18:57.0932 3664	Mup - ok
18:18:57.0979 3664	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:18:57.0979 3664	napagent - ok
18:18:58.0025 3664	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:18:58.0025 3664	NativeWifiP - ok
18:18:58.0088 3664	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:18:58.0088 3664	NDIS - ok
18:18:58.0119 3664	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:18:58.0119 3664	NdisCap - ok
18:18:58.0135 3664	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:58.0135 3664	NdisTapi - ok
18:18:58.0150 3664	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:58.0150 3664	Ndisuio - ok
18:18:58.0166 3664	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:58.0181 3664	NdisWan - ok
18:18:58.0213 3664	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:18:58.0213 3664	NDProxy - ok
18:18:58.0259 3664	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
18:18:58.0259 3664	Netaapl - ok
18:18:58.0291 3664	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:18:58.0291 3664	NetBIOS - ok
18:18:58.0322 3664	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:18:58.0322 3664	NetBT - ok
18:18:58.0322 3664	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:18:58.0322 3664	Netlogon - ok
18:18:58.0384 3664	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:18:58.0384 3664	Netman - ok
18:18:58.0462 3664	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0478 3664	NetMsmqActivator - ok
18:18:58.0493 3664	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0493 3664	NetPipeActivator - ok
18:18:58.0525 3664	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:18:58.0525 3664	netprofm - ok
18:18:58.0525 3664	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0540 3664	NetTcpActivator - ok
18:18:58.0540 3664	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:18:58.0540 3664	NetTcpPortSharing - ok
18:18:58.0571 3664	netvsc          (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
18:18:58.0571 3664	netvsc - ok
18:18:58.0603 3664	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:18:58.0603 3664	nfrd960 - ok
18:18:58.0649 3664	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:18:58.0649 3664	NlaSvc - ok
18:18:58.0665 3664	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:18:58.0665 3664	Npfs - ok
18:18:58.0681 3664	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:18:58.0681 3664	nsi - ok
18:18:58.0696 3664	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:18:58.0696 3664	nsiproxy - ok
18:18:58.0774 3664	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:18:58.0790 3664	Ntfs - ok
18:18:58.0915 3664	ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
18:18:58.0915 3664	ntk_PowerDVD12 - ok
18:18:58.0977 3664	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:18:58.0977 3664	Null - ok
18:18:59.0008 3664	nusb3hub        (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:18:59.0008 3664	nusb3hub - ok
18:18:59.0055 3664	nusb3xhc        (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:18:59.0055 3664	nusb3xhc - ok
18:18:59.0086 3664	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:18:59.0086 3664	nvraid - ok
18:18:59.0133 3664	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:18:59.0133 3664	nvstor - ok
18:18:59.0180 3664	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:18:59.0180 3664	nv_agp - ok
18:18:59.0180 3664	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:18:59.0180 3664	ohci1394 - ok
18:18:59.0258 3664	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:59.0273 3664	ose - ok
18:18:59.0461 3664	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:18:59.0492 3664	osppsvc - ok
18:18:59.0539 3664	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:18:59.0539 3664	p2pimsvc - ok
18:18:59.0570 3664	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:18:59.0570 3664	p2psvc - ok
18:18:59.0601 3664	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:18:59.0601 3664	Parport - ok
18:18:59.0617 3664	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:18:59.0617 3664	partmgr - ok
18:18:59.0648 3664	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:18:59.0648 3664	PcaSvc - ok
18:18:59.0726 3664	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:18:59.0757 3664	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:18:59.0788 3664	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:18:59.0788 3664	pci - ok
18:18:59.0804 3664	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:18:59.0804 3664	pciide - ok
18:18:59.0835 3664	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:18:59.0835 3664	pcmcia - ok
18:18:59.0851 3664	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:18:59.0851 3664	pcw - ok
18:18:59.0897 3664	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:18:59.0897 3664	PEAUTH - ok
18:18:59.0960 3664	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:18:59.0975 3664	PeerDistSvc - ok
