Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2011, 00:48   #1
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Hallo!

Es gibt zu diesem Trojaner zwar bereits ein Thema, was genau meine Problematik beinhaltet, aber ich will einfach nur 100% sicher gehen, dass ich mir da nicht doch einen Schädling eingefangen habe.

Hier das schon vorhandene Thema: http://www.trojaner-board.de/99261-f...ep-trojan.html

Bei mir ist es genau wie im beschriebenen Fall. Das Programm Stinger hat bei mir den oben genannten Trojaner entdeckt. Malwarebytes und Avira finden ihn nicht.


Hier nun das Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6678

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.05.2011 00:39:14
mbam-log-2011-05-26 (00-39-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158149
Laufzeit: 2 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Der Scan mit OTL [Extras.txt]:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.05.2011 00:40:34 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = F:\Firefox Download
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free
7,98 Gb Paging File | 5,88 Gb Available in Paging File | 73,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,48 Gb Total Space | 170,13 Gb Free Space | 72,25% Space Free | Partition Type: NTFS
Drive E: | 5,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 214,67 Gb Total Space | 201,04 Gb Free Space | 93,65% Space Free | Partition Type: NTFS
 
Computer Name: BUNDESHORST-PC | User Name: Bundeshorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{7B487697-A041-A601-5CC1-E87A29C42FAA}" = ATI AVIVO64 Codecs
"{7C8D4E26-7A34-2038-8763-2D689236CA83}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9D05540B-559D-CE93-C5FF-22A74B2491E1}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A3D6084-2F69-C794-7298-5E2AF03C743F}" = CCC Help Danish
"{11788990-CAE8-F48D-9297-4FCAD8C6B6CE}" = CCC Help Norwegian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19C21D2D-8A78-CBF7-89BB-CF4E43F61FC4}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{1FD6B02F-A065-A24A-254C-402A2F61ABE0}" = CCC Help Polish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27996809-446F-7261-6C69-6B654C656F6E}" = 
"{2800948E-6B3E-CCA4-7CCE-2662810DA12C}" = Catalyst Control Center Core Implementation
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B94922D-0897-7D27-EF6C-2C231ED7A7B5}" = CCC Help Czech
"{2BBC5287-A288-3CA6-1266-2C358837933B}" = CCC Help Chinese Standard
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{436D79C8-F01B-8C72-F75D-BFCC7F7AFF3D}" = CCC Help Dutch
"{4854DBF6-D51F-C15F-6E4C-37D835FF256B}" = CCC Help Turkish
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C6BC364-BE78-D565-9945-25ED7F11455C}" = CCC Help French
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{506E3E0F-F465-04E9-E8B3-C9F177CA2778}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C9CD87F-987B-6A16-B7D5-9D3A64C69898}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64451AE2-695C-AF53-0C77-888588AA2E30}" = CCC Help German
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{689FC9DE-8703-FF96-605F-6580ADB32ACF}" = CCC Help Swedish
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7272CB6D-FAD3-F8E4-1747-0EEE676BFB75}" = CCC Help Chinese Traditional
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76C03BC0-F22F-C64A-B7A2-E0D84DFDCF70}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77279674-D034-FFD9-BFCD-A22D0E0E3C9D}" = CCC Help Korean
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer Wird Millionär? Party Edition
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92E650E1-0A18-2722-2048-135539D04BA1}" = ccc-core-static
"{949D8200-E178-47B1-471A-441920549F48}" = CCC Help Russian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9B790AED-4E67-595A-0CA0-1ED08C593DD3}" = Catalyst Control Center Localization All
"{A0F31F33-289F-6131-C324-55554C0918F8}" = Catalyst Control Center Graphics Full New
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8E4FE4B-895C-F090-2D5A-675683C88743}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA372444-CEB2-56DC-842F-80CD5F0883B4}" = CCC Help Thai
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAF70A87-AFF6-A935-3801-86E219B58505}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DB1E01D6-84CE-C7A3-2ED4-45D9895537DB}" = Catalyst Control Center InstallProxy
"{DB29FC4B-4A5B-45AC-805D-A1A449DD136A}" = Acer Arcade Instant On
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF68FB1B-B43F-5C1A-71CA-FB5AABC7B525}" = Catalyst Control Center Graphics Light
"{F06ECC9F-8334-0817-57F8-EFC93D28D231}" = CCC Help English
"{F083DD72-824B-3B7D-DB77-3F21B4B174D6}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA4ABFEA-76AF-AAA2-D343-B778063DD8FF}" = CCC Help Hungarian
"{FF7B9579-BA65-3512-8B10-7BBF6F4354A9}" = CCC Help Japanese
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mass Effect 2 German_is1" = Mass Effect 2 German
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.05.2011 06:21:35 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.05.2011 06:22:43 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 04.05.2011 06:23:18 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 24.05.2011 08:59:30 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.05.2011 08:59:30 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.05.2011 08:59:31 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 24.05.2011 08:59:31 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.05.2011 13:52:19 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 24.05.2011 13:52:19 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 25.05.2011 14:00:05 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 25.05.2011 14:00:05 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 25.05.2011 14:00:06 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 25.05.2011 14:00:06 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


Der Scan mit OTL [OTL.txt]:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.05.2011 00:40:34 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = F:\Firefox Download
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free
7,98 Gb Paging File | 5,88 Gb Available in Paging File | 73,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,48 Gb Total Space | 170,13 Gb Free Space | 72,25% Space Free | Partition Type: NTFS
Drive E: | 5,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 214,67 Gb Total Space | 201,04 Gb Free Space | 93,65% Space Free | Partition Type: NTFS
 
Computer Name: BUNDESHORST-PC | User Name: Bundeshorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\Firefox Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Firefox Download\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (Ltn_stk7070P) -- C:\Windows\SysNative\drivers\Ltn_stk7070P.sys (LiteOn)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 22:29:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 22:29:56 | 000,000,000 | ---D | M]
 
