Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2010, 11:30   #1
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



Seit einiger Zeit hab ich immer die Fehlermeldung das die Datei

C:\Windows\System32\drivers\taunpo.sys

in meinem PC infiziert ist mit dem trjonaischen Pferd TR/Rootkin.gen

Ich habe die ANleitung befolgt und poste denn mal alle Reports

Zitat:
Zitat von Malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4192

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.06.2010 11:00:19
mbam-log-2010-06-13 (11-00-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129006
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\windows\system32\Drivers\taunpo.sys (Trojan.Rootkit) -> Quarantined and deleted successfully.
[QUOTE=OTL]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3697.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WinTabService) -- C:\windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (Tablet2k) -- C:\Windows\System32\Tablet2k.cat ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ***://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ***=127.0.0.1:6860
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
 
[2009/12/08 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/06/12 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions
[2010/04/11 10:24:15 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/04/26 20:15:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/08 07:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\illimitux@illimitux.net
[2010/04/26 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\personas@christopher.beard
[2010/03/18 22:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/14 23:24:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/03/14 23:24:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/03/14 23:24:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/03/14 23:24:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/03/14 23:24:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/11/25 15:05:10 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2009/11/03 22:36:04 | 000,509,034 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/13 10:44:22 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:33:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/11 19:43:18 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010/06/11 13:24:16 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/06/11 13:24:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010/06/11 13:24:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/06/11 13:24:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/06/11 13:24:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/06/11 13:24:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/06/11 13:23:56 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/06/11 13:23:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/06/09 19:42:11 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\windows\System32\SAVRKBootTasks.sys
[2010/06/08 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/06/08 21:00:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2010/06/08 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/08 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/06 21:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/06 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 21:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/01 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTablet
[2010/06/01 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTouch
[2010/06/01 20:40:31 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Touch_Tablet.dll
[2010/06/01 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/06/01 20:40:06 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\PenTablet.cpl
[2010/06/01 20:39:41 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacommousefilter.sys
[2010/06/01 20:39:33 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacomvhid.sys
[2010/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\windows\System32\WTablet
[2010/06/01 20:39:25 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.exe
[2010/06/01 20:39:25 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.dll
[2010/06/01 20:39:25 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Wintab32.dll
[2010/06/01 20:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/05/31 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/05/31 19:20:12 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacmoumonitor.sys
[2010/05/30 19:04:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wiederhergestellt
[2010/05/30 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/05/30 12:58:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2010/05/30 12:14:49 | 000,261,120 | ---- | C] (InstallShield Corporation, Inc.) -- C:\windows\UN160407.EXE
[2010/05/30 12:14:49 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System\CTL3D.DLL
[2010/05/26 21:03:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/05/25 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\***\Neuer Ordner (2)
[2010/05/25 12:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/24 22:27:06 | 000,578,456 | ---- | C] (Innovasys) -- C:\windows\System32\ExpBar1.ocx
[2010/05/24 22:27:06 | 000,458,752 | ---- | C] (Variad Corporation) -- C:\windows\System32\varOSButton.ocx
[2010/05/24 22:27:06 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\windows\System32\qpro32.dll
[2010/05/24 22:27:06 | 000,045,056 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctfile.ocx
[2010/05/24 22:27:06 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SCRRNDE.DLL
[2010/05/24 22:27:05 | 001,846,784 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crpe32.dll
[2010/05/24 22:27:05 | 001,007,616 | ---- | C] (ProWorks Corp.) -- C:\windows\System32\FlpGrf.ocx
[2010/05/24 22:27:05 | 000,823,784 | ---- | C] (APEX Software Corporation) -- C:\windows\System32\TDBG6.OCX
[2010/05/24 22:27:05 | 000,250,336 | ---- | C] (Apex Software Corporation) -- C:\windows\System32\TDBGPP.DLL
[2010/05/24 22:27:05 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSFLXGRD.OCX
[2010/05/24 22:27:05 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTL32.OCX
[2010/05/24 22:27:05 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RICHTX32.OCX
[2010/05/24 22:27:05 | 000,187,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crystl32.ocx
[2010/05/24 22:27:05 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMDLG32.OCX
[2010/05/24 22:27:05 | 000,126,976 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmonth.ocx
[2010/05/24 22:27:05 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL
[2010/05/24 22:27:05 | 000,110,080 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\cscomb32.ocx
[2010/05/24 22:27:05 | 000,098,304 | ---- | C] (dbi Technologies Inc.) -- C:\windows\System32\ctdedit.ocx
[2010/05/24 22:27:05 | 000,094,208 | ---- | C] (Personal) -- C:\windows\System32\ColorPicker.ocx
[2010/05/24 22:27:05 | 000,090,112 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctdate.ocx
[2010/05/24 22:27:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB5DB.DLL
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2bdao.dll
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\csspin32.ocx
[2010/05/24 22:27:05 | 000,077,824 | ---- | C] (DBI Technologies Inc.) -- C:\windows\System32\ctimage.ocx
