Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.10.2010, 11:53   #1
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Hallo,

ich hatte den im Titel beschriebenen Trojaner auf meinem PC und laut den Anleitungen hier im Forum wieder entfernt. Trotzdem bin ich jetzt natürlich ein wenig verunsichert und poste mal die logs die so angefallen sind. Hoffentlich ist alles so wie ihr das gern haben wollt. Vielen Dank schon mal für den Service hier

Grüße,
jackie

Alt 15.10.2010, 21:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Hallo und

Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!
__________________

__________________

Alt 15.10.2010, 21:36   #3
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Achso, ich dachte ihr könnt das aus den letzten log Dateien schon erkennen. Ich hatte zuerst einen Vollscan gemacht, musste dann aber meinen Rechner ausschalten. Danach machte ich noch mal einen kompletten Vollscan. Letztendlich den schon geposteten Quickscan. Beim ersten Vollscan wurden schon 19 infizierte Dateien gefunden beim 2. zwei. Hoffe das hilft weiter.

Hier die erste Log-File:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4821

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.10.2010 15:37:54
mbam-log-2010-10-14 (15-37-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 41959
Laufzeit: 23 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 19

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QXJQBO2\qhlwelge[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45F13276\eidksa[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45F13276\hypkidkjd[1].htm (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQRB79SU\hypkidkjd[1].htm (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\88E9.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\gipeetyv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\4F54.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\65CA.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\838A.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\857E.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\wioje.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\F201.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\FB77.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\89D3.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\9954.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\B9BE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\BAC8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\hotfix.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Program Files\SWiSH Max3\swishzone.all.product-patch.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
         
Hier der zweite Suchlauf:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4821

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.10.2010 23:56:07
mbam-log-2010-10-14 (23-56-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 302144
Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
         
__________________

Alt 15.10.2010, 21:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Mach bitte einen neuen Vollscan mit aktuellen Signaturen. Ich möchte das so aktuell wie möglich haben.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.10.2010, 15:47   #5
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok hier mein aktuellster Scan, eben fertig geworden:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4849

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.10.2010 16:45:15
mbam-log-2010-10-16 (16-45-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 295554
Laufzeit: 1 Stunde(n), 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully.
         
Grüße,
jackie


Alt 16.10.2010, 21:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Dann brauch ich jetzt neue Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??

Alt 17.10.2010, 17:20   #7
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok, hier die beiden Logs.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 17.10.2010 18:03:15 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): c:\pagefile.sys 2302 2302 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,02 Gb Total Space | 10,25 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 10,02 Gb Total Space | 2,93 Gb Free Space | 29,20% Space Free | Partition Type: NTFS
Drive E: | 149,80 Gb Total Space | 62,53 Gb Free Space | 41,74% Space Free | Partition Type: NTFS
Drive F: | 75,90 Gb Total Space | 6,90 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive G: | 200,01 Gb Total Space | 18,94 Gb Free Space | 9,47% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\SRWare Iron\iron.exe (SRWare)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - D:\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (Hamachi2Svc) -- C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (O&O Defrag) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (msvsmon90) -- D:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (ufad-ws60) -- D:\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (vstor2-ws60) -- D:\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 3E C1 BC 60 6A CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.09.24 15:12:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 16:54:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.15 19:34:23 | 000,000,000 | ---D | M]
 