[2010.07.07 23:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bundeshorst\AppData\Roaming\mozilla\Extensions
[2011.03.27 21:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bundeshorst\AppData\Roaming\mozilla\Firefox\Profiles\td9bz4nv.default\extensions
[2011.05.19 00:16:14 | 000,001,056 | ---- | M] () -- C:\Users\Bundeshorst\AppData\Roaming\Mozilla\Firefox\Profiles\td9bz4nv.default\searchplugins\icqplugin.xml
[2010.12.07 13:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.07 13:25:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.04.30 22:29:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.30 22:29:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.30 22:29:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.30 22:29:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.30 22:29:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.24 05:45:20 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.09.04 05:34:49 | 000,227,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell\AutoRun\command - "" = D:\AutoPlay.exe -auto
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.25 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\Bundeshorst\AppData\Roaming\Malwarebytes
[2011.05.25 22:44:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.25 22:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.25 22:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.25 22:44:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.25 22:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.23 13:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.05.18 11:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.05.18 11:43:18 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.11 20:14:10 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.11 20:14:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.11 20:14:08 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 20:14:07 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 20:14:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 20:14:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 20:14:06 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.07 04:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011.05.07 04:25:34 | 000,000,000 | ---D | C] -- C:\Users\Bundeshorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2011.05.07 04:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2011.04.28 11:43:28 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.28 11:43:28 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.28 11:43:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.28 11:43:26 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.28 11:43:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.28 11:43:12 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.28 11:43:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.28 11:43:11 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.28 11:43:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.28 11:43:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.28 11:43:11 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.28 11:43:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.28 11:43:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2009.08.27 03:37:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.26 00:13:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.25 22:44:55 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.25 20:07:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.25 20:07:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.25 20:04:31 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.25 20:04:31 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.25 20:04:31 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.25 20:04:31 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.25 20:04:31 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.25 20:00:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.25 20:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.25 20:00:00 | 3213,967,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.18 11:43:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.04.30 23:20:28 | 000,005,878 | ---- | M] () -- C:\Users\Bundeshorst\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2011.05.25 22:44:55 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.30 23:20:28 | 000,005,878 | ---- | C] () -- C:\Users\Bundeshorst\.recently-used.xbel
[2010.12.07 13:33:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.27 23:50:09 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.05 05:50:15 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.05 05:50:14 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.05 05:50:13 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.07.30 16:21:01 | 000,000,000 | ---- | C] () -- C:\Users\Bundeshorst\AppData\Roaming\wklnhst.dat
[2010.07.07 23:29:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.08 09:01:46 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.11.08 09:01:46 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.11.08 09:01:46 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.11.08 09:01:46 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.08.27 03:17:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.07.07 23:05:22 | 000,000,000 | -HSD | M] -- C:\Users\Bundeshorst\AppData\Roaming\.#
[2010.10.08 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\2K Sports
[2010.10.04 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Auslogics
[2011.03.15 23:19:09 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Canneverbe Limited
[2010.07.11 06:02:58 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\DAEMON Tools Lite
[2011.03.27 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.15 23:43:34 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\freac
[2011.03.15 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\FreeFLVConverter
[2010.07.07 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\GameConsole
[2011.04.30 23:12:52 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\gtk-2.0
[2011.05.25 22:02:52 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\ICQ
[2010.10.04 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Need for Speed World
[2011.03.16 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\PowerCinema
[2010.09.09 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\SoftDMA
[2010.10.29 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Steinberg
[2010.09.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\temp
[2010.10.29 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\VST3 Presets
[2011.04.17 04:04:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Ich hoffe ich habe bei der Erstellung des Themas alles richtig gemacht und bedanke mich schonmal im Vorraus für jede folgende Hilfe.

Alt 26.05.2011, 12:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 26.05.2011, 14:33   #3
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Ältere Scans habe ich leider nicht mehr.

Hier nun der Vollständige Suchlauf:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6683

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.05.2011 14:32:01
mbam-log-2011-05-26 (14-32-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 287395
Laufzeit: 36 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 26.05.2011, 14:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.24 05:45:20 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.09.04 05:34:49 | 000,227,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell\AutoRun\command - "" = D:\AutoPlay.exe -auto
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell\AutoRun\command - "" = G:\Autorun.exe
[2010.07.07 23:05:22 | 000,000,000 | -HSD | M] -- C:\Users\Bundeshorst\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.05.2011, 15:27   #5
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Ich habe das ganze zwei mal gemacht, da ich beim ersten mal vergessen hatte den Avira zu deaktivieren. Ich hoffe das war nicht weiter schlimm ..

Hier das Ergebnis:

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found.
File D:\AutoPlay.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found.
File G:\Autorun.exe not found.
Folder C:\Users\Bundeshorst\AppData\Roaming\.#\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 05262011_152318

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Alt 26.05.2011, 16:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> FakeAlert!fakealert-REP virus

Alt 26.05.2011, 22:17   #7
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Mal kurz zwischendurch: Dieses Forum ist der Hammer!!

So und hier der Report:


2011/05/26 22:14:01.0581 3340 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 22:14:01.0800 3340 ================================================================================
2011/05/26 22:14:01.0800 3340 SystemInfo:
2011/05/26 22:14:01.0800 3340
2011/05/26 22:14:01.0800 3340 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/26 22:14:01.0800 3340 Product type: Workstation
2011/05/26 22:14:01.0800 3340 ComputerName: BUNDESHORST-PC
2011/05/26 22:14:01.0800 3340 UserName: Bundeshorst
2011/05/26 22:14:01.0800 3340 Windows directory: C:\Windows
2011/05/26 22:14:01.0800 3340 System windows directory: C:\Windows
2011/05/26 22:14:01.0800 3340 Running under WOW64
2011/05/26 22:14:01.0800 3340 Processor architecture: Intel x64
2011/05/26 22:14:01.0800 3340 Number of processors: 8
2011/05/26 22:14:01.0800 3340 Page size: 0x1000
2011/05/26 22:14:01.0800 3340 Boot type: Normal boot
2011/05/26 22:14:01.0800 3340 ================================================================================
2011/05/26 22:14:02.0548 3340 Initialize success
2011/05/26 22:14:19.0256 0144 ================================================================================
2011/05/26 22:14:19.0256 0144 Scan started
2011/05/26 22:14:19.0256 0144 Mode: Manual;
2011/05/26 22:14:19.0256 0144 ================================================================================
2011/05/26 22:14:20.0005 0144 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/26 22:14:20.0161 0144 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/26 22:14:20.0348 0144 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/26 22:14:20.0566 0144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/26 22:14:20.0785 0144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/26 22:14:20.0956 0144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/26 22:14:21.0175 0144 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/26 22:14:21.0424 0144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/26 22:14:21.0674 0144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/26 22:14:21.0846 0144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/26 22:14:21.0970 0144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/26 22:14:22.0173 0144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/26 22:14:22.0329 0144 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/26 22:14:22.0516 0144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/26 22:14:22.0704 0144 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/26 22:14:22.0906 0144 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/26 22:14:23.0109 0144 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/26 22:14:23.0281 0144 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/26 22:14:23.0499 0144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 22:14:23.0655 0144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/26 22:14:24.0108 0144 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/26 22:14:24.0513 0144 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/26 22:14:24.0716 0144 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/26 22:14:24.0872 0144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/26 22:14:25.0044 0144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/26 22:14:25.0231 0144 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/26 22:14:25.0434 0144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/26 22:14:25.0574 0144 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 22:14:25.0730 0144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/26 22:14:25.0855 0144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/26 22:14:26.0073 0144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/26 22:14:26.0214 0144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/26 22:14:26.0370 0144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/26 22:14:26.0557 0144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/26 22:14:26.0760 0144 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/26 22:14:26.0900 0144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/26 22:14:27.0196 0144 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/26 22:14:27.0399 0144 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/26 22:14:27.0633 0144 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/26 22:14:27.0820 0144 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
2011/05/26 22:14:27.0992 0144 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/05/26 22:14:28.0164 0144 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
2011/05/26 22:14:28.0335 0144 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/26 22:14:28.0460 0144 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/26 22:14:28.0600 0144 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 22:14:28.0788 0144 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 22:14:28.0928 0144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/26 22:14:29.0053 0144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/26 22:14:29.0271 0144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 22:14:29.0412 0144 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/26 22:14:29.0568 0144 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/26 22:14:29.0724 0144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 22:14:29.0864 0144 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/26 22:14:30.0020 0144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/26 22:14:30.0207 0144 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 22:14:30.0457 0144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/26 22:14:30.0628 0144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/26 22:14:30.0753 0144 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2011/05/26 22:14:30.0972 0144 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 22:14:31.0174 0144 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 22:14:31.0533 0144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/26 22:14:31.0845 0144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/26 22:14:31.0986 0144 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/26 22:14:32.0157 0144 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\Windows\system32\DRIVERS\enecirhid.sys
2011/05/26 22:14:32.0266 0144 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
2011/05/26 22:14:32.0438 0144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/26 22:14:32.0688 0144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/26 22:14:32.0875 0144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 22:14:33.0015 0144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 22:14:33.0202 0144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 22:14:33.0358 0144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 22:14:33.0530 0144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 22:14:33.0686 0144 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 22:14:33.0826 0144 FPSensor (44c86363d4673688e61f3c096b511811) C:\Windows\system32\Drivers\FPSensor.sys
2011/05/26 22:14:33.0951 0144 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/26 22:14:34.0123 0144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 22:14:34.0232 0144 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/26 22:14:34.0388 0144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/26 22:14:34.0591 0144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/26 22:14:34.0825 0144 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 22:14:34.0996 0144 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 22:14:35.0152 0144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/26 22:14:35.0308 0144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/26 22:14:35.0480 0144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/26 22:14:35.0620 0144 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 22:14:35.0854 0144 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/26 22:14:35.0995 0144 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 22:14:36.0151 0144 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/26 22:14:36.0307 0144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 22:14:36.0494 0144 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/26 22:14:36.0650 0144 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/26 22:14:36.0853 0144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/26 22:14:37.0180 0144 IntcAzAudAddService (11b392d117217a4caec7440d28cb1178) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/26 22:14:37.0368 0144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/26 22:14:37.0524 0144 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 22:14:37.0633 0144 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/26 22:14:37.0773 0144 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/26 22:14:37.0898 0144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/26 22:14:38.0007 0144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/26 22:14:38.0148 0144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/26 22:14:38.0304 0144 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 22:14:38.0444 0144 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/26 22:14:38.0600 0144 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/05/26 22:14:38.0756 0144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 22:14:38.0928 0144 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 22:14:39.0193 0144 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 22:14:39.0302 0144 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/26 22:14:39.0427 0144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/26 22:14:39.0598 0144 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 22:14:39.0739 0144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/26 22:14:39.0848 0144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/26 22:14:40.0004 0144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/26 22:14:40.0129 0144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/26 22:14:40.0254 0144 Ltn_stk7070P (9d48f75c237f972e8cdea3f5bcff74d5) C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
2011/05/26 22:14:40.0425 0144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/26 22:14:40.0550 0144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/26 22:14:40.0722 0144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/26 22:14:40.0878 0144 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/26 22:14:41.0049 0144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 22:14:41.0190 0144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 22:14:41.0314 0144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 22:14:41.0470 0144 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 22:14:41.0595 0144 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/26 22:14:41.0720 0144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 22:14:41.0845 0144 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 22:14:41.0970 0144 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 22:14:42.0110 0144 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 22:14:42.0266 0144 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 22:14:42.0406 0144 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/26 22:14:42.0547 0144 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/26 22:14:42.0687 0144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 22:14:42.0812 0144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/26 22:14:42.0968 0144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/26 22:14:43.0093 0144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 22:14:43.0218 0144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 22:14:43.0358 0144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 22:14:43.0467 0144 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 22:14:43.0592 0144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 22:14:43.0748 0144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 22:14:43.0966 0144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/26 22:14:44.0154 0144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/26 22:14:44.0278 0144 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/26 22:14:44.0403 0144 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/26 22:14:44.0590 0144 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/26 22:14:44.0778 0144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 22:14:45.0012 0144 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/26 22:14:45.0152 0144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/26 22:14:45.0324 0144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 22:14:45.0464 0144 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 22:14:45.0636 0144 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 22:14:45.0745 0144 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 22:14:45.0901 0144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 22:14:46.0026 0144 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 22:14:46.0353 0144 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/05/26 22:14:46.0665 0144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/26 22:14:46.0821 0144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 22:14:46.0946 0144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 22:14:47.0149 0144 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 22:14:47.0352 0144 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/26 22:14:47.0476 0144 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/26 22:14:47.0601 0144 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 22:14:47.0757 0144 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 22:14:47.0898 0144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/26 22:14:48.0054 0144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 22:14:48.0288 0144 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/26 22:14:48.0475 0144 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 22:14:48.0631 0144 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/26 22:14:48.0740 0144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/26 22:14:48.0880 0144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/26 22:14:49.0005 0144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/26 22:14:49.0161 0144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/26 22:14:49.0411 0144 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 22:14:49.0536 0144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/26 22:14:49.0723 0144 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 22:14:49.0941 0144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/26 22:14:50.0331 0144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/26 22:14:50.0440 0144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 22:14:50.0565 0144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 22:14:50.0862 0144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/26 22:14:51.0002 0144 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 22:14:51.0142 0144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 22:14:51.0252 0144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 22:14:51.0392 0144 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 22:14:51.0548 0144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/26 22:14:51.0751 0144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 22:14:51.0876 0144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 22:14:52.0000 0144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/26 22:14:52.0110 0144 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 22:14:52.0297 0144 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/26 22:14:52.0500 0144 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/26 22:14:52.0671 0144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 22:14:52.0843 0144 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/05/26 22:14:53.0061 0144 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/26 22:14:53.0186 0144 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/26 22:14:53.0342 0144 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/26 22:14:53.0482 0144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 22:14:53.0623 0144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/26 22:14:53.0810 0144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/26 22:14:53.0997 0144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/26 22:14:54.0122 0144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/26 22:14:54.0231 0144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/26 22:14:54.0340 0144 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/26 22:14:54.0465 0144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/26 22:14:54.0621 0144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/26 22:14:54.0746 0144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/26 22:14:54.0886 0144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 22:14:55.0074 0144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/26 22:14:55.0401 0144 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/05/26 22:14:55.0401 0144 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/05/26 22:14:55.0401 0144 sptd - detected LockedFile.Multi.Generic (1)
2011/05/26 22:14:55.0542 0144 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 22:14:55.0698 0144 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 22:14:55.0854 0144 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 22:14:56.0025 0144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/26 22:14:56.0150 0144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 22:14:56.0259 0144 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/26 22:14:56.0431 0144 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 22:14:56.0618 0144 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 22:14:56.0743 0144 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 22:14:56.0883 0144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 22:14:57.0024 0144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 22:14:57.0164 0144 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 22:14:57.0273 0144 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 22:14:57.0414 0144 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 22:14:57.0538 0144 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 22:14:57.0648 0144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/26 22:14:57.0757 0144 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/05/26 22:14:57.0913 0144 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 22:14:58.0069 0144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/26 22:14:58.0178 0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 22:14:58.0350 0144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/26 22:14:58.0537 0144 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 22:14:58.0646 0144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/26 22:14:58.0786 0144 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 22:14:58.0927 0144 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 22:14:59.0067 0144 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/05/26 22:14:59.0223 0144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/26 22:14:59.0332 0144 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/26 22:14:59.0442 0144 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/05/26 22:14:59.0582 0144 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/26 22:14:59.0738 0144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/26 22:14:59.0878 0144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 22:14:59.0988 0144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/26 22:15:00.0097 0144 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/26 22:15:00.0222 0144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/26 22:15:00.0331 0144 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/26 22:15:00.0487 0144 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 22:15:00.0674 0144 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/26 22:15:00.0892 0144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/26 22:15:01.0033 0144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/05/26 22:15:01.0173 0144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/26 22:15:01.0298 0144 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:15:01.0329 0144 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:15:01.0454 0144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/26 22:15:01.0610 0144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 22:15:01.0813 0144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/26 22:15:01.0922 0144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/26 22:15:02.0140 0144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/26 22:15:02.0312 0144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 22:15:02.0499 0144 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/26 22:15:02.0624 0144 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 22:15:02.0811 0144 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/26 22:15:02.0936 0144 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/05/26 22:15:02.0952 0144 MBR (0x1B8) (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0
2011/05/26 22:15:03.0716 0144 ================================================================================
2011/05/26 22:15:03.0716 0144 Scan finished
2011/05/26 22:15:03.0716 0144 ================================================================================
2011/05/26 22:15:03.0747 4744 Detected object count: 1
2011/05/26 22:15:03.0747 4744 Actual detected object count: 1
2011/05/26 22:15:12.0218 4744 LockedFile.Multi.Generic(sptd) - User select action: Skip


