Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rootkit.Zeroaccess

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2012, 08:46   #1
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Hallo zusammen,
ich habe hier einen Rechner mit Win7 32-bit. Auf diesem hat MBAM 4x den Rootkit.Zeroaccess gefunden und in Quarantäne gestellt.
Der Rechner lässt das Starten des DHCP-Clients nicht mehr zu. Es kommt immer folgende Fehlermeldung:
Code:
ATTFilter
 Fehler 1075: Der Abhängigkeitsdienst ist nicht vorhanden oder wurde zum Löschen markiert.
         
Wenn man manuell eine IP vergibt, funktioniert die DNS-Auflösung nicht. Z.B. meldet MBAM beim Versuch zu aktualisieren:
Code:
ATTFilter
 PROGRAMM_ERROR_UPDATING (0, 0, DNS error)
         
Internetzugang ist über IP-Adresse möglich. Man kann zumindest öffentliche IPs anpingen.

hier die Ausgabe des letzten MBAM Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Lore  :: LORES-PC [Administrator]

Schutz: Deaktiviert

11.06.2012 22:07:12
mbam-log-2012-06-11 (22-07-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466797
Laufzeit: 1 Stunde(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\Lore\rf2m08iqaw.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lore\AppData\Local\7fc9ff30\X (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lore\AppData\Local\Temp\77FB.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lore\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Gibt es noch Hoffnung, oder soll ich besser gleich neu installieren?

Gruß

Armin

Alt 12.06.2012, 10:07   #2
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?
__________________

__________________

Alt 12.06.2012, 14:14   #3
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Schritt 1: defogger

Ausgabe: Finished!