18:19:00.0053 3664	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:19:00.0053 3664	PerfHost - ok
18:19:00.0147 3664	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:19:00.0147 3664	pla - ok
18:19:00.0225 3664	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:19:00.0225 3664	PlugPlay - ok
18:19:00.0241 3664	PnkBstrA - ok
18:19:00.0256 3664	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:19:00.0256 3664	PNRPAutoReg - ok
18:19:00.0272 3664	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:00.0272 3664	PNRPsvc - ok
18:19:00.0319 3664	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:19:00.0319 3664	PolicyAgent - ok
18:19:00.0365 3664	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:19:00.0365 3664	Power - ok
18:19:00.0397 3664	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:00.0397 3664	PptpMiniport - ok
18:19:00.0428 3664	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:19:00.0428 3664	Processor - ok
18:19:00.0459 3664	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:19:00.0475 3664	ProfSvc - ok
18:19:00.0475 3664	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:00.0490 3664	ProtectedStorage - ok
18:19:00.0521 3664	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:19:00.0521 3664	Psched - ok
18:19:00.0553 3664	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:19:00.0553 3664	PxHlpa64 - ok
18:19:00.0646 3664	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:19:00.0646 3664	ql2300 - ok
18:19:00.0662 3664	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:19:00.0662 3664	ql40xx - ok
18:19:00.0693 3664	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:19:00.0709 3664	QWAVE - ok
18:19:00.0724 3664	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:19:00.0724 3664	QWAVEdrv - ok
18:19:00.0740 3664	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:00.0740 3664	RasAcd - ok
18:19:00.0740 3664	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:00.0740 3664	RasAgileVpn - ok
18:19:00.0755 3664	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:19:00.0755 3664	RasAuto - ok
18:19:00.0787 3664	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:00.0787 3664	Rasl2tp - ok
18:19:00.0818 3664	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:19:00.0833 3664	RasMan - ok
18:19:00.0849 3664	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:00.0849 3664	RasPppoe - ok
18:19:00.0849 3664	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:00.0849 3664	RasSstp - ok
18:19:00.0865 3664	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:00.0880 3664	rdbss - ok
18:19:00.0896 3664	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:00.0896 3664	rdpbus - ok
18:19:00.0911 3664	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:00.0911 3664	RDPCDD - ok
18:19:00.0943 3664	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:19:00.0958 3664	RDPDR - ok
18:19:00.0958 3664	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:19:00.0958 3664	RDPENCDD - ok
18:19:00.0974 3664	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:19:00.0974 3664	RDPREFMP - ok
18:19:01.0005 3664	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:19:01.0005 3664	RDPWD - ok
18:19:01.0052 3664	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:19:01.0052 3664	rdyboost - ok
18:19:01.0083 3664	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:19:01.0083 3664	RemoteAccess - ok
18:19:01.0114 3664	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:19:01.0114 3664	RemoteRegistry - ok
18:19:01.0239 3664	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:19:01.0255 3664	RoxMediaDB12OEM - ok
18:19:01.0301 3664	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:19:01.0301 3664	RoxWatch12 - ok
18:19:01.0333 3664	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:19:01.0333 3664	RpcEptMapper - ok
18:19:01.0348 3664	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:19:01.0348 3664	RpcLocator - ok
18:19:01.0379 3664	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:01.0379 3664	RpcSs - ok
18:19:01.0411 3664	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:01.0411 3664	rspndr - ok
18:19:01.0442 3664	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:19:01.0442 3664	s3cap - ok
18:19:01.0442 3664	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:01.0442 3664	SamSs - ok
18:19:01.0457 3664	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:19:01.0457 3664	sbp2port - ok
18:19:01.0489 3664	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:19:01.0504 3664	SCardSvr - ok
18:19:01.0504 3664	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:19:01.0504 3664	scfilter - ok
18:19:01.0551 3664	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:19:01.0567 3664	Schedule - ok
18:19:01.0582 3664	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:01.0582 3664	SCPolicySvc - ok
18:19:01.0613 3664	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:19:01.0629 3664	SDRSVC - ok