[2010.06.13 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.06.11 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p52x51wf.default\extensions
[2010.06.11 16:54:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.04 11:14:03 | 000,000,893 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com                                         
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CmiRemoveDir] C:\Windows\CmiRmRedundDir.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2010\qip.exe File not found
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.17 18:01:13 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.16 18:51:47 | 000,000,000 | ---D | C] -- C:\Programme\winMd5Sum
[2010.10.15 19:33:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.15 00:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.15 00:31:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.15 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.10.14 15:13:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.14 15:12:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.14 15:12:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.14 15:12:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.14 15:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.14 14:00:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.10.14 13:59:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.14 12:45:52 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.14 12:26:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 12:26:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 12:26:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 12:26:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 12:26:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 12:26:44 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 12:26:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 12:26:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 12:26:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 12:26:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 12:26:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 12:26:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 12:26:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 12:26:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 12:26:19 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 12:26:14 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.13 17:41:13 | 000,000,000 | ---D | C] -- C:\Programme\AVIcodec
[2010.10.13 01:07:30 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.10.12 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda
[2010.10.12 23:57:03 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM
[2010.10.04 19:54:11 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2010.10.04 19:54:10 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr100.dll
[2010.10.03 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.10.03 22:57:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010.10.03 22:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE
[2010.10.03 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly
[2010.09.28 22:35:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.07.19 18:47:07 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.17 18:02:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 18:02:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 18:01:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.17 18:00:12 | 066,493,787 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.10.17 17:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.17 17:55:06 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.17 17:55:06 | 000,382,800 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.10.16 21:51:38 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
[2010.10.16 21:51:38 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
[2010.10.16 21:51:38 | 000,017,528 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
[2010.10.16 21:51:38 | 000,017,528 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
[2010.10.16 21:51:38 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
[2010.10.15 20:53:48 | 000,698,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.15 20:53:48 | 000,654,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.15 20:53:48 | 000,148,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.15 20:53:48 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.15 19:34:24 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.15 19:24:55 | 002,330,655 | ---- | M] () -- C:\Users\***\Desktop\dsds_test07_solveed_by_superaxel.pdf
[2010.10.15 12:50:18 | 000,029,507 | ---- | M] () -- C:\Users\***\Desktop\logs.zip
[2010.10.15 00:54:47 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2010.10.15 00:31:17 | 000,000,901 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.15 00:31:17 | 000,000,882 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.15 00:12:44 | 000,285,168 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.10.15 00:12:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.14 15:12:08 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 14:25:20 | 000,341,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2010.09.17 20:14:08 | 000,000,294 | ---- | M] () -- C:\Windows\game.ini
 
========== Files Created - No Company Name ==========
 
[2010.10.15 19:34:24 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.15 19:24:30 | 002,330,655 | ---- | C] () -- C:\Users\***\Desktop\dsds_test07_solveed_by_superaxel.pdf
[2010.10.15 11:17:01 | 000,029,507 | ---- | C] () -- C:\Users\***\Desktop\logs.zip
[2010.10.15 01:00:27 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.10.15 00:54:10 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.10.15 00:31:17 | 000,000,901 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.15 00:31:17 | 000,000,882 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.15 00:12:00 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.15 00:11:59 | 000,285,168 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.10.14 15:12:08 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.03 16:31:15 | 000,000,294 | ---- | C] () -- C:\Windows\game.ini
[2010.08.30 00:10:13 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI
[2010.07.19 18:55:44 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.07.19 18:54:30 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.07.19 18:54:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.07.19 18:47:03 | 000,021,196 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010.07.19 18:47:03 | 000,000,321 | ---- | C] () -- C:\Windows\System32\kill.ini
[2010.07.19 18:47:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010.07.02 01:15:27 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.06.28 01:40:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.03 21:01:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.05.18 23:01:17 | 000,000,027 | ---- | C] () -- C:\Windows\System32\settings.ini
[2010.05.12 11:03:50 | 000,001,428 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.04.30 15:08:24 | 000,007,615 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.04.30 15:04:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll
[2010.04.30 15:04:03 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2010.04.30 15:04:03 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2010.04.30 15:04:00 | 000,000,283 | ---- | C] () -- C:\Windows\CmiRmRedund.ini
[2010.04.30 15:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\Wininit.ini
[2010.04.30 15:03:54 | 000,028,672 | ---- | C] () -- C:\Windows\CMIRmDriver.dll
[2010.04.30 14:50:55 | 000,000,011 | ---- | C] () -- C:\Windows\SBWIN.INI
[2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2005.12.21 12:36:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 17.10.2010 18:03:16 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): c:\pagefile.sys 2302 2302 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,02 Gb Total Space | 10,25 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 10,02 Gb Total Space | 2,93 Gb Free Space | 29,20% Space Free | Partition Type: NTFS
Drive E: | 149,80 Gb Total Space | 62,53 Gb Free Space | 41,74% Space Free | Partition Type: NTFS
Drive F: | 75,90 Gb Total Space | 6,90 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive G: | 200,01 Gb Total Space | 18,94 Gb Free Space | 9,47% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Programme\SRWare Iron\iron.exe (SRWare)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B219133-CA46-47EF-98E1-AB12E32D53F9}" = MyMicroBalance
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = USB Vibration Joystick
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 4.0.280
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"686C8894C4A74C54EDA40E74ED1AFDB17CF9C474" = Windows-Treiberpaket - Hewlett-Packard Image  (05/15/2008 11.5.0.116)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioConSole" = Creative-Audiokonsole
"AVG9Uninstall" = AVG Free 9.0
"AVIcodec" = AVIcodec (remove only)
"Biet-O-Matic v2.14.3" = Biet-O-Matic v2.14.3
"Call of Duty" = Call of Duty
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Dead Rising 2_is1" = Dead Rising 2
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow" = ffdshow
"foobar2000" = foobar2000 v1.0.3
"Garena" = Garena 2010
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"LameACM" = LameACM
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Miranda IM" = Miranda IM 0.9.6
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero8Lite_is1" = Nero 8 Lite
"OpenAL" = OpenAL
"Sandboxie" = Sandboxie 3.442
"SFBM" = SoundFont-Bank-Manager
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"SWI-Prolog" = SWI-Prolog (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2010 19:28:46 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.10.2010 16:50:36 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.10.2010 08:10:58 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x75015e25  ID des fehlerhaften
 Prozesses: 0x10c4  Startzeit der fehlerhaften Anwendung: 0x01cb6b98d46c7bbc  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 19aa0815-d78c-11df-8293-005056c00008
 