Keine Aufforderung zum Neustart

Schritt 2: OTL

OTL.txt (Klarnamen gegen *** ersetzt

Code:
ATTFilter
OTL logfile created on: 12.06.2012 12:20:04 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = G:\Tools\Malwarebytes
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,73% Memory free
4,00 Gb Paging File | 3,25 Gb Available in Paging File | 81,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 6,15 Gb Free Space | 8,26% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,77 Gb Free Space | 69,75% Space Free | Partition Type: NTFS
Drive G: | 14,94 Gb Total Space | 1,12 Gb Free Space | 7,47% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 21:25:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- G:\Tools\Malwarebytes\OTL.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
PRC - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009.04.14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006.08.18 15:32:00 | 000,294,912 | ---- | M] (FUJIFILM Corporation.) -- C:\Programme\FinePixViewer\QuickDCF2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.24 03:22:32 | 000,139,944 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\ezprint.exe
MOD - [2011.01.24 03:22:29 | 000,770,728 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleamon.exe
MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleadrs.dll
MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleascw.dll
MOD - [2009.11.26 10:49:41 | 000,086,180 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.23 13:13:33 | 000,221,184 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epoemdll.dll
MOD - [2009.06.23 13:13:02 | 000,045,056 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epstring.dll
MOD - [2009.06.23 13:11:53 | 002,203,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizres.dll
MOD - [2009.06.22 15:08:27 | 000,708,608 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epwizard.dll
MOD - [2009.06.22 15:06:32 | 000,159,744 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\customui.dll
MOD - [2009.06.22 15:06:09 | 000,061,440 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\epfunct.dll
MOD - [2009.06.22 15:06:03 | 000,114,688 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\eputil.dll
MOD - [2009.06.22 15:05:49 | 000,139,264 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\imagutil.dll
MOD - [2009.05.27 12:16:52 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\iptk.dll
MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacaps.dll
MOD - [2009.03.05 19:55:33 | 000,059,904 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Dell V310-V510 Series\dleaptp.dll
MOD - [2008.12.10 11:10:06 | 000,253,952 | ---- | M] () -- C:\Programme\Dell Printable Web\toolband.dll
MOD - [2008.12.08 18:27:47 | 000,065,536 | ---- | M] () -- C:\Programme\Dell Printable Web\resource.dll
MOD - [2006.11.03 17:04:56 | 000,304,008 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006.08.10 09:15:10 | 000,139,264 | ---- | M] () -- C:\Programme\Dell Photo AIO Printer 926\memcard.dll
MOD - [2006.02.22 12:44:00 | 000,061,440 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.24 09:04:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 00:40:39 | 000,045,264 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\bab416bc1514ecdd.sys -- (bab416bc1514ecdd)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2006.10.11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\efekkhnv.sys -- (lekdm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\25eb0.sys -- (25eb0)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.tdx)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.serial)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.netbt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.csc)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.cdrom)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (.afd)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.29 00:40:39 | 000,045,264 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\bab416bc1514ecdd.sys -- (bab416bc1514ecdd)
DRV - [2011.08.08 20:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011.03.11 07:44:01 | 001,210,240 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2011.03.11 06:08:24 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2011.02.23 07:06:11 | 000,311,296 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv)
DRV - [2011.02.23 07:05:57 | 000,309,760 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2)
DRV - [2011.02.23 07:05:48 | 000,113,664 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet)
DRV - [2011.02.23 07:05:41 | 000,221,696 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011.02.23 07:05:35 | 000,095,744 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011.02.23 07:05:31 | 000,123,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb)
DRV - [2011.02.23 07:05:25 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser)
DRV - [2010.11.02 06:46:34 | 000,728,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010.08.09 17:01:40 | 000,691,696 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 08:12:30 | 001,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (TCPIP6)
DRV - [2010.06.14 08:12:30 | 001,286,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.09.26 07:58:35 | 000,194,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol)
DRV - [2009.07.14 03:26:21 | 000,249,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS)
DRV - [2009.07.14 03:26:21 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2009.07.14 03:26:15 | 000,021,584 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009.07.14 03:20:45 | 000,153,680 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\pci.sys -- (pci)
DRV - [2009.07.14 03:20:45 | 000,012,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pciide.sys -- (pciide)
DRV - [2009.07.14 03:20:44 | 000,710,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009.07.14 03:20:44 | 000,186,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2009.07.14 03:20:44 | 000,162,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009.07.14 03:20:44 | 000,130,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mpio.sys -- (mpio)
DRV - [2009.07.14 03:20:44 | 000,115,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\msdsm.sys -- (msdsm)
DRV - [2009.07.14 03:20:44 | 000,105,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009.07.14 03:20:44 | 000,078,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2009.07.14 03:20:44 | 000,056,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009.07.14 03:20:44 | 000,049,728 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2009.07.14 03:20:44 | 000,041,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass)
DRV - [2009.07.14 03:20:44 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2009.07.14 03:20:44 | 000,027,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\msahci.sys -- (msahci)
DRV - [2009.07.14 03:20:43 | 000,013,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\msisadrv.sys -- (msisadrv)
DRV - [2009.07.14 03:20:36 | 000,067,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2009.07.14 03:20:36 | 000,046,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009.07.14 03:20:36 | 000,042,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass)
DRV - [2009.07.14 03:20:36 | 000,015,424 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\intelide.sys -- (intelide)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,198,208 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2009.07.14 03:20:28 | 000,058,448 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009.07.14 03:20:28 | 000,057,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 03:20:28 | 000,019,536 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2009.07.14 03:20:27 | 000,057,424 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2009.07.14 03:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009.07.14 03:19:11 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\uliagpkx.sys -- (uliagpkx)
DRV - [2009.07.14 03:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wd.sys -- (Wd)
DRV - [2009.07.14 03:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009.07.14 03:19:10 | 000,245,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\volsnap.sys -- (volsnap)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,055,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2009.07.14 03:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2009.07.14 03:19:10 | 000,053,312 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\volmgr.sys -- (volmgr)
DRV - [2009.07.14 03:19:10 | 000,051,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,012,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,085,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:03 | 000,180,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2009.07.14 03:19:03 | 000,017,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:41:15 | 000,586,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH)
DRV - [2009.07.14 02:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2009.07.14 02:14:44 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2009.07.14 02:02:58 | 000,133,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:55 | 000,177,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009.07.14 02:01:51 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP)
DRV - [2009.07.14 02:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD)
DRV - [2009.07.14 02:01:39 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD)
DRV - [2009.07.14 02:01:37 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2009.07.14 02:01:37 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2009.07.14 01:55:24 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009.07.14 01:55:02 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2009.07.14 01:55:02 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:54:58 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rassstp.sys -- (RasSstp)
DRV - [2009.07.14 01:54:53 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2009.07.14 01:54:48 | 000,073,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport)
DRV - [2009.07.14 01:54:46 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2009.07.14 01:54:40 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd)
DRV - [2009.07.14 01:54:35 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2009.07.14 01:54:34 | 000,078,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp)
DRV - [2009.07.14 01:54:29 | 000,101,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009.07.14 01:54:29 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009.07.14 01:54:27 | 000,048,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009.07.14 01:54:24 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2009.07.14 01:54:14 | 000,034,816 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009.07.14 01:54:13 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009.07.14 01:54:03 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel)
DRV - [2009.07.14 01:53:58 | 000,104,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (Psched)