ps: Probleme auf meine eigenen Dateien zuzugreifen habe ich nicht.

Alt 27.05.2011, 09:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2011, 12:11   #9
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Wiedermal ist mir die Deaktivierung des Virenscanners durch die Lappen gegangen und ich musste das Programm 2x durchlaufen lassen. .. und wieder mal hoffe ich es ist nicht all zu wild

Hier das Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-26.02 - Bundeshorst 27.05.2011  12:00:44.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4087.2574 [GMT 2:00]
ausgeführt von:: c:\users\Bundeshorst\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-27 bis 2011-05-27  ))))))))))))))))))))))))))))))
.
.
2011-05-27 10:03 . 2011-05-27 10:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-27 09:44 . 2011-05-27 09:55	--------	d-----w-	C:\cofi
2011-05-25 23:05 . 2011-04-22 20:18	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-05-25 20:45 . 2011-05-25 20:45	--------	d-----w-	c:\users\Bundeshorst\AppData\Roaming\Malwarebytes
2011-05-25 20:44 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-25 20:44 . 2011-05-25 20:44	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-25 20:44 . 2011-05-25 20:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-25 20:44 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-24 13:05 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{43B489D2-B2AF-4AF3-A94B-A0C7B37F9A99}\mpengine.dll
2011-05-18 09:43 . 2011-05-18 09:43	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 18:14 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-05-11 18:14 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2011-05-11 18:14 . 2011-04-09 06:45	5509504	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-11 18:14 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:14 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:14 . 2011-03-25 03:23	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:14 . 2011-03-25 03:23	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:14 . 2011-03-25 03:23	324608	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-05-11 18:14 . 2011-03-25 03:22	52224	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:14 . 2011-03-25 03:22	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:14 . 2011-03-25 03:22	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:14 . 2011-03-25 03:22	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-05-07 02:25 . 2011-05-07 02:25	--------	d-----w-	c:\program files (x86)\SopCast
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 06:19 . 2011-04-14 08:45	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 08:45	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 08:45	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-14 08:45	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:14 . 2011-04-14 08:44	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-14 08:44	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 09:43	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 09:43	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-14 08:44	182272	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-14 08:44	30208	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-14 08:44	28672	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-14 08:45	3133440	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-27_09.51.42   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-05-27 09:43	38716              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-27 09:53	38716              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-07 13:28 . 2011-05-27 09:53	10244              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2092904018-1444182634-3070834641-1000_UserData.bin
+ 2010-07-19 17:47 . 2011-05-27 09:54	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-19 17:47 . 2011-05-27 09:54	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-19 17:47 . 2011-05-27 09:54	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-07 13:28 . 2011-05-27 09:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-07 13:28 . 2011-05-27 10:00	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-07 13:28 . 2011-05-27 10:00	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-07 13:28 . 2011-05-27 09:44	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-05-27 09:48	624776              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-27 09:56	624776              c:\windows\system32\perfh009.dat
+ 2009-11-08 15:45 . 2011-05-27 09:56	664634              c:\windows\system32\perfh007.dat
- 2009-11-08 15:45 . 2011-05-27 09:48	664634              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-05-27 09:56	110414              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-27 09:48	110414              c:\windows\system32\perfc009.dat
- 2009-11-08 15:45 . 2011-05-27 09:48	134770              c:\windows\system32\perfc007.dat
+ 2009-11-08 15:45 . 2011-05-27 09:56	134770              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3567616]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-27 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/11/08 08:17];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-10-05 17:15 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-19 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-18 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3450368]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-17 8061984]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-18 496160]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Bundeshorst\AppData\Roaming\Mozilla\Firefox\Profiles\td9bz4nv.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-27  12:05:43
ComboFix-quarantined-files.txt  2011-05-27 10:05
ComboFix2.txt  2011-05-27 09:55
.
Vor Suchlauf: 16 Verzeichnis(se), 191.862.063.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 191.618.637.824 Bytes frei
.
- - End Of File - - 0043CEC921D953452EDED62B5879744E
         