Error - 14.10.2010 08:11:27 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x75015e25  ID des fehlerhaften
 Prozesses: 0x96c  Startzeit der fehlerhaften Anwendung: 0x01cb6b98ed7b48c3  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 2b4dadf1-d78c-11df-8293-005056c00008
 
Error - 14.10.2010 08:11:29 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6425.1000,
 Zeitstempel: 0x49d64d22  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdac7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f2c2  ID des fehlerhaften
 Prozesses: 0x1130  Startzeit der fehlerhaften Anwendung: 0x01cb6b979d4273ae  Pfad der
 fehlerhaften Anwendung: D:\Microsoft Office\Office12\WINWORD.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: 2c49a879-d78c-11df-8293-005056c00008
 
Error - 14.10.2010 08:17:38 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.10.2010 18:17:05 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 14.10.2010 18:55:26 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.10.2010 22:00:24 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 16.10.2010 15:51:25 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Grüße,
jackie

Alt 17.10.2010, 18:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2010\qip.exe File not found
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.10.2010, 19:57   #9
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok, hat so weit geklappt.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Infium deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP2005 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 588834 bytes
->Temporary Internet Files folder emptied: 655233 bytes
->Java cache emptied: 125825 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 6246 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5879 bytes
RecycleBin emptied: 51529745 bytes
 
Total Files Cleaned = 50,00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10172010_205300

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 21.10.2010, 22:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Sry hab Deinen Strang übersehen

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.10.2010, 01:22   #11
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Jo kein Ding, ist ja gut organisiert hier.

So, hier die log von ComboFix:

Code:
ATTFilter
ComboFix 10-10-22.03 - Matthias 23.10.2010   2:00.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2048.1341 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\settings.ini

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\cofi\HarddiskVolumeShadowCopy1_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\System32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\cofi\HarddiskVolumeShadowCopy1_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe wurde wiederhergestellt
.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-23 bis 2010-10-23  ))))))))))))))))))))))))))))))
.