DRV - [2009.07.14 01:53:54 | 000,036,352 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2009.07.14 01:53:51 | 000,045,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:53:41 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb)
DRV - [2009.07.14 01:53:27 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009.07.14 01:53:20 | 000,060,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr)
DRV - [2009.07.14 01:53:19 | 000,048,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio)
DRV - [2009.07.14 01:52:53 | 000,060,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:09 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2009.07.14 01:52:03 | 000,267,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:51:39 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:34 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2009.07.14 01:51:33 | 000,091,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidbth.sys -- (HidBth)
DRV - [2009.07.14 01:51:31 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2009.07.14 01:51:29 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 01:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2009.07.14 01:51:17 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\circlass.sys -- (circlass)
DRV - [2009.07.14 01:51:14 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2009.07.14 01:51:14 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbohci.sys -- (usbohci)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\WinUsb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:10 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:51:05 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr)
DRV - [2009.07.14 01:51:04 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2009.07.14 01:50:57 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009.07.14 01:50:45 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2009.07.14 01:50:17 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009.07.14 01:45:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV - [2009.07.14 01:45:52 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV - [2009.07.14 01:45:52 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009.07.14 01:45:52 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV - [2009.07.14 01:45:45 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc)
DRV - [2009.07.14 01:45:45 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2009.07.14 01:45:35 | 000,079,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\parport.sys -- (Parport)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.14 01:45:29 | 000,008,704 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\parvdm.sys -- (Parvdm)
DRV - [2009.07.14 01:45:28 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:45:09 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\kbdhid.sys -- (kbdhid)
DRV - [2009.07.14 01:45:08 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2009.07.14 01:45:08 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sermouse.sys -- (sermouse)
DRV - [2009.07.14 01:45:08 | 000,008,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2009.07.14 01:45:08 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2009.07.14 01:45:08 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2009.07.14 01:45:07 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2009.07.14 01:45:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:30:59 | 000,065,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:25:59 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor)
DRV - [2009.07.14 01:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009.07.14 01:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:23:04 | 000,035,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\blbdrive.sys -- (blbdrive)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:19:19 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\errdev.sys -- (ErrDev)
DRV - [2009.07.14 01:19:18 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2009.07.14 01:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wmiacpi.sys -- (WmiAcpi)
DRV - [2009.07.14 01:15:45 | 000,086,528 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009.07.14 01:15:29 | 000,028,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009.07.14 01:15:13 | 000,387,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2009.07.14 01:14:29 | 000,241,664 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss)
DRV - [2009.07.14 01:14:26 | 000,115,712 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009.07.14 01:14:09 | 000,246,784 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs)
DRV - [2009.07.14 01:14:03 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009.07.14 01:14:02 | 000,148,480 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009.07.14 01:12:59 | 000,513,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP)
DRV - [2009.07.14 01:12:21 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2009.07.14 01:12:11 | 000,074,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx)
DRV - [2009.07.14 01:12:08 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009.07.14 01:11:32 | 000,035,328 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009.07.14 01:11:26 | 000,108,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom)
DRV - [2009.07.14 01:11:26 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009.07.14 01:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs)
DRV - [2009.07.14 01:11:12 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009.07.14 01:11:04 | 000,053,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 01:11:04 | 000,052,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\processr.sys -- (Processor)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag)
DRV - [2009.06.18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.29 17:40:56 | 000,210,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008.04.29 17:40:56 | 000,017,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008.04.29 17:40:56 | 000,012,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\SiRemFil.sys -- (SiRemFil)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 90 9A 56 C0 35 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.24 09:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.02 23:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.25 21:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.14 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 15:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4329hxqe.default\extensions
[2011.12.01 20:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.24 09:04:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.09 17:08:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.27 02:49:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 02:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 02:49:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 02:49:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.27 02:49:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 02:49:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX\Trayserver_DE.exe (MAGIX AG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 194.25.2.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.05 13:15:06 | 000,000,039 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5a97db04-a3c7-11df-b60f-0011098a348f}\Shell - "" = AutoRun
O33 - MountPoints2\{5a97db04-a3c7-11df-b60f-0011098a348f}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c66bece9-a18f-11df-8988-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c66bece9-a18f-11df-8988-806e6f6e6963}\Shell\AutoRun\command - "" = D:\UpdateInstaller.exe -- [2012.05.30 08:04:14 | 000,648,593 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.05 22:48:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.06.05 22:45:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
[2012.06.05 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinCDEmu
[2012.06.05 22:28:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.06.05 22:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.05 22:21:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.05 22:21:47 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.05 22:21:47 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.05 22:21:47 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.05 22:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.05 22:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.04 17:28:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.04 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.04 17:28:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.04 17:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.24 09:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 12:19:13 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.12 00:39:35 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 00:39:35 | 000,018,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 00:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.12 00:20:58 | 1610,256,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 00:44:45 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
[2012.06.04 17:28:14 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.04 17:28:14 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.04 17:28:14 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.04 17:28:14 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.17 10:33:34 | 000,001,163 | ---- | M] () -- C:\Users\***\Desktop\Canon SELPHY CP510 (Kopie 1) - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.12 12:19:01 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.06 00:44:45 | 000,000,134 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer-Problembehebung.url
[2012.05.17 10:33:34 | 000,001,163 | ---- | C] () -- C:\Users\***\Desktop\Canon SELPHY CP510 (Kopie 1) - Verknüpfung.lnk
[2012.02.29 00:40:39 | 000,045,264 | ---- | C] () -- C:\Windows\System32\drivers\bab416bc1514ecdd.sys
[2012.02.28 13:06:21 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\7fc9ff30\@
[2011.10.10 19:50:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEAPMON.DLL
[2011.10.10 19:50:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAFXPU.DLL
[2011.10.10 19:50:01 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEAoem.dll
[2011.10.10 19:49:37 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2011.10.10 19:49:37 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2011.10.10 19:46:01 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2011.10.10 19:45:56 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2011.10.10 19:45:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2011.10.10 19:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2011.10.10 19:45:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2011.10.10 19:45:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2011.10.10 19:44:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2011.10.10 19:44:19 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2011.05.18 11:27:58 | 003,901,824 | ---- | C] () -- C:\Windows\System32\ntoskrnl.exe
[2011.04.28 22:17:42 | 001,210,240 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys
[2011.04.28 22:17:42 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2011.04.28 22:17:41 | 000,146,304 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys
[2011.04.28 22:17:41 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys
[2011.04.28 22:17:41 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys
[2011.04.28 22:17:41 | 000,075,776 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS
[2011.04.28 22:17:41 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys
[2011.04.16 14:33:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys
[2011.04.16 14:33:36 | 000,309,760 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys
[2011.04.16 14:33:36 | 000,113,664 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys
[2011.04.16 14:33:29 | 000,294,912 | ---- | C] () -- C:\Windows\System32\atmfd.dll
[2011.04.16 14:32:36 | 002,331,136 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2011.04.16 14:32:25 | 000,221,696 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011.04.16 14:32:25 | 000,123,392 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys
[2011.04.16 14:32:25 | 000,095,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011.04.16 14:32:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys
[2011.02.09 11:37:22 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.13 00:01:32 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011.01.13 00:01:32 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2010.10.27 14:17:40 | 000,026,504 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys
[2010.10.19 18:23:17 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010.10.05 21:55:51 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys
[2010.10.05 17:10:05 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010.10.05 17:10:05 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010.10.05 17:10:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010.10.05 17:10:05 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2010.10.05 17:10:05 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010.10.05 17:10:04 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010.10.05 17:10:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010.10.05 17:10:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010.10.05 17:10:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010.10.05 17:10:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010.10.05 17:10:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010.10.05 17:10:04 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2010.10.05 17:10:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010.10.05 17:10:04 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2010.10.05 17:10:04 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010.10.05 17:10:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010.10.05 17:10:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010.10.05 17:10:04 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010.10.05 17:10:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010.10.05 17:10:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010.10.05 17:10:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010.10.05 17:10:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010.10.05 17:10:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010.10.05 17:10:03 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010.10.05 17:08:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010.10.05 17:08:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2010.08.14 10:49:49 | 001,286,016 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys
[2010.08.09 16:48:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.08.09 16:44:43 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.09 16:31:54 | 000,081,924 | ---- | C] () -- C:\Windows\System32\drivers\VC4CB104.SYS
[2010.08.09 16:08:32 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 03:12:22 | 000,194,488 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys
[2010.08.07 03:11:55 | 000,133,720 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.08.07 03:11:41 | 000,507,568 | ---- | C] () -- C:\Windows\System32\winload.exe
[2010.08.06 22:19:33 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 22:19:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.08.06 22:19:33 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 22:19:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.06 21:24:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2010.09.14 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2010.08.09 17:52:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.08.09 16:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Net
[2010.08.14 11:13:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2010.08.07 10:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.08.09 16:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FUJIFILM
[2010.08.09 16:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.08 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.08.09 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.14 11:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.17 19:14:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\V310-V510 Series
[2012.06.12 00:21:08 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB32518$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
und Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 12.06.2012 07:23:13 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = G:\Tools\Malwarebytes
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,83% Memory free
4,00 Gb Paging File | 3,41 Gb Available in Paging File | 85,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,44 Gb Total Space | 6,17 Gb Free Space | 8,29% Space Free | Partition Type: NTFS
Drive D: | 824,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 74,51 Gb Total Space | 73,74 Gb Free Space | 98,96% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 649,77 Gb Free Space | 69,75% Space Free | Partition Type: NTFS
Drive G: | 14,94 Gb Total Space | 1,12 Gb Free Space | 7,52% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: Lore Seiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF0F2A0-6181-4CEC-A94D-5026CE22312D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C51AF67-A613-4F64-BFF7-A0CD67BB085F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{292FBCA6-C6B6-4E17-894F-EFB30772CFBE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36427C99-2A3B-4AAB-9639-72CD6FCDA8B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3895254B-E848-469A-AE00-A0CED9E4367B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BD5525A-63C4-4538-8073-EBC3D7AAD314}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5A7FDCFE-0E27-4344-8226-45B153B5F1AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6D3CB3FF-6608-4CC3-BC33-4B805F1B5696}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{716C686C-780C-493C-902B-A63200BE1E1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{861E45CA-D218-4E70-BFA9-706F1524BDFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96BFBDBF-672D-41D7-8B67-7817B55FF149}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E7575C33-044E-45C3-9DEA-8D2B58A3CDF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB40599B-02F8-4F18-827E-5EDC8421D3C9}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{F78C56E2-2DFE-49EE-BB54-3302640136A1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FE15AFB3-62FA-4E67-BF4B-3BF3B4DD41F2}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF0C3E2-71B0-4365-87A2-4D1D84D45C3D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0D152461-CFDC-48B7-BF7E-FB97227A7BB3}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | 
"{25C1AA3F-F392-49A9-94B2-27AD4C297CA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2CBE2CED-317B-42CA-A171-F54EC9369541}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{2FB151F9-2769-4F5B-B84D-B9459AEB5654}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{3C7F1F0D-6E15-4148-8EDA-8E8B81AFAC45}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{3F918F79-3DD8-4EE7-8DE7-DF0858DD3AC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{45445766-ED73-42E2-AF51-A710158702DB}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{475A3F7A-4983-40BA-94DC-2F3E2B8ADBD3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{4C697F9D-6764-4E00-8A8D-A8505B997513}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | 
"{60BAAF38-C858-4A5B-904E-D77B9F6B37B6}" = protocol=6 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe | 
"{616B0C0C-84A9-4BD9-9B1C-A5DE45CAB674}" = protocol=17 | dir=in | app=c:\program files\dell v310-v510 series\dleafax.exe | 
"{68A5108D-5537-453A-B43D-2AB06D401341}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe | 
"{7E60B3FB-4B8B-4334-905C-459CBB63E189}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7EF17BDC-5A59-4CAA-9374-111A091C3CF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8ACFBF59-4AFE-4921-BDDB-948C3F35979D}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe | 
"{9E1B688F-ED74-41A1-9910-3B15D2E8A22E}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe | 
"{BB3C4B33-6FEF-465C-B642-8CCC03DBB716}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{E24E2A56-6EB3-4D59-8EB2-0E50AD8101F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E408FDF7-61B1-49E7-81CA-6FC6AB667928}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{E5F2882E-55F5-4B90-9E78-21120DA59ABC}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{FA61C09B-4919-4D44-A999-19C0335BE032}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37A54340-6655-4FFC-BC4C-0B945764DA4B}" = Canon PhotoRecord
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{61B65BA2-ACB0-4109-B6AC-C73A93106FA6}" = MAGIX Screenshare
"{68D73A1E-9B15-4519-8B62-67606DA80082}" = MAGIX Speed burnR (MSI)
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = CP Printer Guide
"{BB533746-CF08-11D7-BCF1-005004748D87}" = Java SATARaid
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DA38EC64-4D83-4E46-83CA-C0D1175921DC}" = MAGIX Video deluxe MX
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F748FAE2-3D19-44F7-AC03-EB9ADA517752}" = FotoSlate 4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon SELPHY CP510" = Canon SELPHY CP510
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell V310-V510 Series" = Dell V310-V510 Series
"Designer 2.0_is1" = Designer 2.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Foxit Reader" = Foxit Reader
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}" = Canon Utilities Anleitung zum CP-Drucker
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.2
"WinCDEmu" = WinCDEmu
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.06.2012 16:31:10 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vmnt.exe, Version: 3.6.0.0, Zeitstempel:
 0x4e4026fe  Name des fehlerhaften Moduls: vmnt.exe, Version: 3.6.0.0, Zeitstempel:
 0x4e4026fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000bb3c  ID des fehlerhaften Prozesses:
 0x95c  Startzeit der fehlerhaften Anwendung: 0x01cd435a1e7a0bb9  Pfad der fehlerhaften
 Anwendung: C:\Program Files\WinCDEmu\vmnt.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\WinCDEmu\vmnt.exe  Berichtskennung: 62155185-af4d-11e1-8da4-0011098a348f
 