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmeter.ocx
[2010/05/24 22:27:05 | 000,050,688 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2irdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2ctdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RCHTXDE.DLL
[2010/05/24 22:27:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CMDLGDE.DLL
[2010/05/24 22:27:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTDE.DLL
[2010/05/24 22:27:05 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\implode.dll
[2010/05/24 22:27:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\STDFTDE.DLL
[2010/05/23 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010/05/23 12:25:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 12:25:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/05/23 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/23 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010/05/23 11:52:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010/05/23 11:52:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010/05/23 11:52:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010/05/23 11:52:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2010/05/23 11:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/23 11:13:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\dbhhjefoq
[2010/05/22 23:06:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/05/16 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/13 11:05:19 | 000,823,808 | ---- | M] () -- C:\windows\System32\drivers\taunpo.sys
[2010/06/13 11:01:56 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/13 11:01:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/13 11:01:47 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 11:01:06 | 002,097,152 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010/06/13 11:01:05 | 005,463,956 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010/06/13 10:52:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:34 | 000,000,312 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:36 | 000,003,436 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:48 | 000,180,572 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:45:26 | 002,281,378 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/06/13 10:45:26 | 001,129,130 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/13 10:45:26 | 000,654,470 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/06/13 10:45:26 | 000,575,778 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/13 10:45:26 | 000,004,762 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/13 10:45:17 | 000,001,945 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010/06/13 10:33:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/13 10:29:48 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:21:04 | 000,231,390 | ---- | M] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 22:41:53 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/11 20:04:57 | 003,791,192 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/08 21:06:24 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/06 21:55:52 | 000,113,416 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/06 21:43:16 | 000,001,389 | ---- | M] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/05/30 18:20:45 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | M] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/05/25 13:54:54 | 000,000,145 | --S- | M] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/23 12:25:28 | 000,001,116 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | M] () -- C:\Users\***\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:21:25 | 000,003,321 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/13 10:52:47 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:32 | 000,000,312 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:33 | 000,003,436 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:29 | 000,180,572 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:41:27 | 000,231,390 | ---- | C] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/08 21:06:24 | 000,001,043 | ---- | C] () -- C:\Users\***\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | C] () -- C:\Users\***\Desktop\iTunes.lnk
[2010/06/06 22:31:24 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/06 21:43:16 | 000,001,389 | ---- | C] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\TouchTabletUserDefaults.xml
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\PenTabletUserDefaults.xml
[2010/06/01 20:40:06 | 001,595,175 | ---- | C] () -- C:\windows\System32\PenTablet.znc
[2010/05/30 12:58:15 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/25 13:53:35 | 000,000,145 | --S- | C] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/24 22:27:05 | 000,748,160 | ---- | C] () -- C:\windows\System32\CO2C40EN.DLL
[2010/05/24 22:27:05 | 000,153,761 | ---- | C] () -- C:\windows\System32\u2frtf.dll
[2010/05/24 22:27:05 | 000,124,256 | ---- | C] () -- C:\windows\System32\u2dmapi.dll
[2010/05/24 22:27:05 | 000,109,568 | ---- | C] () -- C:\windows\System32\u2fhtml.dll
[2010/05/24 22:27:05 | 000,097,489 | ---- | C] () -- C:\windows\System32\u2fcr.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fxls.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fwordw.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fwks.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2ftext.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fsepv.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2frec.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2fdif.dll
[2010/05/24 22:27:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\u2ddisk.dll
[2010/05/23 12:25:28 | 000,001,116 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:14:54 | 000,823,808 | ---- | C] () -- C:\windows\System32\drivers\taunpo.sys
[2010/05/23 11:13:47 | 000,003,321 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2009/12/26 22:36:22 | 000,000,248 | ---- | C] () -- C:\windows\Tablet8000x6000M.ini
[2009/12/26 22:23:07 | 000,010,240 | ---- | C] () -- C:\windows\System32\ucinst32.dll
[2009/12/07 21:08:01 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/04/21 20:47:34 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2009/12/10 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010/05/29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ezaloz
[2010/04/21 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2010/02/02 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet
[2010/02/19 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2010/05/22 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/06/11 20:05:54 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2010/04/19 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2010/01/10 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2010/05/29 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ogcit
[2010/02/07 15:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010/02/20 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2010/06/01 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WTouch
[2010/05/15 09:46:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/04/23 10:35:24 | 000,035,922 | ---- | M] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
[2010/01/24 16:54:12 | 000,035,922 | ---- | C] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
< End of report >
         