2010-10-23 00:09 . 2010-10-23 00:11	--------	d-----w-	c:\users\Matthias\AppData\Local\temp
2010-10-23 00:09 . 2010-10-23 00:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-22 10:25 . 2010-10-22 10:25	--------	d-----w-	c:\program files\CCleaner
2010-10-18 13:34 . 2010-10-18 13:44	--------	d-----w-	c:\programdata\webcamXP 5
2010-10-18 13:34 . 2010-10-18 13:34	--------	d-----w-	c:\program files\wLite
2010-10-17 18:53 . 2010-10-17 18:53	--------	d-----w-	C:\_OTL
2010-10-16 16:51 . 2010-10-16 16:51	--------	d-----w-	c:\program files\winMd5Sum
2010-10-14 22:31 . 2010-10-14 22:31	--------	d-----w-	c:\program files\ERUNT
2010-10-14 13:13 . 2010-10-14 13:13	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Malwarebytes
2010-10-14 13:12 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 13:12 . 2010-10-14 13:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-14 13:12 . 2010-10-14 13:12	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-14 13:12 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-14 12:00 . 2010-10-14 12:00	--------	d-----w-	C:\$AVG
2010-10-14 10:45 . 2010-10-14 10:45	--------	d-----w-	c:\program files\Microsoft
2010-10-13 15:41 . 2010-10-13 15:41	--------	d-----w-	c:\program files\AVIcodec
2010-10-12 23:07 . 2010-10-12 23:07	--------	d-----w-	c:\program files\QuickTime
2010-10-12 21:57 . 2010-10-12 21:57	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Miranda
2010-10-12 21:57 . 2010-10-12 21:57	--------	d-----w-	c:\program files\Miranda IM
2010-10-04 17:54 . 2009-08-24 08:15	761152	----a-w-	c:\windows\system32\msvcr100.dll
2010-10-04 17:54 . 2009-08-24 08:15	761152	----a-w-	c:\windows\msvcr100.dll
2010-10-03 20:57 . 2010-10-03 20:57	--------	d-----w-	c:\windows\system32\xlive
2010-10-03 20:57 . 2010-10-03 20:57	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2010-10-03 16:38 . 2010-10-03 16:38	--------	d-----w-	c:\users\Matthias\AppData\Local\assembly
2010-09-28 20:35 . 2010-06-19 06:15	2048	----a-w-	c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:32 . 2010-09-15 09:16	316928	----a-w-	c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-08-12 17:30	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 17:30	82944	----a-w-	c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2009-06-23 46592]
"AVG9_TRAY"="c:\progra~3\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
backup=c:\windows\pss\foobar2000.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16	1820040	----a-w-	c:\program files\Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34	2524416	----a-w-	c:\programme\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56	394984	----a-w-	c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2007-10-08 07:26	55856	----a-w-	d:\vmware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2007-10-08 07:27	72240	----a-w-	d:\vmware\VMware Workstation\vmware-tray.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [2010-10-20 22112]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-01 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-06-23 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\p52x51wf.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Cmaudio - cmicnfg.cpl



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2200)
c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\programme\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\OO Software\Defrag\oodag.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
d:\vmware\VMware Workstation\vmware-authd.exe
c:\programme\AVG\AVG9\avgnsx.exe
c:\programme\AVG\AVG9\avgrsx.exe
c:\programme\AVG\AVG9\avgchsvx.exe
c:\windows\system32\vmnetdhcp.exe
c:\programme\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-23  02:14:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-23 00:14

Vor Suchlauf: 9 Verzeichnis(se), 10.903.375.872 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 10.772.631.552 Bytes frei

- - End Of File - - 5EF4E410AC8B3E4430535F340D8D7E5B
         
Grüße und gute Nacht
jackie

Alt 23.10.2010, 19:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 14:22   #13
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok, hier die gmer.log:

Code:
ATTFilter
GMER 1.0.15.15315 - hxxp://www.gmer.net
Rootkit scan 2010-10-24 14:39:38
Windows 6.1.7600 
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\fglyqkow.sys