Error - 05.06.2012 16:33:38 | Computer Name = ***-PC | Source = Schedule | ID = 0
Description = 
 
Error - 05.06.2012 16:36:10 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
 Zeitstempel: 0x4d6878c3  Name des fehlerhaften Moduls: WinCDEmuContextMenu.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4e402656  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6b00eb75  ID des fehlerhaften Prozesses: 0x56c  Startzeit der fehlerhaften Anwendung:
 0x01cd435a7dc3654c  Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad 
des fehlerhaften Moduls: WinCDEmuContextMenu.dll  Berichtskennung: 1565637a-af4e-11e1-b004-0011098a348f
 
Error - 05.06.2012 16:45:48 | Computer Name = ***-PC | Source = Schedule | ID = 0
Description = 
 
Error - 05.06.2012 16:57:43 | Computer Name = ***-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 11.06.2012 14:18:53 | Computer Name = ***-PC | Source = Schedule | ID = 0
Description = 
 
Error - 11.06.2012 14:30:52 | Computer Name = ***-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
Error - 11.06.2012 18:10:28 | Computer Name = ***-PC | Source = Schedule | ID = 0
Description = 
 
Error - 11.06.2012 18:21:08 | Computer Name = ***-PC | Source = Schedule | ID = 0
Description = 
 
Error - 11.06.2012 18:32:55 | Computer Name = ***-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
 0xffffffff
 
[ System Events ]
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%22
 
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%22
 
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "SMB 2.0-Miniredirector"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Konfiguration für Remotedesktops" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
Error - 11.06.2012 18:32:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 11.06.2012 18:33:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%307.
 
Error - 11.06.2012 18:34:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
Error - 11.06.2012 18:34:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 12.06.2012 01:17:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "DHCP-Client" ist von folgendem Dienst abhängig: Afd. Dieser
 Dienst ist eventuell nicht installiert.
 
