Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Recovery eingefangen! (https://www.trojaner-board.de/99144-windows-recovery-eingefangen.html)

ezechiel32 16.05.2011 10:42
Windows Recovery eingefangen!
 
Hallo,

ich bin durch eine Google-Suche auf dieses Forum aufmerksam geworden. Mir ist aufgefallen, dass hier auch kompletten Computer-Laien wie mir kompetent geholfen wird. Hier von meiner Seite erst einmal großes Lob!

Heute Morgen hat mich auf meinem Rechner nach dem Hochfahren ein schwarzer Bildschirm und ein sogenanntes "Windows Recovery" Fenster erwartet und mir kundgetan, dass mein PC kritische Festplatten-Probleme, etc. hätte.

Nach einer Suche zu diesem Thema bin ich auf eure Anleitung gestoßen: "Windows Recovery entfernen"

Diese Schritte habe ich nun abgearbeitet. Wiindows Recovery scheint entfernt, jedoch sitze ich immer noch einem schwarzen Desktop gegenüber incl. immer noch versteckter Desktop-Symbole und auch meine Task-Leiste besteht überwiegend aus weißen Blättern statt programmspezifischen Symbolen.
Ich hoffe ihr könnt mir bei diesem Problem weiterhelfen.

Vielen Dank schon mal im Voraus für die Hilfe

Im Anhang nun die Log-Files von Malwarebytes und OTL

cosinus 16.05.2011 14:32
Zitat:
SRV - [2011.04.30 11:14:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.29 10:10:00 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
Comodo und AntiVir zusammen? Sollte man nicht tun. Ich würde Comodo deinstallieren an deiner Stelle.
Deinstallier bei der Gelegenheit auch alle besch... Toolbars (falls vorhanden) und andere sinnfreie/unnötige Software.

Mach danach ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ezechiel32 16.05.2011 15:54
Vielen Dank für die schnelle Antwort.

OK Comodo ist weg. Soweit möglich hab ich jetzt auch weitere unnötige Software entfernt.

Hier nun die neue OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 16.05.2011 16:45:12 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\boelzebub\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 85,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 288 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,92 Gb Total Space | 111,32 Gb Free Space | 44,90% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 123,19 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 156,41 Gb Free Space | 32,03% Space Free | Partition Type: NTFS
 
Computer Name: BOELZEBUB-PC | User Name: boelzebub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008.04.15 12:31:48 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
PRC - [2007.01.19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.02 21:41:14 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.04 16:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.04.01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.04.01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.07 17:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.01.06 20:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.01.02 11:43:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.01.02 11:43:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.02 11:32:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2008.11.04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.11.04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2008.11.04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2008.11.04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2008.11.04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2008.09.09 12:41:12 | 000,047,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2008.09.09 12:40:48 | 000,926,208 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D A5 44 0B A5 13 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.13 10:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.13 10:54:25 | 000,000,000 | ---D | M]
 