18:19:01.0645 3664	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:19:01.0645 3664	secdrv - ok
18:19:01.0660 3664	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:19:01.0676 3664	seclogon - ok
18:19:01.0707 3664	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:19:01.0707 3664	SENS - ok
18:19:01.0723 3664	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:19:01.0723 3664	SensrSvc - ok
18:19:01.0738 3664	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:19:01.0738 3664	Serenum - ok
18:19:01.0754 3664	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:19:01.0754 3664	Serial - ok
18:19:01.0769 3664	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:19:01.0769 3664	sermouse - ok
18:19:01.0801 3664	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:19:01.0801 3664	SessionEnv - ok
18:19:01.0801 3664	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:19:01.0801 3664	sffdisk - ok
18:19:01.0801 3664	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:01.0801 3664	sffp_mmc - ok
18:19:01.0816 3664	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:19:01.0816 3664	sffp_sd - ok
18:19:01.0816 3664	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:19:01.0816 3664	sfloppy - ok
18:19:01.0863 3664	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:19:01.0863 3664	Sftfs - ok
18:19:01.0925 3664	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:19:01.0941 3664	sftlist - ok
18:19:01.0957 3664	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:19:01.0957 3664	Sftplay - ok
18:19:01.0972 3664	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:19:01.0972 3664	Sftredir - ok
18:19:02.0066 3664	SftService      (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:19:02.0081 3664	SftService - ok
18:19:02.0097 3664	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:19:02.0097 3664	Sftvol - ok
18:19:02.0128 3664	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:19:02.0128 3664	sftvsa - ok
18:19:02.0175 3664	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:19:02.0175 3664	SharedAccess - ok
18:19:02.0222 3664	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:19:02.0237 3664	ShellHWDetection - ok
18:19:02.0269 3664	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:19:02.0269 3664	SiSRaid2 - ok
18:19:02.0300 3664	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:19:02.0300 3664	SiSRaid4 - ok
18:19:02.0362 3664	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:19:02.0393 3664	SkypeUpdate - ok
18:19:02.0393 3664	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:19:02.0393 3664	Smb - ok
18:19:02.0425 3664	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:19:02.0425 3664	SNMPTRAP - ok
18:19:02.0425 3664	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:19:02.0440 3664	spldr - ok
18:19:02.0471 3664	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:19:02.0471 3664	Spooler - ok
18:19:02.0627 3664	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:19:02.0643 3664	sppsvc - ok
18:19:02.0659 3664	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:19:02.0659 3664	sppuinotify - ok
18:19:02.0705 3664	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:19:02.0705 3664	srv - ok
18:19:02.0721 3664	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:19:02.0737 3664	srv2 - ok
18:19:02.0768 3664	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:02.0768 3664	srvnet - ok
18:19:02.0799 3664	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:19:02.0799 3664	SSDPSRV - ok
18:19:02.0815 3664	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:19:02.0815 3664	SstpSvc - ok
18:19:02.0846 3664	Steam Client Service - ok
18:19:02.0877 3664	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:19:02.0877 3664	stexstor - ok
18:19:02.0939 3664	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:19:02.0939 3664	stisvc - ok
18:19:02.0986 3664	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:19:03.0002 3664	stllssvr - ok
18:19:03.0017 3664	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
18:19:03.0017 3664	StorSvc - ok
18:19:03.0033 3664	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:19:03.0033 3664	storvsc - ok
18:19:03.0064 3664	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:19:03.0064 3664	swenum - ok
18:19:03.0127 3664	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:19:03.0142 3664	SwitchBoard - ok
18:19:03.0189 3664	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:19:03.0205 3664	swprv - ok
18:19:03.0220 3664	SynthVid        (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
18:19:03.0220 3664	SynthVid - ok
18:19:03.0298 3664	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:19:03.0314 3664	SysMain - ok
18:19:03.0329 3664	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:19:03.0329 3664	TabletInputService - ok
18:19:03.0361 3664	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:19:03.0361 3664	TapiSrv - ok