 
< End of report >
         
Schritt 3: GMER

Gmer hat zwei Fehlermeldungen produziert, aber keinen Scan durchgeführt, siehe gmer.7z im Anhang

Extras.txt wurde bereits heute Morgen erstellt "QuickScan" hat die Datei nicht nochmal erstellt.
Auf dem Rechner fehlen auch die Microsoft Updates z. B. SP1
Mit einer WSUS-Offline DVD versucht die Updates zu installieren: schlägt fehl.
Code:
ATTFilter
Der Name eines Attributs in einer Identität liegt außerhalb des gültigen Bereichs.
Fehler: ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME(0x8007370b)
         
Ich hoffe es macht nichts aus, dass ich die Programme direkt vom USB-Stick gestartet habe. Muss ja alles auf einem anderen Rechner downloaden und dann die Ergebnisse auch wieder per Stick nach hier übertragen.
__________________

Alt 12.06.2012, 14:16   #4
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Starte den Rechner neu und versuche GMER erneut.
Führe keine Updates/Installationen/Scans durch, zu denen ich nicht ausdrücklich auffordere!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.06.2012, 15:03   #5
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Der Versuch mit den Updates war bereits gestern, wollte ihn nur erwähnt haben, um alle vorhandenen Informationen bereit zu stellen.

Nach einem Neustart kam die erste Fehlermeldung immer noch, aber der scan liess sich jetzt ausführen:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-12 15:57:44
Windows 6.1.7600  
Running: kvdwyff9.exe


---- Services - GMER 1.0.15 ----

Service  System32\Drivers\bab416bc1514ecdd.sys (*** hidden *** )                                                             [BOOT] bab416bc1514ecdd                             <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@ImagePath                                                   \SystemRoot\System32\Drivers\bab416bc1514ecdd.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@Group                                                       Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@ErrorControl                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@Type                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@Start                                                       0
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@Tag                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\bab416bc1514ecdd@DisplayName                                                 rf2m08iqaw.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF5 0x26 0xAF 0x07 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x1A 0xE4 0x3C 0x82 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x32 0x3C 0x70 0xBF ...
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@ImagePath                                                       \SystemRoot\System32\Drivers\bab416bc1514ecdd.sys
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@Group                                                           Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@ErrorControl                                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@Type                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@Start                                                           0
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@Tag                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\bab416bc1514ecdd@DisplayName                                                     rf2m08iqaw.exe
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xF5 0x26 0xAF 0x07 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1A 0xE4 0x3C 0x82 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x32 0x3C 0x70 0xBF ...

---- Files - GMER 1.0.15 ----

File     C:\Windows\$NtUninstallKB32518$\113094674                                                                           0 bytes
File     C:\Windows\$NtUninstallKB32518$\2143944496                                                                          0 bytes
File     C:\Windows\$NtUninstallKB32518$\2143944496\L                                                                        0 bytes
File     C:\Windows\$NtUninstallKB32518$\2143944496\U                                                                        0 bytes

---- EOF - GMER 1.0.15 ----
         
es kamen jetzt auch Meldungen, dass GMER einen Rootkit gefunden hat.


Alt 12.06.2012, 15:07   #6
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Schritt 1: Software deinstallieren

  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Ask toolbar
  • Schließe das Fenster.


Schritt 2: Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Rootkit.Zeroaccess

Alt 12.06.2012, 18:38   #7
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Toolbar wurde deinstalliert.

Hier das
Combofix Logfile:

Code:
ATTFilter
ComboFix 12-06-12.01 - *** 12.06.2012  18:50:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2048.1493 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB32518$
c:\windows\$NtUninstallKB32518$\113094674
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\drivers\bab416bc1514ecdd.sys
.
Infizierte Kopie von c:\windows\system32\drivers\AGP440.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\drivers\asyncmac.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.cdrom
-------\Service_.netbt
-------\Service_.serial
-------\Legacy_bab416bc1514ecdd
-------\Service_bab416bc1514ecdd
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 17:00 . 2012-06-12 17:03	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-06-12 17:00 . 2012-06-12 17:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-05 20:48 . 2012-06-05 20:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-05 20:29 . 2012-06-05 20:29	--------	d-----w-	c:\program files\WinCDEmu
2012-06-05 20:28 . 2012-06-05 20:28	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2012-06-05 20:21 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-05 20:21 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-05 20:21 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-05 20:21 . 2012-06-05 20:21	--------	d-----w-	c:\programdata\Avira
2012-06-05 20:21 . 2012-06-05 20:21	--------	d-----w-	c:\program files\Avira
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 07:04 . 2011-06-02 21:07	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 25eb0;rf2m08iqaw.exe;c:\windows\system32\drivers\25eb0.sys [x]
R4 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - SSMDRV
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ndasscsi
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{4E7D8419-DFD9-44BD-97C8-80FCEEB1D5BB}: NameServer = 194.25.2.129
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\windows\system32\dleacoms.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  19:09:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 17:09
.
Vor Suchlauf: 9 Verzeichnis(se), 11.659.157.504 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 12.044.636.160 Bytes frei
.
- - End Of File - - D05EADDD74634DBE5EDDBB088D388D64
         
--- --- ---


Netzwerkverbindung bekommt wieder eine IP-Adresse per DHCP zugewiesen.
Avira-Dienste lassen sich nicht mehr aktivieren (Zugriff verweigert). Hatte sie wegen combofix Warnungen deaktiviert. Ist aber nicht schlimm, soll sowieso ein besserer Virenscanner drauf.