[2011.05.16 16:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\boelzebub\AppData\Roaming\mozilla\Extensions
[2010.08.03 11:55:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\boelzebub\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.16 16:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.05 09:04:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 05:21:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 15:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.04 08:25:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.12 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.03 03:47:42 | 000,292,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\nppanda3d.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.16 16:24:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.16 15:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.16 15:48:50 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.05.16 15:48:50 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.05.16 15:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.16 11:05:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe
[2011.05.16 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\boelzebub\AppData\Roaming\Malwarebytes
[2011.05.16 08:37:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.16 08:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.16 08:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.16 08:37:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.16 08:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.16 07:31:31 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.16 07:30:04 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\COMODO
[2011.05.11 08:56:13 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\Platinum
[2011.05.11 08:51:01 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\EmeraldSword - Moderate
[2011.05.09 08:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quests and Legends
[2011.05.08 17:11:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\FreeRIP
[2011.05.08 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
[2011.05.08 17:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeRIP3
[2011.05.04 16:26:11 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.05.04 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011.05.04 11:11:33 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011.05.04 11:05:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Comodo
[2011.05.04 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.04 10:41:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.04 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.05.04 08:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2011.05.04 08:20:41 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC
[2011.05.03 10:13:58 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\Panda3D
[2011.05.03 10:13:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Panda3D
[2011.05.02 11:22:01 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\NFG Downloads
[2011.05.02 11:16:41 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\NFG Home
[2011.05.02 11:16:40 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber
[2011.05.02 11:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSBR-Software
[2011.05.02 11:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\News File Grabber
[2011.04.22 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2010.04.21 19:17:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC64A.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.16 16:40:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000UA.job
[2011.05.16 16:30:12 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 16:30:12 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 16:22:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.16 16:22:08 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.16 16:21:27 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011.05.16 15:48:55 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.16 15:44:01 | 000,001,500 | ---- | M] () -- C:\Windows\SysNative\.ini
[2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe
[2011.05.16 08:37:27 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.16 08:05:13 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 08:05:13 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 08:05:13 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 08:05:13 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 08:05:13 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.16 07:39:22 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000Core.job
[2011.05.16 07:31:39 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44883704r
[2011.05.16 07:31:39 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44883704
[2011.05.16 07:31:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44883704
[2011.05.08 17:12:50 | 000,001,492 | -H-- | M] () -- C:\ProgramData\ss.ini
[2011.05.08 17:10:40 | 000,001,020 | -H-- | M] () -- C:\Users\boelzebub\Desktop\FreeRIP.lnk
[2011.05.06 09:22:50 | 000,007,618 | -H-- | M] () -- C:\Users\boelzebub\AppData\Local\Resmon.ResmonCfg
[2011.05.04 16:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.05.04 10:41:50 | 000,168,712 | -H-- | M] () -- C:\Users\boelzebub\Documents\cc_20110504_104134.reg
[2011.05.04 08:21:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.16 15:48:55 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.16 15:44:01 | 000,001,500 | ---- | C] () -- C:\Windows\SysNative\.ini
[2011.05.16 08:37:27 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.16 07:31:39 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44883704r
[2011.05.16 07:31:39 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44883704
[2011.05.16 07:31:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44883704
[2011.05.08 17:12:50 | 000,001,492 | -H-- | C] () -- C:\ProgramData\ss.ini
[2011.05.08 17:10:40 | 000,001,746 | -H-- | C] () -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickStores.lnk
[2011.05.08 17:10:40 | 000,001,020 | -H-- | C] () -- C:\Users\boelzebub\Desktop\FreeRIP.lnk
[2011.05.06 09:22:50 | 000,007,618 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\Resmon.ResmonCfg
[2011.05.04 11:10:42 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011.05.04 10:41:37 | 000,168,712 | -H-- | C] () -- C:\Users\boelzebub\Documents\cc_20110504_104134.reg
[2011.05.04 08:20:44 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001467.LCS
[2011.02.27 21:11:37 | 000,011,264 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 23:08:55 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.05 23:08:49 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.19 16:20:03 | 000,000,075 | -H-- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.09.22 16:05:00 | 000,000,097 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\fusioncache.dat