18:19:03.0376 3664	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:19:03.0376 3664	TBS - ok
18:19:03.0454 3664	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:19:03.0470 3664	Tcpip - ok
18:19:03.0501 3664	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:03.0501 3664	TCPIP6 - ok
18:19:03.0532 3664	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:19:03.0532 3664	tcpipreg - ok
18:19:03.0548 3664	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:19:03.0548 3664	TDPIPE - ok
18:19:03.0563 3664	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:19:03.0563 3664	TDTCP - ok
18:19:03.0610 3664	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:19:03.0610 3664	tdx - ok
18:19:03.0626 3664	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:19:03.0641 3664	TermDD - ok
18:19:03.0673 3664	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:19:03.0673 3664	TermService - ok
18:19:03.0673 3664	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:19:03.0688 3664	Themes - ok
18:19:03.0704 3664	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:03.0704 3664	THREADORDER - ok
18:19:03.0719 3664	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:19:03.0719 3664	TrkWks - ok
18:19:03.0766 3664	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:19:03.0766 3664	TrustedInstaller - ok
18:19:03.0797 3664	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:03.0797 3664	tssecsrv - ok
18:19:03.0844 3664	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:19:03.0844 3664	TsUsbFlt - ok
18:19:03.0875 3664	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:19:03.0875 3664	TsUsbGD - ok
18:19:03.0907 3664	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:03.0907 3664	tunnel - ok
18:19:03.0907 3664	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:19:03.0907 3664	uagp35 - ok
18:19:03.0938 3664	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:19:03.0938 3664	udfs - ok
18:19:03.0969 3664	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:19:03.0969 3664	UI0Detect - ok
18:19:04.0000 3664	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:19:04.0000 3664	uliagpkx - ok
18:19:04.0016 3664	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:19:04.0016 3664	umbus - ok
18:19:04.0031 3664	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:19:04.0031 3664	UmPass - ok
18:19:04.0063 3664	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:19:04.0063 3664	UmRdpService - ok
18:19:04.0078 3664	Update-Service - ok
18:19:04.0109 3664	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:19:04.0109 3664	upnphost - ok
18:19:04.0141 3664	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:19:04.0141 3664	USBAAPL64 - ok
18:19:04.0187 3664	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
18:19:04.0187 3664	usbccgp - ok
18:19:04.0203 3664	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:19:04.0203 3664	usbcir - ok
18:19:04.0234 3664	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:04.0234 3664	usbehci - ok
18:19:04.0281 3664	usbhub          (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:04.0281 3664	usbhub - ok
18:19:04.0312 3664	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:19:04.0312 3664	usbohci - ok
18:19:04.0328 3664	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:19:04.0328 3664	usbprint - ok
18:19:04.0343 3664	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:04.0343 3664	USBSTOR - ok
18:19:04.0375 3664	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:19:04.0375 3664	usbuhci - ok
18:19:04.0390 3664	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:19:04.0390 3664	UxSms - ok
18:19:04.0406 3664	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:04.0406 3664	VaultSvc - ok
18:19:04.0421 3664	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:19:04.0421 3664	vdrvroot - ok
18:19:04.0468 3664	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:19:04.0468 3664	vds - ok
18:19:04.0484 3664	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:04.0484 3664	vga - ok
18:19:04.0499 3664	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:19:04.0499 3664	VgaSave - ok
18:19:04.0515 3664	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:19:04.0515 3664	vhdmp - ok
18:19:04.0531 3664	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:19:04.0531 3664	viaide - ok
18:19:04.0546 3664	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:19:04.0562 3664	VMBusHID - ok
18:19:04.0593 3664	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:19:04.0593 3664	volmgr - ok
18:19:04.0624 3664	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:19:04.0640 3664	volmgrx - ok
18:19:04.0671 3664	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:19:04.0671 3664	volsnap - ok
18:19:04.0671 3664	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:19:04.0687 3664	vsmraid - ok