--- --- ---


[QUOTE=Extras]OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Users\***\Documents\Installieren\ADOBE Photoshop CS5 2\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOM Player" = GOM Player
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PROHYBRIDR" = 2007 Microsoft Office system
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrainingsplanV3.0_is1" = Trainingsplan V3.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/8/2010 3:55:21 PM | Computer Name = ***-*** | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 200: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 336: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 5:33:39 PM | Computer Name = ***-*** | Source = TabletServicePen | ID = 0
Description = 
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 5/21/2010 12:47:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/22/2010 4:34:13 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 4:36:15 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 5:14:54 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "1394 OHCI Compliant Host Controller" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 5/23/2010 5:53:12 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 5/23/2010 6:39:19 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 6:10:55 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 7:26:38 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 6:28:56 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 1:25:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---

Alt 13.06.2010, 11:36   #2
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



Download den avenger und füge das folgende script wie beschrieben ein:
Avenger


Drivers to disable:
taunpo
Drivers to delete:
taunpo
Files to delete:
C:\windows\System32\drivers\taunpo.sys

Führe das script wie beschrieben aus, poste das log.
__________________


Alt 13.06.2010, 15:05   #3
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



Also ich versteh das nicht so ganz wie du dass meinst mit Scripts ausführen?
Ich bin jetzt einfach mal unter Start > Alle Programme > Zubehör > Ausführen... und dann hab ich halt C:\ ...... eingegeben, und dann kam nur eine Fehlermeldung das ich die Datei nicht öffnen kann?
__________________

Alt 13.06.2010, 15:12   #4
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



ne du sollst schon den avenger runter laden und dort das script reinkopieren und zwar nach der anleitung, die ich verlinkt habe.
und dann das script ausführen

Alt 13.06.2010, 15:43   #5
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



ah hab den link gar nicht gesehen, aber hier der report


Zitat:
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "taunpo" disabled successfully.
Driver "taunpo" deleted successfully.
File "C:\windows\System32\drivers\taunpo.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Alt 13.06.2010, 15:46   #6
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 13.06.2010, 18:09   #7
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



hier ist der log:


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-06-12.04 - *** 13.06.2010  17:56:03.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2042 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\02000000d971e13d922C.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922O.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922P.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922S.manifest
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-13 bis 2010-06-13  ))))))))))))))))))))))))))))))
.