---- System - GMER 1.0.15 ----

Code            85D71C4C                                                                                                            ZwTraceEvent
Code            85D71C4B                                                                                                            NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     82C458E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              82C653D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!NtTraceEvent                                                                                           82C85A80 5 Bytes  JMP 85D71C50 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91426000, 0x267978, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                                   snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             VMkbd.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             VMkbd.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\usbhub \Device\00000077                                                                                     hcmon.sys

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\usbhub \Device\00000078                                                                                     hcmon.sys

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                              snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\usbhub \Device\00000079                                                                                     hcmon.sys
Device          \Driver\ACPI_HAL \Device\0000005c                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                             avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    hcmon.sys
Device          \Driver\usbhub \Device\0000007a                                                                                     hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    hcmon.sys

---- Threads - GMER 1.0.15 ----

Thread          System [4:5144]                                                                                                     A5846F2E

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xBE 0x94 0xEC 0x6B ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4E 0xF9 0x73 0x99 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x5E 0xDE 0xF9 0x6E ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xBE 0x94 0xEC 0x6B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4E 0xF9 0x73 0x99 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x5E 0xDE 0xF9 0x6E ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                               49BF3103E51E64D25B491BF7B54FD4BB9A9913A8F1F680A9F90399A338D1F32F9D988644D752A668937E85B7B582E3535954609A7AECF72FB8A9A2259021BA6EEC09FDDD7C3E60BC9F860AEDF212A00D2AEC51F553C929BF36712E79602E60D01DFC75D8567102A12CFCF3DEC6917843A04FBB55CCC09ADD88B7BE370C6B2BA1E963BD6380C0AD4B3803026F20D20D339FEFEA77CAC60EF11BDFCC140B109591E1311BCD27C33BD4183E632880723080DF411E3F4316F1472A4F45EDEA98CD35665EC88C0D573739F356C1B97E4AEC306E3E8733432EEC8C48728743CA423605FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79335E3A597C058C6AB599F193C6DBFE768BB4A460E4E74770E04A905EEB9B829CFD37782DB89F0048E7B4DACDDA8FF7898EC3B74B10155D59985FE6BA4FB83EF02B897D82DE24AE055224C77C8692CA46F494CBDE412BC138514262FA111F76D4955C5DC54F17AEFCFE703B3AA1FACEC60C56F2816A782B86C3E747EFDBEC64BC0006ABD48D8F5843D6783C11A7F49E580B8CC60A9EDE956E8D16DEE07DDB855190B50282BE394C9D2B6CD402B8431900890DE1C69853C150B06A758768B51BEF526A0117AFD26A03AD5494811A3762F18

---- EOF - GMER 1.0.15 ----
         
osam.log:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:17:34 on 24.10.2010

OS: Windows 7  (Build 7600), 32-bit
Default Browser: SRWare SRWare Iron 4.0.280.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\avgrsstx.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgldx86.sys
"AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgtdix.sys
"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgmfx86.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"GGSAFER Driver" (GGSAFERDriver) - ? - C:\Program Files\Garena\plugins\UI\safedrv.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\Drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\Drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys
"Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vstor2-ws60.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgse.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - ? - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~3\AVG\AVG9\avgtray.exe
"CmiRemoveDir" - ? - C:\Windows\CMIRMR~1.EXE
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe  (File found, but it contains no detailed information)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgwdsvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Programme\OO Software\Defrag\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe
"VMware Virtual Mount Manager Extended" (vmount2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
"wampapache" (wampapache) - "Apache Software Foundation" - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
"wampmysqld" (wampmysqld) - ? - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe  (File found, but it contains no detailed information)
"webcamXP Service" (wxpSvc) - "Moonware Studios" - C:\Program Files\wLite\wService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 32-bit
Logical Drives Mask:		0x00000ffc