--- --- ---

Alt 27.05.2011, 15:12   #10
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Kleine Info zwischendurch: Gerade hat sich das System urplötzzlich mit nem Bluescreen verabschiedet. Der Laptop hat neu gestartet und nun läuft wieder alles.
Außerdem zeigt mir Windows seit Neustem beim Runterfahren gelegentlich an, dass im Hintergrund noch ein Programm läuft ..

Alt 27.05.2011, 16:44   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2011, 17:39   #12
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Das GMER Log:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-27 17:38:09
Windows 6.1.7600  
Running: 09xgcpdk.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a78224                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                    ????????????????????????????{00000000-0000-0000-ffff-ffffffffffff}??????8&205264f3&0?6????t??????4??????????????????????????????????????Microsoft?????????????????????????????????????P??????????????????????????????????????????????????????????????i??????????????????????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}??????????????????2\????????????????????,??????????????????????????????????????????????????????????5?????????753???????? ??????????????e????????????????????????????????????????????????????????????????????????N????????????D????? ????????????????????????????$???????????????s??/??? ???????????????????Z????????"??????????f?????????????????????????????? ???!???????????$???%???????????(???)???????????,???-???????????0???1???????????4???5???????????8???9???????????<???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???? ?????????????CC0?????????????? ?????????$?????????(?????????,?????????0??????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                   ???k?k??LegacyDriver??????N??l??????????????????????????t???????????????? ??@circlass.inf,%microsoft%;Microsoft?????PEAUTH??????????????*pnp0c02????????????????????? ???????j?????k?????k?????????????????????C??????N???????????D?{4??? ???????k??????????????????????Z????????????????k???e??sy?????????????????????k?&??LegacyDriver?3??????De????N??k????????D??????????????????k??????d??????????????g????*6to4mp??????????????????????l?l53????N??k?????????3?3??? ^?????????????????gendisk??????????????l?l?l???????j???3???i???k???????????????????u???????2??? ???????j?????k?????j???????????????????????E???????k???$?????????k?&??? ???????k???????????k??????????b???????????LegacyDriver????1&841921d&0??6???k???k???????????k?l?2???????????????????????????????k?????k?&???k??? ???????j?????k?????k????????????&? ???????V???? ???????k??????????????????????\????????????????????o?????s?3???????????e???????????????D?????s\c???????????k???l?l?????k???????????D??ic????N??k??????????????Volume??????PrinterBusEnumerator?????????k?????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                  ???j????\\?\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i7_CPU_______Q_720__@_1.60GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}???ACPI\GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i7_CPU_______Q_720__@_1.60GHz\_6??????????????? ??????????? ???j??????????s?????N??h???o?????D????PNP_TDI?????cpu.inf?????????????????????????kbdclass?????h???????h???C???h???g?g????????????????????????????? ??0???????????????????keyboard.inf?M??? $??h???d???????\??HID_Keyboard_Inst???? ???@??????????t????????@???????????????????@??????????????? ???f??????????????HID-Tastatur????? ???h??????????n???6.1.7600.16385????????X??????.???.??LegacyDriver?c??? ???j??????????Tc???????????D???E??Microsoft????????j??????????????(I??.NTAMD64? ???@?@?@?@?@?@????????? ???????@???????????????????? ?6???????dl??1:Brightness=0.0,Contrast=1.0,Saturation=1.0,Gamma=0.0,Hue=0.0;2:Brightness=-3.0,Contrast=1.16,Saturation=1.25,Gamma=0.0,Hue=0.0;3:Brightness=-3.0,Contrast=1.07,Saturation=1.10,Gamma=0.0,Hue=0.0;4:Bright
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                               ????????{4d36e967-e325-11ce-bfc1-08002be10318}\0001?Se??????????????????????????????????????Root\*6TO4MP\0022???? ??????????????????????74??pt??????~2??????X???????????? ??????????????????????????????????????????????????????????? ?????????????????????,????????N???????????? ????????????????????N?????????????{2995055f-cc33-11de-b24b-806e6f6e6963}??????????????????????? ???????????????????????????????????????f??????????????? ?????????????????????0??L????????? ???????????????????????????????? ?????????????????????0????????????&????????????????????0??? ?????????????????????0????????????????????? ?????????????????????0????????$????????????????????????????????????????????????????|??????%m??????????????????? ?????????????????????0????????????&????????????????????f???????????0??? ?????????????????????0????????????????????? ?????????????????????0????????????????????disk.inf:disk_device.NTamd64:disk_install:6.1.7600.16385:gendisk????????????????????????????????????????st??????????? ?????????????????????0???????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                              ???k?????????3???m?m??????????????????????X??????????????????k???5??s???{00000000-0000-0000-0000-000000000000}??????Security Processor Loader Driver????Root\*6TO4MP\0008???6????????????????????????????????????????????????????????5?????s?5??????????? ???????j?????k?????k?????????????? ???????D???? b?????????????????? ???????k??????????????????????N???????????????????????????????????6-21-2006??????k?&??LegacyDriver? ??????????????????????LegacyDriver????LegacyDriver??????N??l?????????D??????V??u?????????e??????$??k???8???????v???l?l?l???????f??????s?????N??l????????D??????l??????????????????????? ???????j?????k?????k???????????????????????????????????????????.??? ???????k???????????p??????????N????????????  ??1???n????? 2????????????k?l85?????k?&??? ???????k??????????????????????`????????????????????a??an???????????v??_N???k?k????{8ECC055D-047F-11D1-A537-0000F8753ED1}?md6??? ???????j?????k?????k????????????0??????????????????????????????????????k???????e??volsnap??????????????????????k?k?k?k?k?k????{71a27cdd-8
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                             ???j?|???????????  ??k???.?????mp???????????????????LegacyDriver????LegacyDriver?-?????????????????????????????????s???????? $????????N??j????????D??????????j???e???e???????????k???p???????????????????????????????6??????Boot File System???????????????????s?????k?k?k???l?m?????????????????d?????????????? ??????????s????LegacyDriver?????????j??????s????????????n??????1.??TCP/IP Registry Compatibility???System32\drivers\tcpipreg.sys???????????mrxsmb??????6-7-2009?????j?j????????????????????????t????????????????????F??PF???j???????????????????j??????s????????t????????????????????????????????h????????g????????????p???Pr??LegacyDriver????????????????????????3-???j?j????????????LegacyDriver?????????c???e?e?j?j?j?j?j???j?k?????k?k?k??????????????????os???????????????????????????????????????e???????e??????????????????????????????????? J??????????????3???????????????????k?kos??t???????????LegacyDriver?????????????D?????s\a???????????????????????j??????????????????????t???????????????t????????????????????????????o?????