2010-06-13 11:56 . 2010-06-13 12:08	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2010-06-11 17:43 . 2010-06-11 18:05	--------	d-sh--w-	c:\users\***\AppData\Roaming\lowsec
2010-06-11 11:24 . 2010-05-01 14:49	2326528	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 11:24 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-06-11 11:24 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-06-11 11:23 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-06-11 11:23 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-06-09 17:42 . 2009-06-18 10:55	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2010-06-08 19:08 . 2010-06-08 19:08	683801	----a-w-	c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-08 19:08 . 2010-06-08 19:08	54	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat
2010-06-08 19:08 . 2010-06-08 19:08	--------	d-----w-	c:\programdata\Last.fm
2010-06-08 19:00 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-08 19:00 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-06-08 18:59 . 2010-06-08 18:59	--------	d-----w-	c:\program files\iPod
2010-06-08 18:58 . 2010-06-08 18:58	--------	d-----w-	c:\program files\Apple Software Update
2010-06-06 19:46 . 2010-06-06 19:57	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-06-06 19:40 . 2010-06-06 19:40	--------	d-----w-	c:\program files\Adobe Media Player
2010-06-06 19:39 . 2010-06-06 19:39	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\***.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-06 19:39 . 2010-06-06 19:39	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-06-04 10:29 . 2010-06-04 10:29	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-01 18:40 . 2010-06-13 13:41	--------	d-----w-	c:\users\***\AppData\Roaming\WTablet
2010-06-01 18:40 . 2010-06-01 18:40	--------	d-----w-	c:\users\***\AppData\Roaming\WTouch
2010-06-01 18:40 . 2009-11-23 23:53	245032	------w-	c:\windows\system32\Touch_Tablet.dll
2010-06-01 18:40 . 2010-06-01 18:48	--------	d-----w-	c:\program files\WTouch
2010-06-01 18:39 . 2007-02-16 08:12	11312	----a-w-	c:\windows\system32\drivers\wacommousefilter.sys
2010-06-01 18:39 . 2009-05-20 09:54	13736	----a-w-	c:\windows\system32\drivers\wacomvhid.sys
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\windows\system32\WTablet
2010-06-01 18:39 . 2009-11-23 23:53	4497704	------w-	c:\windows\system32\Pen_Tablet.exe
2010-06-01 18:39 . 2009-11-23 23:53	416040	----a-w-	c:\windows\system32\Pen_Tablet.dll
2010-06-01 18:39 . 2009-11-23 10:16	284160	----a-w-	c:\windows\system32\Wintab32.dll
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\program files\Tablet
2010-05-31 17:22 . 2010-05-31 17:22	--------	d-----w-	c:\program files\TabletPlugins
2010-05-31 17:20 . 2009-08-27 22:06	16168	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2010-05-30 11:55 . 2010-05-30 17:06	--------	d-----w-	c:\programdata\Corel
2010-05-30 10:58 . 2010-05-30 16:20	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-30 10:58 . 2010-05-30 10:58	8	--sh--r-	c:\programdata\C96FFE052E.sys
2010-05-30 10:58 . 2010-05-30 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\Corel
2010-05-30 10:14 . 1998-11-23 10:53	261120	----a-w-	c:\windows\UN160407.EXE
2010-05-30 10:14 . 1998-11-23 10:53	26768	----a-w-	c:\windows\system\CTL3D.DLL
2010-05-26 19:03 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 17:24 . 2010-06-13 08:18	--------	d-----w-	c:\users\***\Neuer Ordner (2)
2010-05-25 11:53 . 2010-05-25 11:54	145	--s-a-w-	c:\users\***\AppData\Local\1714199777.dat
2010-05-25 10:07 . 2010-05-25 10:07	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-23 10:26 . 2010-05-23 10:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 10:25 . 2010-05-23 10:25	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-23 09:53 . 2010-05-23 09:53	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2010-05-23 09:52 . 2010-05-23 09:52	--------	d-----w-	c:\programdata\Avira
2010-05-23 09:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-05-23 09:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-23 09:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-23 09:13 . 2010-05-23 10:37	--------	d-----w-	c:\users\***\AppData\Local\dbhhjefoq
2010-05-22 21:06 . 2010-05-22 21:06	--------	d-----w-	c:\users\***\AppData\Roaming\KaLoMa
2010-05-16 10:34 . 2010-05-16 10:35	--------	d-----w-	c:\program files\Bonjour