[2010.04.20 22:18:46 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009.11.29 20:40:59 | 001,604,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.06 22:06:02 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll
[2009.11.06 22:06:02 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.11.01 18:10:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\2K Sports
[2011.02.03 21:31:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Amazon
[2010.01.24 19:35:28 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Babylon
[2010.07.16 17:36:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\BlackBean
[2010.04.01 08:15:43 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Bump Technologies, Inc
[2010.01.02 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DAEMON Tools Lite
[2010.01.24 01:56:15 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\fltk.org
[2011.05.04 11:09:29 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Free Download Manager
[2010.04.20 22:18:46 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\FreeAudioPack
[2010.12.05 23:06:27 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Leadertech
[2010.08.12 12:58:20 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade
[2010.05.09 01:41:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade Warband
[2010.04.20 18:53:16 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Swift Sound
[2011.05.02 11:16:40 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber
[2011.05.04 08:20:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC
[2011.04.16 11:21:24 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Software4u
[2010.04.21 20:37:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Sony
[2010.08.19 14:08:11 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Subversion
[2010.08.03 11:55:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\TomTom
[2010.09.24 10:20:44 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Turbine
[2009.12.05 18:02:31 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Ubisoft
[2011.03.27 22:28:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\uTorrent
[2011.04.16 11:18:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WindSolutions
[2011.03.30 07:20:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.01 18:10:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\2K Sports
[2010.03.10 08:08:50 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Adobe
[2011.02.03 21:31:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Amazon
[2011.04.16 11:26:14 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Apple Computer
[2010.01.24 19:35:28 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Babylon
[2010.07.16 17:36:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\BlackBean
[2010.04.01 08:15:43 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Bump Technologies, Inc
[2010.01.02 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DAEMON Tools Lite
[2011.05.03 10:18:37 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DivX
[2010.07.19 09:13:37 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\dvdcss
[2010.01.24 01:56:15 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\fltk.org
[2011.05.04 11:09:29 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Free Download Manager
[2010.04.20 22:18:46 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\FreeAudioPack
[2009.10.31 20:26:50 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Identities
[2009.11.06 22:05:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\InstallShield
[2010.12.05 23:06:27 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Leadertech
[2009.11.09 09:50:22 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Macromedia
[2011.05.16 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\boelzebub\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Media Center Programs
[2011.02.28 22:34:40 | 000,000,000 | --SD | M] -- C:\Users\boelzebub\AppData\Roaming\Microsoft
[2010.08.12 12:58:20 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade
[2010.05.09 01:41:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade Warband
[2011.05.16 16:04:54 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mozilla
[2009.12.24 13:51:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Software
[2010.04.20 18:53:16 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Swift Sound
[2011.05.02 11:16:40 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber
[2010.05.31 13:56:21 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NVIDIA
[2011.05.04 08:20:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC
[2011.04.16 11:21:24 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Software4u
[2010.04.21 20:37:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Sony
[2010.08.19 14:08:11 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Subversion
[2010.08.03 11:55:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\TomTom
[2010.09.24 10:20:44 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Turbine
[2009.12.05 18:02:31 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Ubisoft
[2011.03.27 22:28:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\uTorrent
[2011.03.09 21:44:25 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\vlc
[2011.04.16 11:18:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WindSolutions
[2011.02.15 09:32:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.02 10:11:08 | 002,788,816 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.05.04 09:39:48 | 001,431,160 | -H-- | M] (Phoenix Studio) -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\The_World.exe
[2011.04.16 11:18:45 | 003,461,672 | -H-- | M] (WindSolutions) -- C:\Users\boelzebub\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\boelzebub\AppData\Local\Temp\RarSFX1\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\boelzebub\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 16.05.2011 20:26
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell\AutoRun\command - "" = N:\Autorun.exe
[2011.05.16 07:31:31 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.16 07:30:04 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\COMODO
[2011.05.04 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011.05.16 07:31:39 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44883704r
[2011.05.16 07:31:39 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44883704
[2011.05.16 07:31:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44883704
[2011.05.04 08:21:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS
[2011.05.08 17:12:50 | 000,001,492 | -H-- | C] () -- C:\ProgramData\ss.ini
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