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xDC 0xA0 0x30 0x7D ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xCF 0xAC 0x07 0x2F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA0 0x6A 0x22 0xC8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x3C 0x5B 0x31 0xB1 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a78224 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                        ???b?k??STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#0000000000007E00???????????T???????????????????h??????p????????T???????????????????/??????s?????N??g???4?????Dec??PCI\VEN_1002&DEV_9480&SUBSYS_03111025&REV_00\4&19611653&0&0018???????????T???????????????????T???????????????????????T??????????? ???h???o?????eDo????X??????0???0??\\?\IDE#CdRomHL-DT-ST_BDDVDRW_CT10N__________________WA03____#4&363997c0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?E6??STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E04BD000?????????d?p????????????X??e??????????????*6to4mp?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?"???STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E6ABE800??????\\?\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}???????????T?????????????????????????????????s?????????2??????s????????????e?
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                       ???k?????k???k?????k????? ???????k?????k???????0????????????&??????????????????????????k???k????? ???????k?????k???????0???????????????????????k????? ???????k???????????k?0????????????????????composite_battery????????????????????k?????k????? ???????k?????k???????0???????????????????????k?????k??? ???????k???????????k?0????????????????????? ???????k???????????j?0?????????????????????k?l?k?????k????? ???????k?????k???????0????????????????????battery.inf??????k??? ???????k???????????k?0????????2???????????? ???????j?????k???????0???????????????????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????k?0????????"????????????????????????????????????????????????????????????v?v?v???k?????k????? ???????k?????k???????0??????????????????????$??k???????????????k??????????? ???????k???????????k?0????????(???????????? ???????j???????????k?0????????8????????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????k?0????????????????????? ???????j?????k???????0???
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                      ???k?????????????e??????iv???????????y???k???????k???k???????????????j?j?j?k?k?k?????????????????????3??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????F??????????????LegacyDriver?????k???????????2???????????????????&???????u????N???????????D??????k???????k???????????l?k?2??? ???????j?????k?????k?????????????? ???????L????????2???????e???k??? ???????k???????????k??????????^????????????h?j?l???????f?g?j?j?k??????VgaSave?????????????????11???????k?k?k???l?l????? R??k??????????s??????k?&????N??k????????D??????????????*???*???????????h???o????6??t????????h?????DiskDrive????????y???k???????????k?k?l???l?l?l??PNP_TDI??????????k??????s????????m???k?l?k???????k???????k??????s?????:??m?????g?????k?k?k???k?l?k?????????????????s????int?????????????????????????????????????????????LegacyDriver?????????????D??????\s??????????????????Microsoft?????N??k????????D??????? ??2???v???e????N??l?????????D??????N??m???p????D?????11??????????????gencdrom?6???????k???p??03??Microsoft????????????H????????N??l???i????D1.7?????????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                   ???d?p????????????X??e??????????????*6to4mp?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?"???STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E6ABE800??????\\?\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}???????????T?????????????????????????????????s?????????2??????s????????????e??????????????????????????????????System??????NTIDrvr??????????????????i???????????<??????????????????????????????? ????????????????????????$????????? ???????e???????????????mnmsrvc????????A????????????????????? ????????????????????????????L?????????????????%ProgramData%\Microsoft\Windows\WER\* /s??????h?????????????????%systemroot%\Minidump\* /s?%systemroot%\memory.dmp??????????????????????????\hiberfil.sys????????&J?????????????????????????????C:\Windows\System32\MSDTC\MSDTC.Log???????L????????A????%windir%\softwaredistribution\*.* /s??????6?????????????%SystemRoot%\netlogon.chg???????%TEMP%\* /s?????? x?????????????????\System Volume Informat
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                  ???m?o??Microsoft??????????????????m????? ???????m?????m???????0????????????????????? ???????c??????sC??Imaging?????? ???????m???????????l?0????????"???????????0000.001d.0000.001.004.000.000.000.000?4???????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????N??m???4???????????????l?????????????????????????m????????????? ?????s?4???m??????????????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????6???????????h??????j?j?l?v?{???????m?????m????? ???????m?????m???????0????????????????????? ?m???m???m???m???m???m???m???m???m???m????????? ???????m???????????l?0??????????????????????N??????c?????DSC?????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????4??m????????h??????????s???u??Net????????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????*??m???????????????????????4???{?????????m????? ???????j?????m??????????????????c?????????? ???????m?????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                 ???mo??????.0???5???{4d36e972-e325-11ce-bfc1-08002be10318}\0000??e??{00000000-0000-0000-0000-000000000000}???????l??????????UMB??????????????o??????{71a27cdd-812a-11d0-bec7-08002be2092f}\0002???????<??m???~?g?2???l?l?????k?????l???l?????????h????????????R??s?????????n????STORAGE\VolumeSnapshot??????Net??p???????????????h???3??????{4d36e97d-e325-11ce-bfc1-08002be10318}\0003?????STORAGE\VolumeSnapshot???????????????e??????ot??*pnp0c0c?????????????????????????????k???l????????$??l???????????????????d???????\???????l???????t???????????????????l??? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????l?l???????l????? ???????l?????l???????0???????????????????????l???l????? ???????l???????????k?0?????????????????????????k???????6??netrasa.inf?? ???k?l????? ???????j?????l?????k????????????D?????????????*6to4mp?????????????? ???????l??????????????????????N??????????????????????????????????????????????l?&??{4d36e972-e325-11ce
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xDC 0xA0 0x30 0x7D ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xCF 0xAC 0x07 0x2F ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA0 0x6A 0x22 0xC8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x3C 0x5B 0x31 0xB1 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---