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 15:41 . 2009-12-08 19:09	--------	d-----w-	c:\program files\Common Files\Akamai
2010-06-13 10:13 . 2009-12-08 19:25	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-13 09:25 . 2010-02-07 13:32	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 08:45 . 2009-09-22 22:05	654470	----a-w-	c:\windows\system32\perfc007.dat
2010-06-13 08:45 . 2009-09-22 22:05	2281378	----a-w-	c:\windows\system32\perfh007.dat
2010-06-11 18:02 . 2009-12-07 18:52	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-08 18:59 . 2009-12-08 19:21	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-06 19:55 . 2009-12-07 18:57	113416	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 19:41 . 2009-12-07 18:46	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-04 17:49 . 2009-12-07 19:07	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-30 10:14 . 2010-05-30 10:14	0	----a-w-	c:\windows\VDM6D0A.tmp
2010-05-29 20:28 . 2010-02-19 06:53	--------	d-----w-	c:\users\***\AppData\Roaming\Ezaloz
2010-05-29 20:05 . 2010-04-10 07:49	--------	d-----w-	c:\users\***\AppData\Roaming\Ogcit
2010-05-25 11:53 . 2010-05-25 11:53	4	----a-w-	c:\users\***\AppData\Roaming\ovczpx.dat
2010-05-23 09:40 . 2010-04-25 18:15	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 09:40 . 2010-04-25 18:09	--------	d-----w-	c:\programdata\DivX
2010-05-23 09:40 . 2010-04-25 18:10	--------	d-----w-	c:\program files\DivX
2010-05-23 09:40 . 2010-02-14 11:59	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-05-13 18:09 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-23 18:34	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 09:13 . 2010-01-05 16:57	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-05-08 21:02 . 2010-04-25 18:28	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2010-04-30 20:19 . 2010-04-30 20:16	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-04-28 13:45 . 2010-04-28 13:45	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:08 . 2010-04-25 18:13	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-22 08:00 . 2009-09-22 05:29	--------	d-----w-	c:\programdata\McAfee
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\users\***\AppData\Roaming\GameConsole
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-04-20 07:09 . 2010-04-20 06:58	--------	d-----w-	c:\program files\Autodesk
2010-04-19 21:17 . 2010-04-19 17:26	--------	d-----w-	c:\users\***\AppData\Roaming\MAXON
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-03-18 20:29 . 2010-03-18 20:29	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WTClient"="WTClient.exe" [2009-08-20 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware  (reboot)"="c:\users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\users\***\Documents\Installieren\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 13:06	485208	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\65B4.tmp [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6860
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k1wx1ksh.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65B4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-13  18:05:23
ComboFix-quarantined-files.txt  2010-06-13 16:05

Vor Suchlauf: 7 Verzeichnis(se), 157.600.002.048 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 157.283.651.584 Bytes frei

- - End Of File - - C901F381585E871D7946F4C6E4D8D3BF[/QUOTE]
         
--- --- ---

Alt 13.06.2010, 18:28   #8
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



Klicke:
start, programme, zubehör, editor.
kopiere rein:

Folder::
c:\users\***\AppData\Roaming\lowsec
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6860


Datei speichern unter, typ, alle, name
cfscript.txt
speicherort, dort wo sich combofix.exe befindet. ziehe cfscript auf combofix, programm startet, log posten.

Alt 13.06.2010, 18:59   #9
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



hier nochmal ein weiterer Log

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-06-12.04 - *** 13.06.2010  18:47:45.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2041 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Downloads\cfscript.txt
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-13 bis 2010-06-13  ))))))))))))))))))))))))))))))
.