Kernel Drivers (total 170):
  0x82C3A000 \SystemRoot\system32\ntoskrnl.exe
  0x82C03000 \SystemRoot\system32\halmacpi.dll
  0x80BB7000 \SystemRoot\system32\kdcom.dll
  0x89432000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x894AA000 \SystemRoot\system32\PSHED.dll
  0x894BB000 \SystemRoot\system32\BOOTVID.dll
  0x894C3000 \SystemRoot\system32\CLFS.SYS
  0x89505000 \SystemRoot\system32\CI.dll
  0x895B0000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x89621000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8962F000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x89677000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x89680000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x89688000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x89693000 \SystemRoot\system32\DRIVERS\pci.sys
  0x896BD000 \SystemRoot\System32\drivers\partmgr.sys
  0x896CE000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x896DE000 \SystemRoot\System32\drivers\volmgrx.sys
  0x89729000 \SystemRoot\system32\DRIVERS\intelide.sys
  0x89730000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8973E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x89754000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8975D000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x89780000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x89789000 \SystemRoot\system32\drivers\fltmgr.sys
  0x897BD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8981E000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8994D000 \SystemRoot\System32\Drivers\msrpc.sys
  0x89978000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8998B000 \SystemRoot\System32\Drivers\cng.sys
  0x899E8000 \SystemRoot\System32\drivers\pcw.sys
  0x899F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x899FF000 \SystemRoot\system32\drivers\ndis.sys
  0x89AB6000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89AF4000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x89C02000 \SystemRoot\System32\drivers\tcpip.sys
  0x89D4B000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x89D7C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x89D85000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x89DC4000 \SystemRoot\System32\Drivers\spldr.sys
  0x89DCC000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x89DE7000 \SystemRoot\System32\drivers\rdyboost.sys
  0x89E14000 \SystemRoot\System32\Drivers\mup.sys
  0x89E24000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x89E2C000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x89E5E000 \SystemRoot\system32\DRIVERS\disk.sys
  0x89E6F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x89E94000 \SystemRoot\system32\DRIVERS\agp440.sys
  0x89ED6000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x89EF5000 \SystemRoot\System32\Drivers\Null.SYS
  0x89EFC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x89F03000 \SystemRoot\System32\drivers\vga.sys
  0x89F0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x89F30000 \SystemRoot\System32\drivers\watchdog.sys
  0x89F3D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x89F45000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x89F4D000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x89F55000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x89F60000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x89F6E000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x89F85000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x89F90000 \SystemRoot\System32\Drivers\avgtdix.sys
  0x89FCA000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x89B19000 \SystemRoot\system32\drivers\afd.sys
  0x89B73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x89B7A000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x89B99000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x89BA7000 \SystemRoot\system32\DRIVERS\serial.sys
  0x89BC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x89BD4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90419000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9045A000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90464000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9046E000 \SystemRoot\System32\drivers\discache.sys
  0x9047A000 \SystemRoot\system32\drivers\csc.sys
  0x904DE000 \SystemRoot\System32\Drivers\dfsc.sys
  0x904F6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90504000 \SystemRoot\System32\Drivers\avgmfx86.sys
  0x9050A000 \SystemRoot\System32\Drivers\avgldx86.sys
  0x9053E000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x9055F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x9141D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x918AE000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91965000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9199E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x919A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x919F4000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x91A03000 \SystemRoot\system32\drivers\ctaud2k.sys
  0x91A83000 \SystemRoot\system32\drivers\portcls.sys
  0x91AB2000 \SystemRoot\system32\drivers\drmk.sys
  0x91ACB000 \SystemRoot\system32\drivers\ks.sys
  0x91AFF000 \SystemRoot\system32\drivers\ctoss2k.sys
  0x91B33000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0x91B3B000 \SystemRoot\system32\DRIVERS\ctgame.sys
  0x91B3E000 \SystemRoot\system32\DRIVERS\fetnd6v.sys
  0x91B49000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x91B75000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91B80000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x91B8A000 \SystemRoot\system32\DRIVERS\parport.sys
  0x91BA2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x91BBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x91BC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91BD4000 \??\C:\Windows\system32\drivers\VMkbd.sys
  0x90571000 \SystemRoot\system32\drivers\cmuda.sys
  0x91BD8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x91BE5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x91400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x906B7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x906C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x906E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x906FC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90713000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x91418000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x9072A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x91BF7000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x90734000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x91BF9000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
  0x91BFC000 \SystemRoot\system32\DRIVERS\VMNET.SYS
  0x90742000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90C3F000 \SystemRoot\system32\drivers\ha10kx2k.sys
  0x90D49000 \SystemRoot\system32\drivers\emupia2k.sys
  0x90D78000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0x90DA1000 \SystemRoot\system32\drivers\ctac32k.sys
  0x90E3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90E4E000 \SystemRoot\System32\drivers\COMMONFX.SYS
  0x90E69000 \SystemRoot\System32\drivers\CTSBLFX.SYS
  0x90EF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90F02000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x90F15000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x90F1C000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x90F1E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x90F35000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x90F42000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x90F4D000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x90F56000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x93CC0000 \SystemRoot\System32\win32k.sys
  0x90F67000 \SystemRoot\System32\drivers\Dxapi.sys
  0x90F71000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93F20000 \SystemRoot\System32\TSDDD.dll
  0x93F50000 \SystemRoot\System32\cdd.dll
  0x90F7C000 \SystemRoot\system32\drivers\luafv.sys
  0x90F97000 \SystemRoot\system32\drivers\WudfPf.sys
  0x90FB1000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
  0x90FB7000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x90FC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x94434000 \SystemRoot\system32\drivers\HTTP.sys
  0x944B9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x944D2000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x944E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x94507000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x94542000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9455D000 \??\C:\Windows\system32\Drivers\hcmon.sys
  0x94568000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x9456F000 \??\C:\Windows\system32\Drivers\VMparport.sys
  0x94576000 \??\C:\Windows\system32\Drivers\vmx86.sys
  0x94657000 \SystemRoot\system32\drivers\peauth.sys
  0x946EE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x946F8000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x94719000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
  0x94737000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x94744000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
  0x94749000 \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
  0x9474C000 \??\D:\VMware\VMware Workstation\vstor2-ws60.sys
  0x94750000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9479F000 \SystemRoot\System32\DRIVERS\srv.sys
  0x94400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x94421000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77150000 \Windows\System32\ntdll.dll
  0x47810000 \Windows\System32\smss.exe
  0x77390000 \Windows\System32\apisetschema.dll