Der Download von MBRCheck.exe war mir leider nicht möglich. Die verlinkte Seite scheint offline zu sein.

Alt 27.05.2011, 17:40   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Falls mbrcheck noch down sein sollte, hier ein Ersatzlink => http://download.bleepingcomputer.com...l/MBRCheck.exe

Edit: hehe wir haben fast zeitgleich gepostet
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2011, 17:48   #14
Rider23
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



.. die Minute hat gereicht um mich verzweifeln zu lassen Wahah


Das Logfile von MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5940
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 197):
0x0324A000 \SystemRoot\system32\ntoskrnl.exe
0x03201000 \SystemRoot\system32\hal.dll
0x00BB9000 \SystemRoot\system32\kdcom.dll
0x00CFD000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D41000 \SystemRoot\system32\PSHED.dll
0x00D55000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E92000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F36000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010B0000 \SystemRoot\System32\Drivers\spsp.sys
0x011D6000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F45000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DF000 \SystemRoot\System32\drivers\partmgr.sys
0x011F4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0109D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F78000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F8D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x01273000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0138F000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01398000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013C2000 \SystemRoot\system32\drivers\amdxata.sys
0x01200000 \SystemRoot\system32\drivers\fltmgr.sys
0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys
0x0142F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00E1A000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016B6000 \SystemRoot\System32\Drivers\cng.sys
0x01729000 \SystemRoot\System32\drivers\pcw.sys
0x0173A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018C5000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01744000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0188B000 \SystemRoot\System32\Drivers\spldr.sys
0x019B7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01893000 \SystemRoot\System32\Drivers\mup.sys
0x018A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01790000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018AE000 \SystemRoot\system32\DRIVERS\disk.sys
0x017CA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D45000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D6F000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x02D78000 \SystemRoot\System32\Drivers\Null.SYS
0x02D81000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D88000 \SystemRoot\System32\drivers\vga.sys
0x02D96000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DBB000 \SystemRoot\System32\drivers\watchdog.sys
0x02DCB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DD4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DDD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DE6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04000000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0164A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DF1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04228000 \SystemRoot\system32\drivers\afd.sys
0x042B2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04300000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04326000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04335000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04350000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04364000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043B5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043C1000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x043D4000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x043DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x043E7000 \SystemRoot\System32\drivers\discache.sys
0x04200000 \SystemRoot\System32\Drivers\dfsc.sys
0x01668000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01679000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04459000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04817000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x044A9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0514B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05191000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x051B5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0459D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04400000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x05636000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x05BD6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05BDB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05600000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x0560C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0561B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0561D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0562C000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x051C6000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x05C6D000 \SystemRoot\System32\Drivers\afqdds1c.SYS
0x05CB2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05CBB000 \SystemRoot\system32\DRIVERS\enecir.sys
0x05CD8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05CEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05CFE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05D14000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05D38000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05D44000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05D73000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05D8E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05DAF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05DC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x05C43000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05C55000 \SystemRoot\system32\DRIVERS\umbus.sys
0x060E9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06143000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06158000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x06189000 \SystemRoot\system32\drivers\portcls.sys
0x061C6000 \SystemRoot\system32\drivers\drmk.sys
0x061E8000 \SystemRoot\system32\drivers\ksthunk.sys
0x06418000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06400000 \SystemRoot\system32\DRIVERS\hidir.sys
0x06000000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06019000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06022000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06030000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0603D000 \SystemRoot\System32\Drivers\FPSensor.sys
0x06049000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06066000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06074000 \SystemRoot\System32\drivers\Dxapi.sys
0x06080000 \SystemRoot\System32\Drivers\usbvideo.sys
0x060AE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x02C11000 \SystemRoot\system32\DRIVERS\udfs.sys
0x060BC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x026DF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02600000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02613000 \SystemRoot\system32\drivers\luafv.sys
0x02636000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02653000 \SystemRoot\system32\drivers\WudfPf.sys
0x02674000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02689000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x060CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02C65000 \SystemRoot\system32\drivers\HTTP.sys
0x051CE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05DE3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x013CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0289B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x028E9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0290C000 \SystemRoot\system32\drivers\peauth.sys
0x029B2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x029BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x029EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02800000 \??\C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
0x0282B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03CEA000 \SystemRoot\System32\DRIVERS\srv.sys
0x76CD0000 \Windows\System32\ntdll.dll
0x47F20000 \Windows\System32\smss.exe
0xFEFF0000 \Windows\System32\apisetschema.dll
0xFF840000 \Windows\System32\autochk.exe
0xFEF60000 \Windows\System32\shlwapi.dll
0xFEEC0000 \Windows\System32\comdlg32.dll
0xFEDE0000 \Windows\System32\oleaut32.dll
0xFEC60000 \Windows\System32\urlmon.dll
0xFEB50000 \Windows\System32\msctf.dll
0x76EA0000 \Windows\System32\psapi.dll
0xFEB40000 \Windows\System32\nsi.dll
0xFEA70000 \Windows\System32\usp10.dll
0xFE990000 \Windows\System32\advapi32.dll
0xFE730000 \Windows\System32\iertutil.dll
0xFE600000 \Windows\System32\rpcrt4.dll
0xFE560000 \Windows\System32\msvcrt.dll
0xFE510000 \Windows\System32\Wldap32.dll
0xFD780000 \Windows\System32\shell32.dll
0xFD760000 \Windows\System32\sechost.dll
0xFD730000 \Windows\System32\imm32.dll
0xFD690000 \Windows\System32\clbcatq.dll
0xFD4B0000 \Windows\System32\setupapi.dll
0xFD380000 \Windows\System32\wininet.dll
0xFD310000 \Windows\System32\gdi32.dll
0xFD290000 \Windows\System32\difxapi.dll
0xFD240000 \Windows\System32\ws2_32.dll
0x76BB0000 \Windows\System32\kernel32.dll
0xFD030000 \Windows\System32\ole32.dll
0xFD010000 \Windows\System32\imagehlp.dll
0x76E90000 \Windows\System32\normaliz.dll
0xFD000000 \Windows\System32\lpk.dll
0x76AB0000 \Windows\System32\user32.dll
0xFCFC0000 \Windows\System32\cfgmgr32.dll
0xFCE50000 \Windows\System32\crypt32.dll
0xFCDE0000 \Windows\System32\KernelBase.dll
0xFCDA0000 \Windows\System32\wintrust.dll
0xFCD00000 \Windows\System32\comctl32.dll
0xFCCE0000 \Windows\System32\devobj.dll
0xFCCD0000 \Windows\System32\msasn1.dll
0x75660000 \Windows\SysWOW64\normaliz.dll