2010-06-13 16:53 . 2010-06-13 16:53	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-06-13 16:53 . 2010-06-13 16:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-13 16:05 . 2010-06-13 16:53	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-06-13 11:56 . 2010-06-13 12:08	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2010-06-11 17:43 . 2010-06-11 18:05	--------	d-sh--w-	c:\users\***\AppData\Roaming\lowsec
2010-06-11 11:24 . 2010-05-01 14:49	2326528	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 11:24 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-06-11 11:24 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-06-11 11:23 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-06-11 11:23 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-06-09 17:42 . 2009-06-18 10:55	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2010-06-08 19:08 . 2010-06-08 19:08	683801	----a-w-	c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-08 19:08 . 2010-06-08 19:08	54	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat
2010-06-08 19:08 . 2010-06-08 19:08	--------	d-----w-	c:\programdata\Last.fm
2010-06-08 19:00 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-08 19:00 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-06-08 18:59 . 2010-06-08 18:59	--------	d-----w-	c:\program files\iPod
2010-06-08 18:58 . 2010-06-08 18:58	--------	d-----w-	c:\program files\Apple Software Update
2010-06-06 19:46 . 2010-06-06 19:57	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-06-06 19:40 . 2010-06-06 19:40	--------	d-----w-	c:\program files\Adobe Media Player
2010-06-06 19:39 . 2010-06-06 19:39	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\***.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-06 19:39 . 2010-06-06 19:39	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-06-04 10:29 . 2010-06-04 10:29	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-01 18:40 . 2010-06-13 13:41	--------	d-----w-	c:\users\***\AppData\Roaming\WTablet
2010-06-01 18:40 . 2010-06-01 18:40	--------	d-----w-	c:\users\***\AppData\Roaming\WTouch
2010-06-01 18:40 . 2009-11-23 23:53	245032	------w-	c:\windows\system32\Touch_Tablet.dll
2010-06-01 18:40 . 2010-06-01 18:48	--------	d-----w-	c:\program files\WTouch
2010-06-01 18:39 . 2007-02-16 08:12	11312	----a-w-	c:\windows\system32\drivers\wacommousefilter.sys
2010-06-01 18:39 . 2009-05-20 09:54	13736	----a-w-	c:\windows\system32\drivers\wacomvhid.sys
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\windows\system32\WTablet
2010-06-01 18:39 . 2009-11-23 23:53	4497704	------w-	c:\windows\system32\Pen_Tablet.exe
2010-06-01 18:39 . 2009-11-23 23:53	416040	----a-w-	c:\windows\system32\Pen_Tablet.dll
2010-06-01 18:39 . 2009-11-23 10:16	284160	----a-w-	c:\windows\system32\Wintab32.dll
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\program files\Tablet
2010-05-31 17:22 . 2010-05-31 17:22	--------	d-----w-	c:\program files\TabletPlugins
2010-05-31 17:20 . 2009-08-27 22:06	16168	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2010-05-30 11:55 . 2010-05-30 17:06	--------	d-----w-	c:\programdata\Corel
2010-05-30 10:58 . 2010-05-30 16:20	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-30 10:58 . 2010-05-30 10:58	8	--sh--r-	c:\programdata\C96FFE052E.sys
2010-05-30 10:58 . 2010-05-30 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\Corel
2010-05-30 10:14 . 1998-11-23 10:53	261120	----a-w-	c:\windows\UN160407.EXE
2010-05-30 10:14 . 1998-11-23 10:53	26768	----a-w-	c:\windows\system\CTL3D.DLL
2010-05-26 19:03 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 17:24 . 2010-06-13 08:18	--------	d-----w-	c:\users\***\Neuer Ordner (2)
2010-05-25 11:53 . 2010-05-25 11:54	145	--s-a-w-	c:\users\***\AppData\Local\1714199777.dat
2010-05-25 10:07 . 2010-05-25 10:07	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-23 10:26 . 2010-05-23 10:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 10:25 . 2010-05-23 10:25	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-23 09:53 . 2010-05-23 09:53	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2010-05-23 09:52 . 2010-05-23 09:52	--------	d-----w-	c:\programdata\Avira
2010-05-23 09:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-05-23 09:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-23 09:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-23 09:13 . 2010-05-23 10:37	--------	d-----w-	c:\users\***\AppData\Local\dbhhjefoq
2010-05-22 21:06 . 2010-05-22 21:06	--------	d-----w-	c:\users\***\AppData\Roaming\KaLoMa
2010-05-16 10:34 . 2010-05-16 10:35	--------	d-----w-	c:\program files\Bonjour