Habe den Rechner noch vom Netz getrennt, bis ich Entwarnung oder weitere Anweisungen bekomme.

Auf jeden Fall hier schon mal ein dickes

Spende ist auf dem Weg

Geändert von Armin_M (12.06.2012 um 19:09 Uhr)

Alt 13.06.2012, 07:42   #8
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DRIVER::
EYJ7101000183801875921
FILE::
c:\windows\system32\drivers\25eb0.sys
CLEARJAVACACHE::
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 09:55   #9
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Hier das Combofix.log:


Code:
ATTFilter
ComboFix 12-06-12.03 - *** 13.06.2012   9:06.2.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2048.1474 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\25eb0.sys"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 07:14 . 2012-06-13 07:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-13 07:11 . 2012-06-13 07:11	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2F43825-9BF1-41B8-948F-372F2165BAAC}\offreg.dll
2012-06-12 17:00 . 2012-06-13 07:14	--------	d-----w-	c:\users\Lore Seiler\AppData\Local\temp
2012-06-05 20:48 . 2012-06-05 20:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-05 20:29 . 2012-06-05 20:29	--------	d-----w-	c:\program files\WinCDEmu
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\users\Lore Seiler\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 07:04 . 2011-06-02 21:07	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
.
c:\users\Lore Seiler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 lekdm;lekdm;c:\windows\System32\drivers\efekkhnv.sys [x]
R1 25eb0;rf2m08iqaw.exe;c:\windows\system32\drivers\25eb0.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 129976]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-09 691696]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 602792]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ndasscsi
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lore Seiler\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13  09:17:27
ComboFix-quarantined-files.txt  2012-06-13 07:17
ComboFix2.txt  2012-06-12 17:09
.
Vor Suchlauf: 10 Verzeichnis(se), 11.991.412.736 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 11.947.319.296 Bytes frei
.
- - End Of File - - 5FCA3E8CCFFE5E173DA673CB1FFC1526
         
--- --- ---


und das Log von MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

13.06.2012 09:31:34
mbam-log-2012-06-13 (09-31-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 477287
Laufzeit: 1 Stunde(n), 9 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Geändert von Armin_M (13.06.2012 um 10:01 Uhr)

Alt 13.06.2012, 10:37   #10
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Na sowas!

CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DRIVER::
lekdm
25eb0
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 11:24   #11
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Es gab am Anfang eine Fehlermeldung, dass grep.exe nicht mehr funktioniert und eine Lösung gesucht wird. Die Suche habe ich abgebrochen. Combofix lief trotzdem weiter durch und startete den Rechner neu.
Hier das log:

Code:
ATTFilter
ComboFix 12-06-13.01 - *** 13.06.2012  11:56:55.3.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2048.1322 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_25EB0
-------\Service_25eb0
-------\Service_lekdm
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-05 20:48 . 2012-06-05 20:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-05 20:29 . 2012-06-05 20:29	--------	d-----w-	c:\program files\WinCDEmu
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 07:04 . 2011-06-02 21:07	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 129976]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-09 691696]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 602792]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ndasscsi
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\servicing\TrustedInstaller.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-13  12:15:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 10:15
ComboFix2.txt  2012-06-13 07:17
ComboFix3.txt  2012-06-12 17:09
.
Vor Suchlauf: 10 Verzeichnis(se), 12.037.222.400 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 11.691.843.584 Bytes frei
.
- - End Of File - - 2B0946BE51D0FFA36F05E248BE0AE9F5
         

Alt 13.06.2012, 12:14   #12
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Jetzt hab ich doch glatt was übersehen...

CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
NetSvc::
ndasscsi
Driver::
ndasscsi
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.06.2012, 18:40   #13
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



und nochmal Combofx.log:

Code:
ATTFilter
ComboFix 12-06-13.02 - *** 13.06.2012  18:52:59.4.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2048.1415 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 17:00 . 2012-06-13 17:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-12 17:00 . 2012-06-13 17:00	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-06-05 20:48 . 2012-06-05 20:48	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-05 20:29 . 2012-06-05 20:29	--------	d-----w-	c:\program files\WinCDEmu
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-04 15:28 . 2012-06-04 15:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-04 15:28 . 2012-06-11 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-04 15:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-24 07:04 . 2012-05-24 07:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-24 07:04 . 2012-05-24 07:04	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 07:04 . 2012-05-24 07:04	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 07:04 . 2011-06-02 21:07	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Dell V310-V510 Series Fax Server"="c:\program files\Dell V310-V510 Series\fm3032.exe" [2011-01-24 316072]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX\TrayServer_de.exe" [2008-08-07 90112]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\programme\FinePixViewer\QuickDCF2.exe [2010-8-9 294912]
Java SATARaid.lnk - c:\program files\Silicon Image\Java SATARaid\siicfg.jar [2010-8-7 1750703]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 129976]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-09 691696]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 602792]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4329hxqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.tdx]
"ImagePath"="\?"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-2232143414-1069646403-3848905212-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSeePhotoEditor.apd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2232143414-1069646403-3848905212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13  19:02:36
ComboFix-quarantined-files.txt  2012-06-13 17:02
ComboFix2.txt  2012-06-13 10:15
ComboFix3.txt  2012-06-13 07:17
ComboFix4.txt  2012-06-12 17:09
.
Vor Suchlauf: 10 Verzeichnis(se), 13.747.863.552 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 13.704.478.720 Bytes frei
.
- - End Of File - - E3EAB1D5BF41C1532BBD5563BF9A7CD7
         