Processes (total 72):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
548 csrss.exe
624 C:\Windows\System32\wininit.exe
648 csrss.exe
692 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\atiesrxx.exe
132 C:\Windows\System32\winlogon.exe
432 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\atieclxx.exe
1268 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\spoolsv.exe
1512 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1520 C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
1540 C:\Windows\System32\svchost.exe
1660 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1696 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1736 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
1816 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1848 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
1904 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1912 C:\Windows\System32\conhost.exe
1960 C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
2036 C:\Windows\System32\taskhost.exe
1252 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
1716 C:\Windows\System32\dwm.exe
2064 C:\Windows\explorer.exe
2228 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2304 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2312 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2328 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
2376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2500 C:\Windows\PLFSetI.exe
2612 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2636 C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
2644 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2768 C:\Windows\SysWOW64\PnkBstrA.exe
2792 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2872 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2904 C:\Windows\System32\svchost.exe
2932 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3140 C:\Windows\System32\SearchIndexer.exe
3400 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3416 C:\Program Files (x86)\Launch Manager\LManager.exe
3428 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
3436 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3492 C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
3516 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
3572 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3580 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3612 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3632 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3976 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
712 C:\Windows\System32\wbem\unsecapp.exe
1000 WmiPrvSE.exe
2120 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
4016 C:\Windows\System32\svchost.exe
1120 C:\Program Files\Windows Media Player\wmpnetwk.exe
3300 C:\Windows\System32\SearchProtocolHost.exe
3060 C:\Windows\System32\SearchFilterHost.exe
1280 dllhost.exe
1336 dllhost.exe
4532 C:\Users\Bundeshorst\Desktop\MBRCheck.exe
2028 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`e6abe800 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000003e`c5b00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001J

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F67775E30322C8C2E8473AF5533ABD011BA4C929


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Alt 27.05.2011, 17:59   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FakeAlert!fakealert-REP virus - Standard

FakeAlert!fakealert-REP virus



Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu FakeAlert!fakealert-REP virus
64-bit, 7-zip, avira, bho, c:\windows\system32\rundll32.exe, converter, cubase, desktop, ebay, error, excel, extras.txt, fehler, firefox, flash player, google, google chrome, home, install.exe, jdownloader, launch, logfile, microsoft office word, mozilla, mp3, nicht gefunden, office 2007, oldtimer, otl.txt, programm, realtek, registry, richtlinie, sched.exe, schädling, searchplugins, security, security update, server, shell32.dll, shortcut, software, sptd.sys, start menu, syswow64, trojaner, virus, webcheck



Ähnliche Themen: FakeAlert!fakealert-REP virus


  1. Life Security Platinum-Virus, TR/ATRAPS.Gen TR/ATRAPS2.Gen TR/Rogue.KD.684297.1 TR/Fakealert.uro
    Log-Analyse und Auswertung - 05.08.2012 (1)
  2. Bundespolizei 100 € Torjaner/Virus bzw. FakeAlert.AP
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (17)
  3. html FakeAlert AP
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (3)
  4. HTML/FakeAlert.AP Virus - brauche Hilfe ihn wieder los zu werden
    Log-Analyse und Auswertung - 29.03.2012 (11)
  5. tr/fakealert.grb.440
    Log-Analyse und Auswertung - 19.02.2012 (2)
  6. Trojaner FakeAlert
    Log-Analyse und Auswertung - 16.11.2011 (15)
  7. FakeAlert!grb
    Log-Analyse und Auswertung - 29.10.2011 (8)
  8. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  9. FakeAlert! gbr Trojan!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  10. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 05.06.2011 (36)
  11. FakeAlert!grb - Problem
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (20)
  12. TR/Fakealert.kit1
    Plagegeister aller Art und deren Bekämpfung - 19.05.2010 (23)
  13. DR/FakeAlert.SE' [dropper] - Wer ist das?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (17)
  14. TR/Fakealert.auf.2 Virenbefall!!!
    Log-Analyse und Auswertung - 16.01.2009 (4)
  15. TR/Fakealert.AAF ---? Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2008 (39)
  16. TR/Fakealert.AAF
    Mülltonne - 23.09.2008 (0)
  17. Smitfraud-c Trj.FakeAlert
    Log-Analyse und Auswertung - 20.11.2007 (1)

Zum Thema FakeAlert!fakealert-REP virus - Hallo! Es gibt zu diesem Trojaner zwar bereits ein Thema, was genau meine Problematik beinhaltet, aber ich will einfach nur 100% sicher gehen, dass ich mir da nicht doch einen - FakeAlert!fakealert-REP virus...
Archiv
Du betrachtest: FakeAlert!fakealert-REP virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.