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 16:41 . 2009-12-08 19:09	--------	d-----w-	c:\program files\Common Files\Akamai
2010-06-13 16:06 . 2010-02-07 13:32	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 10:13 . 2009-12-08 19:25	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-13 08:45 . 2009-09-22 22:05	654470	----a-w-	c:\windows\system32\perfc007.dat
2010-06-13 08:45 . 2009-09-22 22:05	2281378	----a-w-	c:\windows\system32\perfh007.dat
2010-06-11 18:02 . 2009-12-07 18:52	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-08 18:59 . 2009-12-08 19:21	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-06 19:55 . 2009-12-07 18:57	113416	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 19:41 . 2009-12-07 18:46	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-04 17:49 . 2009-12-07 19:07	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-30 10:14 . 2010-05-30 10:14	0	----a-w-	c:\windows\VDM6D0A.tmp
2010-05-29 20:28 . 2010-02-19 06:53	--------	d-----w-	c:\users\***\AppData\Roaming\Ezaloz
2010-05-29 20:05 . 2010-04-10 07:49	--------	d-----w-	c:\users\***\AppData\Roaming\Ogcit
2010-05-25 11:53 . 2010-05-25 11:53	4	----a-w-	c:\users\***\AppData\Roaming\ovczpx.dat
2010-05-23 09:40 . 2010-04-25 18:15	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 09:40 . 2010-04-25 18:09	--------	d-----w-	c:\programdata\DivX
2010-05-23 09:40 . 2010-04-25 18:10	--------	d-----w-	c:\program files\DivX
2010-05-23 09:40 . 2010-02-14 11:59	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-05-13 18:09 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-23 18:34	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 09:13 . 2010-01-05 16:57	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-05-08 21:02 . 2010-04-25 18:28	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2010-04-30 20:19 . 2010-04-30 20:16	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-04-28 13:45 . 2010-04-28 13:45	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:08 . 2010-04-25 18:13	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-22 08:00 . 2009-09-22 05:29	--------	d-----w-	c:\programdata\McAfee
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\users\***\AppData\Roaming\GameConsole
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-04-20 07:09 . 2010-04-20 06:58	--------	d-----w-	c:\program files\Autodesk
2010-04-19 21:17 . 2010-04-19 17:26	--------	d-----w-	c:\users\***\AppData\Roaming\MAXON
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-03-18 20:29 . 2010-03-18 20:29	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WTClient"="WTClient.exe" [2009-08-20 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware  (reboot)"="c:\users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\users\***\Documents\Installieren\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 13:06	485208	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\65B4.tmp [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k1wx1ksh.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65B4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-13  18:56:20
ComboFix-quarantined-files.txt  2010-06-13 16:56
ComboFix2.txt  2010-06-13 16:05

Vor Suchlauf: 10 Verzeichnis(se), 157.335.838.720 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 157.278.232.576 Bytes frei

- - End Of File - - 4859C13B12654DE676F8ED916AB04F54[/QUOTE]
         
--- --- ---

Alt 13.06.2010, 19:13   #10
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



ich hoffe du hast *** im cfscript durch deinen namen ersetzt :-)
avira

avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

Alt 13.06.2010, 20:26   #11
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