18:19:04.0733 3664	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:19:04.0749 3664	VSS - ok
18:19:04.0765 3664	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:19:04.0765 3664	vwifibus - ok
18:19:04.0780 3664	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:19:04.0780 3664	vwififlt - ok
18:19:04.0827 3664	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:19:04.0827 3664	W32Time - ok
18:19:04.0843 3664	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:19:04.0843 3664	WacomPen - ok
18:19:04.0858 3664	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0858 3664	WANARP - ok
18:19:04.0858 3664	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:04.0858 3664	Wanarpv6 - ok
18:19:04.0967 3664	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:04.0983 3664	WatAdminSvc - ok
18:19:05.0045 3664	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:19:05.0061 3664	wbengine - ok
18:19:05.0077 3664	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:19:05.0077 3664	WbioSrvc - ok
18:19:05.0092 3664	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:19:05.0092 3664	wcncsvc - ok
18:19:05.0123 3664	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:19:05.0123 3664	WcsPlugInService - ok
18:19:05.0139 3664	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:19:05.0139 3664	Wd - ok
18:19:05.0186 3664	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:19:05.0186 3664	Wdf01000 - ok
18:19:05.0217 3664	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:05.0217 3664	WdiServiceHost - ok
18:19:05.0217 3664	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:05.0217 3664	WdiSystemHost - ok
18:19:05.0233 3664	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:19:05.0233 3664	WebClient - ok
18:19:05.0248 3664	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:19:05.0248 3664	Wecsvc - ok
18:19:05.0264 3664	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:19:05.0264 3664	wercplsupport - ok
18:19:05.0279 3664	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:19:05.0279 3664	WerSvc - ok
18:19:05.0295 3664	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:05.0295 3664	WfpLwf - ok
18:19:05.0342 3664	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:19:05.0342 3664	WimFltr - ok
18:19:05.0373 3664	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:19:05.0373 3664	WIMMount - ok
18:19:05.0404 3664	WinDefend - ok
18:19:05.0420 3664	WinHttpAutoProxySvc - ok
18:19:05.0467 3664	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:19:05.0482 3664	Winmgmt - ok
18:19:05.0545 3664	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:19:05.0560 3664	WinRM - ok
18:19:05.0607 3664	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:05.0607 3664	WinUsb - ok
18:19:05.0669 3664	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:19:05.0669 3664	Wlansvc - ok
18:19:05.0685 3664	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:19:05.0685 3664	WmiAcpi - ok
18:19:05.0716 3664	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:05.0716 3664	wmiApSrv - ok
18:19:05.0732 3664	WMPNetworkSvc - ok
18:19:05.0747 3664	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:19:05.0747 3664	WPCSvc - ok
18:19:05.0779 3664	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:19:05.0779 3664	WPDBusEnum - ok
18:19:05.0794 3664	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:05.0794 3664	ws2ifsl - ok
18:19:05.0841 3664	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:19:05.0841 3664	wscsvc - ok
18:19:05.0841 3664	WSearch - ok
18:19:05.0935 3664	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:19:05.0950 3664	wuauserv - ok
18:19:05.0966 3664	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:19:05.0966 3664	WudfPf - ok
18:19:06.0013 3664	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:06.0013 3664	WUDFRd - ok
18:19:06.0028 3664	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:19:06.0028 3664	wudfsvc - ok
18:19:06.0075 3664	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:19:06.0075 3664	WwanSvc - ok
18:19:06.0153 3664	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
18:19:06.0153 3664	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
18:19:06.0200 3664	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:19:06.0434 3664	\Device\Harddisk0\DR0 - ok
18:19:06.0434 3664	Boot (0x1200)   (1d510005a1f408ad3e12746ab39441de) \Device\Harddisk0\DR0\Partition0
18:19:06.0434 3664	\Device\Harddisk0\DR0\Partition0 - ok
18:19:06.0449 3664	Boot (0x1200)   (403bea9a7ba5f8e5d455519ee0993a49) \Device\Harddisk0\DR0\Partition1
18:19:06.0465 3664	\Device\Harddisk0\DR0\Partition1 - ok
18:19:06.0465 3664	============================================================
18:19:06.0465 3664	Scan finished
18:19:06.0465 3664	============================================================
18:19:06.0465 2676	Detected object count: 0
18:19:06.0465 2676	Actual detected object count: 0
18:20:33.0377 3980	Deinitialize success
         