ezechiel32 16.05.2011 21:13
OK ist erledigt


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found.
File N:\Autorun.exe not found.
C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.
C:\Users\boelzebub\AppData\Local\COMODO\.tmp folder moved successfully.
C:\Users\boelzebub\AppData\Local\COMODO folder moved successfully.
C:\Users\Public\Documents\COMODO\vaplugin folder moved successfully.
C:\Users\Public\Documents\COMODO\temp folder moved successfully.
C:\Users\Public\Documents\COMODO\binaries folder moved successfully.
C:\Users\Public\Documents\COMODO folder moved successfully.
C:\ProgramData\~44883704r moved successfully.
C:\ProgramData\~44883704 moved successfully.
C:\ProgramData\44883704 moved successfully.
C:\Users\Public\Documents\00001467.LCS moved successfully.
C:\ProgramData\ss.ini moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05162011_221411

cosinus 16.05.2011 21:23
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ezechiel32 16.05.2011 21:57
Hier der Kaspersky Report:


2011/05/16 22:58:11.0866 2624 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 22:58:12.0174 2624 ================================================================================
2011/05/16 22:58:12.0174 2624 SystemInfo:
2011/05/16 22:58:12.0174 2624
2011/05/16 22:58:12.0174 2624 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/16 22:58:12.0174 2624 Product type: Workstation
2011/05/16 22:58:12.0174 2624 ComputerName: BOELZEBUB-PC
2011/05/16 22:58:12.0175 2624 UserName: boelzebub
2011/05/16 22:58:12.0175 2624 Windows directory: C:\Windows
2011/05/16 22:58:12.0175 2624 System windows directory: C:\Windows
2011/05/16 22:58:12.0175 2624 Running under WOW64
2011/05/16 22:58:12.0175 2624 Processor architecture: Intel x64
2011/05/16 22:58:12.0175 2624 Number of processors: 8
2011/05/16 22:58:12.0175 2624 Page size: 0x1000
2011/05/16 22:58:12.0175 2624 Boot type: Normal boot
2011/05/16 22:58:12.0175 2624 ================================================================================
2011/05/16 22:58:12.0522 2624 Initialize success
2011/05/16 22:58:24.0614 0720 ================================================================================
2011/05/16 22:58:24.0614 0720 Scan started
2011/05/16 22:58:24.0614 0720 Mode: Manual;
2011/05/16 22:58:24.0614 0720 ================================================================================
2011/05/16 22:58:25.0333 0720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/16 22:58:25.0384 0720 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
2011/05/16 22:58:25.0433 0720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/16 22:58:25.0467 0720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/16 22:58:25.0526 0720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 22:58:25.0563 0720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 22:58:25.0594 0720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 22:58:25.0651 0720 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/16 22:58:25.0682 0720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/16 22:58:25.0712 0720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/16 22:58:25.0731 0720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/16 22:58:25.0749 0720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 22:58:25.0767 0720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 22:58:25.0789 0720 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 22:58:25.0807 0720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 22:58:25.0829 0720 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 22:58:25.0881 0720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/16 22:58:25.0924 0720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 22:58:25.0946 0720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 22:58:25.0995 0720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 22:58:26.0010 0720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/16 22:58:26.0048 0720 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/16 22:58:26.0119 0720 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/16 22:58:26.0178 0720 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/16 22:58:26.0216 0720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 22:58:26.0249 0720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 22:58:26.0285 0720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 22:58:26.0324 0720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 22:58:26.0353 0720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 22:58:26.0361 0720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 22:58:26.0381 0720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 22:58:26.0396 0720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/16 22:58:26.0410 0720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 22:58:26.0420 0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 22:58:26.0431 0720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/16 22:58:26.0442 0720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 22:58:26.0466 0720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 22:58:26.0491 0720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 22:58:26.0507 0720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 22:58:26.0539 0720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 22:58:26.0588 0720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 22:58:26.0609 0720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/16 22:58:26.0653 0720 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/16 22:58:26.0669 0720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 22:58:26.0702 0720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/16 22:58:26.0716 0720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 22:58:26.0754 0720 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/16 22:58:26.0821 0720 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/16 22:58:26.0859 0720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 22:58:26.0871 0720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 22:58:26.0905 0720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 22:58:26.0941 0720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 22:58:26.0965 0720 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/16 22:58:26.0993 0720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 22:58:27.0079 0720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 22:58:27.0132 0720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 22:58:27.0162 0720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/16 22:58:27.0199 0720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 22:58:27.0223 0720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 22:58:27.0245 0720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 22:58:27.0269 0720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 22:58:27.0282 0720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 22:58:27.0292 0720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 22:58:27.0331 0720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 22:58:27.0357 0720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 22:58:27.0392 0720 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/16 22:58:27.0403 0720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 22:58:27.0442 0720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 22:58:27.0461 0720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 22:58:27.0518 0720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/16 22:58:27.0564 0720 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/16 22:58:27.0585 0720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 22:58:27.0652 0720 hcw95bda (2373992cd449bdcb01ca73a0fcaa0e5e) C:\Windows\system32\Drivers\hcw95bda.sys
2011/05/16 22:58:27.0703 0720 hcw95rc (1a01da384414277fc1f22105fb126a65) C:\Windows\system32\DRIVERS\hcw95rc.sys
2011/05/16 22:58:27.0757 0720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 22:58:27.0795 0720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/16 22:58:27.0807 0720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 22:58:27.0831 0720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 22:58:27.0852 0720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 22:58:27.0879 0720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 22:58:27.0915 0720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/16 22:58:27.0959 0720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 22:58:27.0989 0720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 22:58:28.0014 0720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/16 22:58:28.0041 0720 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 22:58:28.0067 0720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 22:58:28.0098 0720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/16 22:58:28.0120 0720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 22:58:28.0140 0720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 22:58:28.0170 0720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/16 22:58:28.0197 0720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 22:58:28.0227 0720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 22:58:28.0258 0720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/16 22:58:28.0281 0720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/16 22:58:28.0318 0720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 22:58:28.0346 0720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 22:58:28.0364 0720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 22:58:28.0396 0720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 22:58:28.0417 0720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 22:58:28.0485 0720 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/16 22:58:28.0521 0720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 22:58:28.0550 0720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 22:58:28.0563 0720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 22:58:28.0588 0720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 22:58:28.0627 0720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 22:58:28.0659 0720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 22:58:28.0681 0720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 22:58:28.0702 0720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 22:58:28.0741 0720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 22:58:28.0759 0720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 22:58:28.0776 0720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 22:58:28.0787 0720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 22:58:28.0802 0720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 22:58:28.0824 0720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/16 22:58:28.0845 0720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 22:58:28.0877 0720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 22:58:28.0910 0720 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 22:58:28.0940 0720 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 22:58:28.0962 0720 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 22:58:28.0982 0720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/16 22:58:28.0999 0720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/16 22:58:29.0028 0720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 22:58:29.0046 0720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 22:58:29.0067 0720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/16 22:58:29.0115 0720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 22:58:29.0136 