jaa ich ersetz den namen immer durhc die sternen ^^


Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 13. Juni 2010 19:27

Es wird nach 2206493 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:15:42
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 16:54:45
VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 16:54:45
VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 16:54:45
VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 16:54:45
VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 16:54:45
VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 16:54:45
VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 16:54:45
VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 17:50:41
VBASE014.VDF : 7.10.8.38 2048 Bytes 10.06.2010 17:50:41
VBASE015.VDF : 7.10.8.39 2048 Bytes 10.06.2010 17:50:41
VBASE016.VDF : 7.10.8.40 2048 Bytes 10.06.2010 17:50:41
VBASE017.VDF : 7.10.8.41 2048 Bytes 10.06.2010 17:50:42
VBASE018.VDF : 7.10.8.42 2048 Bytes 10.06.2010 17:50:42
VBASE019.VDF : 7.10.8.43 2048 Bytes 10.06.2010 17:50:42
VBASE020.VDF : 7.10.8.44 2048 Bytes 10.06.2010 17:50:42
VBASE021.VDF : 7.10.8.45 2048 Bytes 10.06.2010 17:50:42
VBASE022.VDF : 7.10.8.46 2048 Bytes 10.06.2010 17:50:42
VBASE023.VDF : 7.10.8.47 2048 Bytes 10.06.2010 17:50:42
VBASE024.VDF : 7.10.8.48 2048 Bytes 10.06.2010 17:50:42
VBASE025.VDF : 7.10.8.49 2048 Bytes 10.06.2010 17:50:43
VBASE026.VDF : 7.10.8.50 2048 Bytes 10.06.2010 17:50:43
VBASE027.VDF : 7.10.8.51 2048 Bytes 10.06.2010 17:50:43
VBASE028.VDF : 7.10.8.52 2048 Bytes 10.06.2010 17:50:43
VBASE029.VDF : 7.10.8.53 2048 Bytes 10.06.2010 17:50:43
VBASE030.VDF : 7.10.8.54 2048 Bytes 10.06.2010 17:50:43
VBASE031.VDF : 7.10.8.62 55808 Bytes 11.06.2010 17:50:44
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 25.05.2010 17:16:03
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 08.06.2010 16:54:55
AESCN.DLL : 8.1.6.1 127347 Bytes 25.05.2010 17:16:01
AESBX.DLL : 8.1.3.1 254324 Bytes 25.05.2010 17:16:04
AERDL.DLL : 8.1.4.6 541043 Bytes 25.05.2010 17:16:01
AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 11:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 25.05.2010 17:16:00
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 08.06.2010 16:54:54
AEHELP.DLL : 8.1.11.5 242038 Bytes 08.06.2010 16:54:50
AEGEN.DLL : 8.1.3.10 377205 Bytes 08.06.2010 16:54:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 25.05.2010 17:15:55
AECORE.DLL : 8.1.15.3 192886 Bytes 25.05.2010 17:15:55
AEBB.DLL : 8.1.1.0 53618 Bytes 25.05.2010 17:15:54
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 10
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch

Beginn des Suchlaufs: Sonntag, 13. Juni 2010 19:27

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\explorer.exe
c:\Windows\explorer.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\windows\explorer.exe
c:\windows\explorer.exe
c:\windows\explorer.exe

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Safari.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LastFM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1655' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\' <Audio CD>


Ende des Suchlaufs: Sonntag, 13. Juni 2010 20:21
Benötigte Zeit: 54:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

19476 Verzeichnisse wurden überprüft
392476 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
392476 Dateien ohne Befall
2153 Archive wurden durchsucht
0 Warnungen
0 Hinweise
37722 Objekte wurden beim Rootkitscan durchsucht
4 Versteckte Objekte wurden gefunden

Alt 17.06.2010, 12:23   #12
markusg
/// Malware-holic
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys



sorry für die späte antwort, gabs noch probleme?

Antwort

Themen zu TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys
0 bytes, 32-bit, akamai, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, ccsetup, components, conhost.exe, converter, corp./icp, error, excel, firefox, firefox.exe, flash player, fontcache, home, home premium, iastor.sys, install.exe, installation, location, logfile, malwarebytes' anti-malware, menu.exe, microsoft office 2003, microsoft office word, mozilla, mp3, mssql, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, pc infiziert, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, security update, server, shell32.dll, software, sophos anti-rootkit, system, taskhost.exe, usb, webcheck, windows



Ähnliche Themen: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  3. C:\Windows\System32\drivers\Wdf01000.sys - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  4. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  5. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  6. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  7. Datei aus windows/system32/drivers entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (21)
  8. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  9. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  10. Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (1)
  11. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  12. Datei C:\Windows\System32\drivers\mhpccj.sys
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (19)
  13. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  14. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  15. TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (8)
  16. TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts
    Plagegeister aller Art und deren Bekämpfung - 13.09.2009 (15)
  17. Hosts Datei in windows/system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 19.09.2006 (3)

Zum Thema TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Seit einiger Zeit hab ich immer die Fehlermeldung das die Datei C:\Windows\System32\drivers\taunpo.sys in meinem PC infiziert ist mit dem trjonaischen Pferd TR/Rootkin.gen Ich habe die ANleitung befolgt und poste denn - TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys...
Archiv
Du betrachtest: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.