Processes (total 54):
       0 System Idle Process
       4 System
     340 C:\Windows\System32\smss.exe
     532 csrss.exe
     604 C:\Windows\System32\wininit.exe
     616 csrss.exe
     660 C:\Windows\System32\services.exe
     676 C:\Windows\System32\lsass.exe
     684 C:\Windows\System32\lsm.exe
     752 C:\Windows\System32\winlogon.exe
     860 C:\Windows\System32\svchost.exe
     928 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\Ati2evxx.exe
    1048 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1220 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1544 C:\Windows\System32\spoolsv.exe
    1572 C:\Windows\System32\svchost.exe
    1716 C:\Windows\System32\Ati2evxx.exe
    1784 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    1876 C:\Windows\System32\svchost.exe
    1920 C:\Program Files\Hamachi\hamachi-2.exe
    2020 C:\Program Files\OO Software\Defrag\oodag.exe
    2028 C:\Windows\System32\dwm.exe
     392 C:\Windows\explorer.exe
     528 C:\Program Files\Sandboxie\SbieSvc.exe
    1512 C:\Windows\System32\svchost.exe
    1940 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
     312 C:\Windows\System32\taskhost.exe
    2068 C:\Windows\System32\vmnat.exe
    2184 C:\Windows\System32\vmnetdhcp.exe
    2228 D:\VMware\VMware Workstation\vmware-authd.exe
    2464 C:\Program Files\AVG\AVG9\avgnsx.exe
    2812 C:\Program Files\AVG\AVG9\avgrsx.exe
    2824 C:\Program Files\AVG\AVG9\avgchsvx.exe
    2920 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    3600 WUDFHost.exe
    3704 C:\Program Files\AVG\AVG9\avgtray.exe
    3736 C:\Program Files\Skype\Phone\Skype.exe
    3808 C:\Windows\System32\svchost.exe
    2652 C:\Program Files\SRWare Iron\iron.exe
    2688 C:\Windows\System32\SearchIndexer.exe
    2160 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2224 C:\Program Files\SRWare Iron\iron.exe
    4072 C:\Windows\System32\svchost.exe
    4768 C:\Program Files\SRWare Iron\iron.exe
    1472 C:\Windows\System32\SearchProtocolHost.exe
    4872 C:\Windows\System32\SearchFilterHost.exe
    3672 C:\Users\***\Desktop\MBRCheck.exe
    5472 C:\Windows\System32\conhost.exe
    5436 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`8160fe00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000a`02c2be00  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000002f`763c9c00  (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000042`6fc80400  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
         