0720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 22:58:29.0147 0720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 22:58:29.0189 0720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 22:58:29.0212 0720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/16 22:58:29.0221 0720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 22:58:29.0243 0720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 22:58:29.0290 0720 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/05/16 22:58:29.0314 0720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 22:58:29.0357 0720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 22:58:29.0409 0720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 22:58:29.0441 0720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 22:58:29.0472 0720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 22:58:29.0503 0720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 22:58:29.0532 0720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 22:58:29.0558 0720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 22:58:29.0577 0720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 22:58:29.0610 0720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 22:58:29.0708 0720 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/05/16 22:58:29.0756 0720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 22:58:29.0779 0720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 22:58:29.0807 0720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 22:58:29.0864 0720 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 22:58:29.0893 0720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 22:58:30.0114 0720 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/16 22:58:30.0207 0720 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 22:58:30.0236 0720 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 22:58:30.0284 0720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/16 22:58:30.0327 0720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/16 22:58:30.0376 0720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 22:58:30.0411 0720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 22:58:30.0445 0720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/16 22:58:30.0460 0720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/16 22:58:30.0488 0720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 22:58:30.0510 0720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 22:58:30.0536 0720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 22:58:30.0620 0720 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
2011/05/16 22:58:30.0668 0720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 22:58:30.0692 0720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 22:58:30.0752 0720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 22:58:30.0784 0720 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
2011/05/16 22:58:30.0830 0720 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
2011/05/16 22:58:30.0870 0720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 22:58:30.0913 0720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 22:58:30.0949 0720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 22:58:30.0974 0720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 22:58:31.0008 0720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 22:58:31.0046 0720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 22:58:31.0078 0720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 22:58:31.0099 0720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 22:58:31.0140 0720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 22:58:31.0155 0720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 22:58:31.0169 0720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 22:58:31.0200 0720 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/16 22:58:31.0226 0720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 22:58:31.0245 0720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 22:58:31.0281 0720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 22:58:31.0313 0720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 22:58:31.0355 0720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 22:58:31.0391 0720 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/16 22:58:31.0444 0720 s1018bus (0eecd4b43eb917bd08bbe1738d7ecb11) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/05/16 22:58:31.0479 0720 s1018mdfl (6f892723f1f694430f86e5fa01763c8a) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/05/16 22:58:31.0498 0720 s1018mdm (f7cfc8ac6f7f5f34721e6d10098c7aa3) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/05/16 22:58:31.0520 0720 s1018mgmt (455f361d8d605f059c83ab1016ad0e00) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/05/16 22:58:31.0542 0720 s1018nd5 (3f69ca63b7157885abbe8f4d559aec8a) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/05/16 22:58:31.0568 0720 s1018obex (fd370af1c196e2b339ea32819bec1b9a) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/05/16 22:58:31.0602 0720 s1018unic (0a46da0b8b162af0efb33bea11a6ef3a) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/05/16 22:58:31.0635 0720 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/16 22:58:31.0660 0720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/16 22:58:31.0693 0720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 22:58:31.0717 0720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 22:58:31.0752 0720 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/05/16 22:58:31.0768 0720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 22:58:31.0793 0720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 22:58:31.0821 0720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 22:58:31.0858 0720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/16 22:58:31.0873 0720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/16 22:58:31.0892 0720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/16 22:58:31.0902 0720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 22:58:31.0933 0720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 22:58:31.0955 0720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 22:58:31.0989 0720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 22:58:32.0013 0720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 22:58:32.0068 0720 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/05/16 22:58:32.0068 0720 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/05/16 22:58:32.0073 0720 sptd - detected LockedFile.Multi.Generic (1)
2011/05/16 22:58:32.0114 0720 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 22:58:32.0138 0720 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 22:58:32.0163 0720 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 22:58:32.0192 0720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 22:58:32.0224 0720 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/16 22:58:32.0244 0720 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/16 22:58:32.0260 0720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/16 22:58:32.0323 0720 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 22:58:32.0364 0720 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 22:58:32.0404 0720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 22:58:32.0425 0720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 22:58:32.0442 0720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 22:58:32.0484 0720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 22:58:32.0507 0720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/16 22:58:32.0559 0720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 22:58:32.0582 0720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/16 22:58:32.0621 0720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 22:58:32.0637 0720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 22:58:32.0668 0720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 22:58:32.0716 0720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/16 22:58:32.0743 0720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/05/16 22:58:32.0765 0720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 22:58:32.0823 0720 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/16 22:58:32.0868 0720 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/05/16 22:58:32.0905 0720 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 22:58:32.0941 0720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/16 22:58:32.0968 0720 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/16 22:58:32.0998 0720 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/05/16 22:58:33.0026 0720 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/16 22:58:33.0059 0720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 22:58:33.0100 0720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 22:58:33.0122 0720 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/16 22:58:33.0148 0720 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/16 22:58:33.0197 0720 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
2011/05/16 22:58:33.0237 0720 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/16 22:58:33.0256 0720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/16 22:58:33.0282 0720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 22:58:33.0300 0720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 22:58:33.0322 0720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/16 22:58:33.0357 0720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/16 22:58:33.0395 0720 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/16 22:58:33.0411 0720 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/16 22:58:33.0432 0720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/16 22:58:33.0465 0720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 22:58:33.0482 0720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/16 22:58:33.0513 0720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 22:58:33.0538 0720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 22:58:33.0557 0720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 22:58:33.0586 0720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 22:58:33.0617 0720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:58:33.0627 0720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:58:33.0654 0720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 22:58:33.0684 0720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 22:58:33.0727 0720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 22:58:33.0750 0720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 22:58:33.0813 0720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 22:58:33.0839 0720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/16 22:58:33.0868 0720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 22:58:33.0908 0720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 22:58:33.0932 0720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 22:58:33.0990 0720 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
2011/05/16 22:58:34.0048 0720 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/16 22:58:34.0125 0720 ================================================================================
2011/05/16 22:58:34.0125 0720 Scan finished
2011/05/16 22:58:34.0125 0720 ================================================================================
2011/05/16 22:58:34.0134 2340 Detected object count: 1
2011/05/16 22:58:50.0054 2340 LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus 16.05.2011 21:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ezechiel32 16.05.2011 22:12
Combo-Fix-Log:

Combofix Logfile:
Code:
ComboFix 11-05-16.01 - boelzebub 16.05.2011  23:09:44.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.12279.10365 [GMT 2:00]
ausgeführt von:: c:\users\boelzebub\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeC64A.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 21:12 . 2011-05-16 21:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-16 20:14 . 2011-05-16 20:14        --------        d-----w-        C:\_OTL
2011-05-16 19:09 . 2011-05-16 19:09        --------        d-----w-        c:\users\boelzebub\AppData\Roaming\Avira
2011-05-16 13:48 . 2011-05-16 13:48        --------        d-----w-        c:\programdata\Avira
2011-05-16 13:48 . 2011-04-01 15:07        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-05-16 13:48 . 2011-04-01 15:07        116568        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-05-16 06:37 . 2011-05-16 06:37        --------        d-----w-        c:\users\boelzebub\AppData\Roaming\Malwarebytes
2011-05-16 06:37 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-16 06:37 . 2011-05-16 06:37        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-16 06:37 . 2011-05-16 08:34        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-16 06:37 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-12 05:23 . 2011-04-09 07:02        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-12 05:23 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 05:23 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 15:11 . 2011-05-08 15:11        --------        d-----w-        c:\programdata\FreeRIP
2011-05-08 15:10 . 2011-05-08 15:12        --------        d-----w-        c:\program files (x86)\FreeRIP3
2011-05-04 14:26 . 2011-05-04 14:26        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-04 09:11 . 2011-05-16 05:29        --------        d-----w-        C:\VritualRoot
2011-05-04 09:05 . 2011-05-04 09:13        --------        d-----w-        c:\programdata\Comodo
2011-05-04 09:04 . 2011-05-04 09:04        1700352        ----a-w-        c:\windows\SysWow64\gdiplus.dll
2011-05-04 08:41 . 2011-05-04 08:41        --------        d-----w-        c:\program files\CCleaner
2011-05-04 07:39 . 2011-05-04 07:39        1431160        ----a-w-        c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\The_World.exe
2011-05-04 06:21 . 2011-05-04 06:21        --------        d-----w-        c:\program files (x86)\ProtectDisc Driver Installer
2011-05-04 06:20 . 2011-05-04 06:20        --------        d-----w-        c:\users\boelzebub\AppData\Roaming\ProtectDISC
2011-05-04 05:28 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B353EE0-ED20-469B-B8C8-E7C56C16990F}\mpengine.dll
2011-05-03 08:13 . 2011-05-03 08:18        --------        d-----w-        c:\users\boelzebub\AppData\Local\Panda3D
2011-05-03 08:13 . 2011-03-03 01:47        292520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppanda3d.dll
2011-05-03 08:13 . 2011-05-03 08:13        --------        d-----w-        c:\program files (x86)\Panda3D
2011-05-02 09:16 . 2011-05-02 09:16        --------        d-----w-        c:\users\boelzebub\AppData\Roaming\News File Grabber
2011-05-02 09:16 . 2011-05-02 09:16        --------        d-----w-        c:\program files (x86)\RSBR-Software
2011-04-22 18:03 . 2011-04-22 18:03        --------        d-----w-        c:\program files (x86)\KONAMI
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 15:16 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-12 15:16 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-11 13:29 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 06:34 . 2011-04-15 10:53        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 10:53        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 10:53        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-15 10:53        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-15 10:52        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 10:52        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-15 10:53        1188864        ----a-w-        c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-15 10:53        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-15 10:53        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-15 10:53        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-03-03 06:24 . 2011-04-15 10:52        183296        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-15 10:52        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-15 10:52        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-15 10:53        3135488        ----a-w-        c:\windows\system32\win32k.sys
2011-02-23 04:56 . 2011-04-15 10:51        158208        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-15 10:53        467456        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-15 10:53        411648        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-15 10:53        167936        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-15 10:51        287744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-15 10:51        128000        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-15 10:51        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-11 10:56        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-11 10:56        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-11 10:56        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-15 10:53        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-15 10:53        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-11 10:56        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-11 10:56        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-15 10:53        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-15 10:53        294912        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-02-18 14:36 . 2011-02-18 14:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-18 10:56 . 2011-04-15 10:54        613376        ----a-w-        c:\windows\system32\vbscript.dll
2011-02-18 05:43 . 2011-04-15 10:54        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="c:\program files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 npkusvc;npkusvc;c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\5400_25324\npkusvc.exe  [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000Core.job
- c:\users\boelzebub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-30 05:15]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000UA.job
- c:\users\boelzebub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-30 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Dragon Age Redesigned© - c:\users\boelzebub\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-16  23:13:18
ComboFix-quarantined-files.txt  2011-05-16 21:13
.
Vor Suchlauf: 12 Verzeichnis(se), 143.425.875.968 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 143.366.410.240 Bytes frei
.
- - End Of File - - 9B078A12BBE6024CDF3C4DE54679FDF9
--- --- ---