__________________

Alt 05.06.2012, 07:39   #4
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Hinweis: P2P/Filesharing


Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall Bittorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.


adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 05.06.2012, 12:42   #5
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Ich habe nun Bit Torrent deinstalliert.

Hier die Textdatei des adwCleaner:
Code:
ATTFilter
# AdwCleaner v1.608 - Logfile created 06/05/2012 at 13:36:25
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : *** - ULTRA
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\TempDir

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.21

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [765 octets] - [05/06/2012 13:36:25]

########## EOF - C:\AdwCleaner[R1].txt - [892 octets] ##########
         


Alt 05.06.2012, 15:03   #6
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> TR/Mediyes.EB.1 & TR/ATRAPS.Gen

Alt 05.06.2012, 15:43   #7
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Ich habe Combofix ausgeführt. Hier der entsprechende log:

Code:
ATTFilter
ComboFix 12-06-05.01 - *** 05.06.2012  16:28:36.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.16366.14569 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\BetterInstaller.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-05 11:14 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57	--------	d-----w-	c:\program files (x86)\Warcraft III
2012-06-02 17:12 . 2012-06-02 17:12	354304	----a-w-	c:\windows\system32\pouawfiuj.dll
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48	--------	d-----w-	c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45	--------	d-----w-	c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40	--------	d-----w-	c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42	--------	d-----w-	c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07	29184	----a-w-	c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06	24576	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
   4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-05  16:34:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-05 14:34
.
Vor Suchlauf: 13 Verzeichnis(se), 858'275'844'096 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 857'915'236'352 Bytes frei
.
- - End Of File - - 833176481F52F1520D68D2F696606C4A
         

Alt 06.06.2012, 06:17   #8
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Schritt 1: VT


Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
     c:\windows\system32\pouawfiuj.dll
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.


Schritt 2: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DIRLOOK::
c:\users\***\AppData\Local\SKIDROW
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 09:49   #9
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Hallo Marius
Die Datei, die ich auf Virustotal überprüfen sollte, existiert nicht:
Zitat:
pouawfiuj.dll
Datei wurde nicht gefunden.
Überprüfen sie den Dateinamen und wiederholen Sie den Vorgang.
Beim zweiten Schritt klappte alles reibungslos, hier das CFScript:

Code:
ATTFilter
ComboFix 12-06-05.04 - *** 06.06.2012  10:33:15.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.16366.14461 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-06 bis 2012-06-06  ))))))))))))))))))))))))))))))
.
.
2012-06-06 08:35 . 2012-06-06 08:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-05 11:14 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57	--------	d-----w-	c:\program files (x86)\Warcraft III
2012-06-02 17:12 . 2012-06-02 17:12	354304	----a-w-	c:\windows\system32\pouawfiuj.dll
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48	--------	d-----w-	c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45	--------	d-----w-	c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40	--------	d-----w-	c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42	--------	d-----w-	c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07	29184	----a-w-	c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06	24576	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\***\AppData\Local\SKIDROW ----
.
2012-05-08 16:03 . 2012-05-13 10:09	4	----a-w-	c:\users\***\AppData\Local\SKIDROW\63380\Stats.bin
2012-05-08 15:48 . 2012-05-13 10:08	3145736	----a-w-	c:\users\***\AppData\Local\SKIDROW\63380\Storage\sniperv2\pc_profilesaves\76561196619140020\checkpoint4.cld
2012-05-08 15:48 . 2012-05-13 10:11	512	----a-w-	c:\users\***\AppData\Local\SKIDROW\63380\Storage\localstats.cld
2012-05-08 15:48 . 2012-05-13 10:11	648	----a-w-	c:\users\***\AppData\Local\SKIDROW\63380\Storage\generalgamesettings.cld
2012-05-08 15:48 . 2012-05-13 10:11	8	----a-w-	c:\users\***\AppData\Local\SKIDROW\63380\Storage\playerprofile.cld
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-05_14.32.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 08:36 . 2012-06-06 08:36	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-05 14:31 . 2012-06-05 14:31	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 08:36	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-06 08:16	47442              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-06 08:16	38276              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-25 23:05 . 2012-06-06 08:16	13252              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-771433797-4172215404-876768487-1000_UserData.bin
- 2011-12-26 22:10 . 2012-06-05 14:32	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:36	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-06 08:36 . 2012-06-06 08:36	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-05 14:32 . 2012-06-05 14:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-05 14:30	652390              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 08:19	652390              c:\windows\system32\perfh009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30	697072              c:\windows\system32\perfh007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:19	697072              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-06 08:19	121064              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 14:30	121064              c:\windows\system32\perfc009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30	148110              c:\windows\system32\perfc007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:19	148110              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-06 08:36	352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-05 14:31	352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-25 23:12 . 2012-06-05 13:42	8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
+ 2011-12-25 23:12 . 2012-06-05 20:09	8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
   4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-06  10:38:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-06 08:38
.
Vor Suchlauf: 14 Verzeichnis(se), 858'639'613'952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 858'296'713'216 Bytes frei
.
- - End Of File - - 8FC36893C391D080DDB0C6180F256612
         