Geändert von Armin_M (13.06.2012 um 19:35 Uhr)

Alt 14.06.2012, 08:46   #14
Psychotic
/// Malwareteam
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



Ah, schon viel besser!

Onlinescan zur Kontrolle



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Macht der Rechner noch Probleme?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 14.06.2012, 12:01   #15
Armin_M
 
Rootkit.Zeroaccess - Standard

Rootkit.Zeroaccess



eset-log:

Code:
ATTFilter
C:\Qoobox\Quarantine\C\Windows\System32\drivers\bab416bc1514ecdd.sys.vir	a variant of Win32/Rootkit.Kryptik.HT trojan
C:\Users\***\Pictures\Rea\registrybooster.exe	Win32/RegistryBooster application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDCSLBWU\e8f01c0008e60d70fa3c5b351662ad54[1].htm	HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDCSLBWU\opentraff[1].htm	JS/Kryptik.JO trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DB5XG0PO\d78b3ebc8bdf79d714bdd18e09bd0542[1].htm	HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIOSJ6E7\setup_codec_3d[1].exe	a variant of Win32/Adware.ToolPlugin.A application
C:\Windows\System32\drivers\dfsc.sys	Win32/Sirefef.DA trojan
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys	Win32/Sirefef.DA trojan
         
Der Rechner hat gestern beim Herunterfahren 4 Microsoft Updates automatisch installiert. Momentan ist kein Virenscanner drauf, nur Malwarebytes. Der Rechner ist zum Ausführen Deiner Anweisungen und für meine Antworten jeweils am Internet, ansonsten offline.

Zum Funktionieren kann ich nicht viel sagen, da ich ausser den Scans und den Antworten hier nichts weiter gemacht habe. Die ursprüngliche Fehlfunktion des DHCP ist behoben, Rechner bekommt seine Einstellungen.

Antwort

Themen zu Rootkit.Zeroaccess
abhängigkeitsdienst, administrator, anti-malware, appdata, autostart, code, dateien, dateisystem, error, explorer, fehlermeldung, folge, funktioniert, gelöscht, heuristiks/extra, heuristiks/shuriken, ip-adresse, löschen, mbam, neu, nicht mehr, programm, rechner, rootkit.zeroaccess, speicher, starten, temp, test, trojan.agent, win, win7



Ähnliche Themen: Rootkit.Zeroaccess


  1. Nerviges ZeroAccess / TDSS Rootkit (?) entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.07.2015 (1)
  2. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  3. Windows Server 2008 R2: ZeroAccess Rootkit?
    Log-Analyse und Auswertung - 30.08.2013 (3)
  4. ZeroAccess rootkit - mistviech
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (21)
  5. Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (6)
  6. Virus, $Recycle.Bin ZeroAccess-Rootkit
    Log-Analyse und Auswertung - 21.05.2013 (14)
  7. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  8. ZeroAccess Rootkit auf Win XP PC - weitere Rechner befallen? Komplette Neuinstallation geplant..
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (8)
  9. Trojan.gen/ Rootkit Zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (4)
  10. Konten bei Banking per Starmoney nach rootkit / ZeroAccess-Befall sperren?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (10)
  11. ZeroAccess - E Wind64 [Rootkit]
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (0)
  12. Ist das zeroaccess rootkit auch ohne Neuaufsetzung zu beseitigen?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  13. ZeroAccess Rootkit und AbNow Google Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (5)
  14. Fehlercode 0x80070424 || Vermute ZeroAccess / Max++ / Smiscer Crimeware Rootkit
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (44)
  15. mediashifting - rootkit.zeroaccess
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (14)
  16. Avast Fehler 10050 - Infektion mit Rootkit.Zeroaccess?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (19)
  17. Rootkit ZeroAccess ???
    Plagegeister aller Art und deren Bekämpfung - 14.10.2011 (8)

Zum Thema Rootkit.Zeroaccess - Hallo zusammen, ich habe hier einen Rechner mit Win7 32-bit. Auf diesem hat MBAM 4x den Rootkit.Zeroaccess gefunden und in Quarantäne gestellt. Der Rechner lässt das Starten des DHCP-Clients nicht - Rootkit.Zeroaccess...
Archiv
Du betrachtest: Rootkit.Zeroaccess auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.