cosinus 16.05.2011 22:19
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ezechiel32 16.05.2011 22:38
Hier das GMER Log:

GMER Logfile:
Code:
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-16 23:37:15
Windows 6.1.7601 Service Pack 1
Running: 6qlbl0gv.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x7D 0x41 0x4C 0xF5 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xC6 0x5E 0x1C 0xEB ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x58 0xB7 0x09 0x25 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xD2 0x9F 0x91 0x6B ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x7D 0x41 0x4C 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xC6 0x5E 0x1C 0xEB ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x58 0xB7 0x09 0x25 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xD2 0x9F 0x91 0x6B ...

---- EOF - GMER 1.0.15 ----
--- --- ---


Und hier der MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x00000f7c

Kernel Drivers (total 201):
0x02E61000 \SystemRoot\system32\ntoskrnl.exe
0x02E18000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00C1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6B000 \SystemRoot\system32\PSHED.dll
0x00C7F000 \SystemRoot\system32\CLFS.SYS
0x00CDD000 \SystemRoot\system32\CI.dll
0x00E17000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EBB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECA000 \SystemRoot\System32\Drivers\spuh.sys
0x00FF0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00D9D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x010F2000 \SystemRoot\system32\drivers\ACPI.sys
0x01149000 \SystemRoot\system32\drivers\msisadrv.sys
0x01153000 \SystemRoot\system32\drivers\vdrvroot.sys
0x01160000 \SystemRoot\system32\drivers\pci.sys
0x01193000 \SystemRoot\System32\drivers\partmgr.sys
0x011A8000 \SystemRoot\system32\drivers\volmgr.sys
0x01000000 \SystemRoot\System32\drivers\volmgrx.sys
0x0105C000 \SystemRoot\system32\drivers\pciide.sys
0x01063000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01073000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108D000 \SystemRoot\system32\drivers\vmbus.sys
0x010C9000 \SystemRoot\system32\drivers\winhv.sys
0x010DD000 \SystemRoot\system32\drivers\atapi.sys
0x011BD000 \SystemRoot\system32\drivers\ataport.SYS
0x011E7000 \SystemRoot\system32\drivers\amdxata.sys
0x012AF000 \SystemRoot\system32\drivers\fltmgr.sys
0x012FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01417000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0130F000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0136D000 \SystemRoot\System32\Drivers\cng.sys
0x015D5000 \SystemRoot\System32\drivers\pcw.sys
0x015E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0166C000 \SystemRoot\system32\drivers\ndis.sys
0x0175F000 \SystemRoot\system32\drivers\NETIO.SYS
0x017BF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018DE000 \SystemRoot\System32\drivers\tcpip.sys
0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B2C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B3C000 \SystemRoot\system32\drivers\volsnap.sys
0x01B88000 \SystemRoot\System32\Drivers\spldr.sys
0x01B90000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BCA000 \SystemRoot\System32\Drivers\mup.sys
0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018B6000 \SystemRoot\System32\Drivers\Null.SYS
0x018BF000 \SystemRoot\System32\Drivers\Beep.SYS
0x018C6000 \SystemRoot\System32\drivers\vga.sys
0x0162A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BE5000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0164F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01658000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01222000 \SystemRoot\system32\drivers\afd.sys
0x04030000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04075000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0407E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040A4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x040BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040C9000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x0410C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04127000 \SystemRoot\system32\drivers\termdd.sys
0x0413B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04198000 \SystemRoot\system32\drivers\mssmbios.sys
0x041A3000 \SystemRoot\System32\drivers\discache.sys
0x02E1F000 \SystemRoot\system32\drivers\csc.sys
0x02EA2000 \SystemRoot\System32\Drivers\dfsc.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02ED1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02EF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F19000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F275000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF9F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x06EBA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06FAE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06E00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06E0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x06E63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x06E74000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FFA1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0F200000 \SystemRoot\system32\drivers\1394ohci.sys
0x06E98000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06EA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0F23E000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0F24E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F2F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06EAD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F53000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F82000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02F9D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06FF4000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x0F264000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02FE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E00000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x0F26F000 \SystemRoot\system32\drivers\swenum.sys
0x041B2000 \SystemRoot\system32\drivers\ks.sys
0x02E0C000 \SystemRoot\system32\drivers\umbus.sys
0x078AC000 \SystemRoot\system32\drivers\usbhub.sys
0x07906000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0791B000 \SystemRoot\system32\drivers\HdAudio.sys
0x07977000 \SystemRoot\system32\drivers\portcls.sys
0x079B4000 \SystemRoot\system32\drivers\drmk.sys
0x079D6000 \SystemRoot\system32\drivers\ksthunk.sys
0x079DC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x079EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x079F6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07813000 \SystemRoot\System32\drivers\Dxapi.sys
0x0781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0783C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0783E000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07850000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07859000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07867000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07880000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0788E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0789B000 \SystemRoot\system32\DRIVERS\point64.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x020D2000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x021AE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x021BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x021C9000 \SystemRoot\system32\drivers\luafv.sys
0x02000000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0201D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0203E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02053000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x020A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x020B9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0C2DE000 \SystemRoot\system32\drivers\HTTP.sys
0x0C3A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0C3C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0C200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0C22D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0C27A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0C648000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x0C6A2000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x0C6F1000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0C6FE000 \SystemRoot\system32\drivers\peauth.sys
0x0C7A4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C7AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0C7E0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0CA85000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0CAEF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0CB87000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0CA71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0CBD6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77A10000 \Windows\System32\ntdll.dll
0x47DB0000 \Windows\System32\smss.exe
0xFFD30000 \Windows\System32\apisetschema.dll
0xFF720000 \Windows\System32\autochk.exe
0xFFC80000 \Windows\System32\msvcrt.dll
0xFFC00000 \Windows\System32\difxapi.dll
0xFFAD0000 \Windows\System32\wininet.dll
0xFFAC0000 \Windows\System32\lpk.dll
0xFF990000 \Windows\System32\rpcrt4.dll
0x77910000 \Windows\System32\user32.dll
0xFF910000 \Windows\System32\shlwapi.dll

cosinus 16.05.2011 22:53
Das mbrcheck-Log ist nicht vollständig

ezechiel32 16.05.2011 23:01
Tut mir leid. Da war ich wohl ein bischen ungeduldig :-)

Hier nun vollständig:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x00000f7c