Alt 06.06.2012, 09:59   #10
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



CkScan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 10:56   #11
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



CKScanner:
Code:
ATTFilter
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\program files (x86)\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick2.dds
scanner sequence 3.AA.11.LGLBBU
 ----- EOF -----
         

Alt 06.06.2012, 11:05   #12
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Schritt 1: CF-script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
http://www.trojaner-board.de/116308-tr-mediyes-eb-1-tr-atraps-gen.html

COLLECT::
c:\windows\system32\pouawfiuj.dll
CLEARJAVACACHE::
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 13:16   #13
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



ComboFix:
Code:
ATTFilter
ComboFix 12-06-05.04 - *** 06.06.2012  12:23:44.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.16366.14202 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pouawfiuj.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-06 bis 2012-06-06  ))))))))))))))))))))))))))))))
.
.
2012-06-06 10:26 . 2012-06-06 10:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-05 11:14 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BCC2B9-3E1B-4D8D-86AD-9DFA0B6B366D}\mpengine.dll
2012-06-03 11:49 . 2012-06-03 12:57	--------	d-----w-	c:\program files (x86)\Warcraft III
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-13 16:14 . 2012-05-13 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-08 15:48 . 2012-05-08 15:48	--------	d-----w-	c:\users\***\AppData\Local\SniperV2
2012-05-08 15:45 . 2012-05-08 15:45	--------	d-----w-	c:\users\***\AppData\Local\SKIDROW
2012-05-08 15:40 . 2012-05-08 15:40	--------	d-----w-	c:\program files (x86)\Rebellion
2012-05-07 16:42 . 2012-05-07 16:42	--------	d-----w-	c:\users\***\jagexcache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:11 . 2011-12-26 13:52	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:11 . 2011-12-26 13:52	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 18:26 . 2012-05-04 18:26	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:26 . 2011-11-29 18:09	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-11-30 02:41	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 02:41	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2011-11-30 02:41	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2011-11-30 02:41	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-11-30 02:41	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-11-30 02:41	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:59 . 2011-11-29 18:19	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-05 20:39 . 2011-11-29 18:20	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07	29184	----a-w-	c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06	24576	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-05_14.32.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-06 10:26 . 2012-06-06 10:26	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-05 14:31 . 2012-06-05 14:31	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-06 10:27	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-05 14:32	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-06 08:43	47624              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-06 08:43	38332              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-25 23:05 . 2012-06-06 08:43	13276              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-771433797-4172215404-876768487-1000_UserData.bin
- 2011-12-26 22:10 . 2012-06-05 14:32	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 22:10 . 2012-06-06 08:41	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-26 22:10 . 2012-06-05 14:32	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-05 14:32 . 2012-06-05 14:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 10:26 . 2012-06-06 10:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-06 10:26 . 2012-06-06 10:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-05 14:32 . 2012-06-05 14:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-05 14:30	652390              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-06 08:45	652390              c:\windows\system32\perfh009.dat
+ 2011-03-01 04:56 . 2012-06-06 08:45	697072              c:\windows\system32\perfh007.dat
- 2011-03-01 04:56 . 2012-06-05 14:30	697072              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-06 08:45	121064              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 14:30	121064              c:\windows\system32\perfc009.dat
- 2011-03-01 04:56 . 2012-06-05 14:30	148110              c:\windows\system32\perfc007.dat
+ 2011-03-01 04:56 . 2012-06-06 08:45	148110              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-06 10:26	352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-05 14:31	352200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-29 19:06 . 2012-06-06 10:26	2518144              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-29 19:06 . 2012-06-05 13:42	2518144              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-25 23:12 . 2012-06-05 13:42	8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
+ 2011-12-25 23:12 . 2012-06-06 10:26	8547432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-771433797-4172215404-876768487-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
R4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
R4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/24 22:25];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771433797-4172215404-876768487-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 10:49]
.
2012-06-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-771433797-4172215404-876768487-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,56,4c,ac,7a,2f,79,74,31,22,85,6d,7a,29,83,8d,0f,f9,9b,1b,a4,
   4a,06,b5,75,3f,0b,82,1f,c7,1d,cc,e3,41,5f,1a,c3,e2,b8,2b,04,80,c5,0e,10,46,\
"rkeysecu"=hex:22,5d,58,d5,c3,bd,b2,98,49,fc,bd,5e,79,1f,76,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-06  12:29:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-06 10:29
.
Vor Suchlauf: 15 Verzeichnis(se), 858'452'238'336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 858'352'373'760 Bytes frei
.
- - End Of File - - 96629AF3D32C1C0A411AFBD0813FF900
Hochladen war erfolgreich
         