Grüße
jackie

Alt 24.10.2010, 14:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 22:33   #15
jackie.ms
 
Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Standard

Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??



Ok hier die nächsten logs:

Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4936

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.10.2010 20:15:18
mbam-log-2010-10-24 (20-15-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 297147
Laufzeit: 1 Stunde(n), 2 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
SuperAntispyware:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/25/2010 at 11:08 PM

Application Version : 4.44.1000

Core Rules Database Version : 5750
Trace Rules Database Version: 3562

Scan type       : Quick Scan
Total Scan Time : 00:28:58

Memory items scanned      : 329
Memory threats detected   : 0
Registry items scanned    : 1807
Registry threats detected : 0
File items scanned        : 19357
File threats detected     : 5

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt

Trojan.Agent/CDesc[Generic]
	G:\EMU\EPSXE152\PLUGINS\SPUIORI.DLL
	G:\EMU\EPSXE152\PLUGINS\SPUIORIL.DLL
	G:\EMU\EPSXE160\PLUGINS\SPUIORI.DLL
	G:\EMU\EPSXE160\PLUGINS\SPUIORIL.DLL
         
Grüße
jackie

Antwort

Themen zu Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??
anleitungen, entfern, entfernt, essen, essentials, forum, gen, hoffe, natürlich, poste, security, security essentials, security essentials 2010, service, sichert, titel, troja, trojaner, wenig



Ähnliche Themen: Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??


  1. Trojaner: JS/Redirector.NL von Microsoft Security Essentials entdeckt und entfernt. Reicht das?
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (5)
  2. Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt?
    Log-Analyse und Auswertung - 08.12.2011 (7)
  3. Ist PC nach Trojaner Internet Security 2010 wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (11)
  4. Internet Security Tool entfernt - alles wieder ok?
    Log-Analyse und Auswertung - 28.11.2010 (13)
  5. Microsoft Security Essentials Alert - fast alles ausprobiert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (1)
  6. Security Essentials 2010 lässt sich nicht entfernen, rkill funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (11)
  7. Antivirus 2010 Security Centre - wirklich vollständig entfernt?
    Log-Analyse und Auswertung - 23.09.2010 (19)
  8. Security Suite (hoffentlich) entfernt - jetzt clean?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2010 (7)
  9. Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (2)
  10. av security suite entfernt -- alles entfernt?
    Log-Analyse und Auswertung - 12.07.2010 (1)
  11. Datei dhcpcsvc.dll erstellt sich selbst neu nach entfernung von Security Essentials 2010
    Plagegeister aller Art und deren Bekämpfung - 03.07.2010 (7)
  12. Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (17)
  13. security essentials 2010 entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.05.2010 (2)
  14. Security Essentials 2010 lässt sich einfach nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (1)
  15. Desktop Security 2010 installiert sich immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (4)
  16. XP Internet Security 2010 / Antivirus Vista 2010 / Win 7 Antispyware 2010 entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
  17. Security Essentials 2010 entfernen
    Anleitungen, FAQs & Links - 18.02.2010 (2)

Zum Thema Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? - Hallo, ich hatte den im Titel beschriebenen Trojaner auf meinem PC und laut den Anleitungen hier im Forum wieder entfernt. Trotzdem bin ich jetzt natürlich ein wenig verunsichert und poste - Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??...
Archiv
Du betrachtest: Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.