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabriel :: ULTRA [Administrator]

Schutz: Aktiviert

06.06.2012 14:08:52
mbam-log-2012-06-06 (14-08-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344700
Laufzeit: 1 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 06.06.2012, 13:27   #14
Psychotic
/// Malwareteam
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Onlinescan zur Kontrolle



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Macht der Rechner noch Probleme?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 14:28   #15
Cersus
 
TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Standard

TR/Mediyes.EB.1 & TR/ATRAPS.Gen



Eset-Textfile:
Code:
ATTFilter
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\TempDIR\BetterInstaller.exe.vir	a variant of Win32/Somoto.A application
C:\Users\***\Downloads\coretemp_1236.exe	a variant of Win32/InstallIQ application
         
Probleme hat mein Rechner eigentlich noch nie gemacht. Ich war nur ein wenig verunsichert, da Avira-Antivir zwei Trojaner gemeldet hatte und man sie durch einfaches löschen nicht weg bekommen hatte. Ich werde gleich nochmal mit Avira einen vollständigen Suchlauf durchführen, um zu schauen ob Avira noch was meldet.

Antwort

Themen zu TR/Mediyes.EB.1 & TR/ATRAPS.Gen
.com, adblock, adobe, antivir, application/pdf, application/pdf:, defender, explorer, lanmanworkstation, logfile, plug-in, registry, scan, searchscopes, server, software, svchost.exe, tr/atraps.gen, tr/mediyes.eb.1, tr/mediyes.f.6, trojan/psw.kykymber.azq, trojan/psw.kykymber.ceif, trojan/win32.kykymber.gen, trojan:win32/mediyes.f, trojaner, version=1.0, win32/mediyes.q, windows



Ähnliche Themen: TR/Mediyes.EB.1 & TR/ATRAPS.Gen


  1. TR/Mediyes.J.1 und Netzwerkprobleme
    Log-Analyse und Auswertung - 26.08.2014 (7)
  2. Windows 8.1 TR/Mediyes.gen
    Log-Analyse und Auswertung - 28.01.2014 (3)
  3. Windows 8.1 TR/Mediyes.gen
    Log-Analyse und Auswertung - 11.01.2014 (5)
  4. TR/Mediyes.Gen gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (5)
  5. Trojaner Mediyes.Gen
    Log-Analyse und Auswertung - 28.11.2013 (10)
  6. Trojaner Mediyes.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (13)
  7. TR/ATRAPS.Gen und TR/Mediyes.Gen von avira in Qurantäne genommen. Was nun?!
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  8. TR/Mediyes.gen entdeckt D:
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (37)
  9. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  10. tr/mediyes.cd
    Log-Analyse und Auswertung - 09.07.2012 (1)
  11. Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (6)
  12. TR/mediyes.F.3
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (32)
  13. TR Mediyes, Atraps, spy* entfernt?
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (10)
  14. generic28 HGR / Mediyes
    Log-Analyse und Auswertung - 08.05.2012 (1)
  15. TR/Mediyes.B.6.
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (10)
  16. WinNT/Mediyes.A
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (4)

Zum Thema TR/Mediyes.EB.1 & TR/ATRAPS.Gen - Ich habe festgestellt, dass Mein Computer von den Trojanern TR/Medyies.EB.1 und TR/ATRAPS.Gen befallen ist. Was sollte ich jetzt machen? Danke für die Hilfe OTL-Code: Code: Alles auswählen Aufklappen ATTFilter OTL - TR/Mediyes.EB.1 & TR/ATRAPS.Gen...
Archiv
Du betrachtest: TR/Mediyes.EB.1 & TR/ATRAPS.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.