Kernel Drivers (total 201):
0x02E61000 \SystemRoot\system32\ntoskrnl.exe
0x02E18000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00C1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6B000 \SystemRoot\system32\PSHED.dll
0x00C7F000 \SystemRoot\system32\CLFS.SYS
0x00CDD000 \SystemRoot\system32\CI.dll
0x00E17000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EBB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECA000 \SystemRoot\System32\Drivers\spuh.sys
0x00FF0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00D9D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x010F2000 \SystemRoot\system32\drivers\ACPI.sys
0x01149000 \SystemRoot\system32\drivers\msisadrv.sys
0x01153000 \SystemRoot\system32\drivers\vdrvroot.sys
0x01160000 \SystemRoot\system32\drivers\pci.sys
0x01193000 \SystemRoot\System32\drivers\partmgr.sys
0x011A8000 \SystemRoot\system32\drivers\volmgr.sys
0x01000000 \SystemRoot\System32\drivers\volmgrx.sys
0x0105C000 \SystemRoot\system32\drivers\pciide.sys
0x01063000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01073000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108D000 \SystemRoot\system32\drivers\vmbus.sys
0x010C9000 \SystemRoot\system32\drivers\winhv.sys
0x010DD000 \SystemRoot\system32\drivers\atapi.sys
0x011BD000 \SystemRoot\system32\drivers\ataport.SYS
0x011E7000 \SystemRoot\system32\drivers\amdxata.sys
0x012AF000 \SystemRoot\system32\drivers\fltmgr.sys
0x012FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01417000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0130F000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0136D000 \SystemRoot\System32\Drivers\cng.sys
0x015D5000 \SystemRoot\System32\drivers\pcw.sys
0x015E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0166C000 \SystemRoot\system32\drivers\ndis.sys
0x0175F000 \SystemRoot\system32\drivers\NETIO.SYS
0x017BF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018DE000 \SystemRoot\System32\drivers\tcpip.sys
0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B2C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B3C000 \SystemRoot\system32\drivers\volsnap.sys
0x01B88000 \SystemRoot\System32\Drivers\spldr.sys
0x01B90000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BCA000 \SystemRoot\System32\Drivers\mup.sys
0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018B6000 \SystemRoot\System32\Drivers\Null.SYS
0x018BF000 \SystemRoot\System32\Drivers\Beep.SYS
0x018C6000 \SystemRoot\System32\drivers\vga.sys
0x0162A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BE5000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x018D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0164F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01658000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01222000 \SystemRoot\system32\drivers\afd.sys
0x04030000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04075000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0407E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040A4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x040BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040C9000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x0410C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04127000 \SystemRoot\system32\drivers\termdd.sys
0x0413B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04198000 \SystemRoot\system32\drivers\mssmbios.sys
0x041A3000 \SystemRoot\System32\drivers\discache.sys
0x02E1F000 \SystemRoot\system32\drivers\csc.sys
0x02EA2000 \SystemRoot\System32\Drivers\dfsc.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02ED1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02EF3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F19000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F275000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF9F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x06EBA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06FAE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06E00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x06E0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x06E63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x06E74000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FFA1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0F200000 \SystemRoot\system32\drivers\1394ohci.sys
0x06E98000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06EA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0F23E000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0F24E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F2F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06EAD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F53000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F82000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02F9D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06FF4000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x0F264000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02FE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02E00000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x0F26F000 \SystemRoot\system32\drivers\swenum.sys
0x041B2000 \SystemRoot\system32\drivers\ks.sys
0x02E0C000 \SystemRoot\system32\drivers\umbus.sys
0x078AC000 \SystemRoot\system32\drivers\usbhub.sys
0x07906000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0791B000 \SystemRoot\system32\drivers\HdAudio.sys
0x07977000 \SystemRoot\system32\drivers\portcls.sys
0x079B4000 \SystemRoot\system32\drivers\drmk.sys
0x079D6000 \SystemRoot\system32\drivers\ksthunk.sys
0x079DC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x079EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x079F6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07813000 \SystemRoot\System32\drivers\Dxapi.sys
0x0781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0783C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0783E000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07850000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07859000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07867000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07880000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0788E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0789B000 \SystemRoot\system32\DRIVERS\point64.sys
0x04000000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x020D2000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x021AE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x021BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x021C9000 \SystemRoot\system32\drivers\luafv.sys
0x02000000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0201D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0203E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02053000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x020A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x020B9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0C2DE000 \SystemRoot\system32\drivers\HTTP.sys
0x0C3A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0C3C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0C200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0C22D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0C27A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0C648000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x0C6A2000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x0C6F1000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0C6FE000 \SystemRoot\system32\drivers\peauth.sys
0x0C7A4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0C7AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0C7E0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0CA85000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0CAEF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0CB87000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0CA71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0CBD6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77A10000 \Windows\System32\ntdll.dll
0x47DB0000 \Windows\System32\smss.exe
0xFFD30000 \Windows\System32\apisetschema.dll
0xFF720000 \Windows\System32\autochk.exe
0xFFC80000 \Windows\System32\msvcrt.dll
0xFFC00000 \Windows\System32\difxapi.dll
0xFFAD0000 \Windows\System32\wininet.dll
0xFFAC0000 \Windows\System32\lpk.dll
0xFF990000 \Windows\System32\rpcrt4.dll
0x77910000 \Windows\System32\user32.dll
0xFF910000 \Windows\System32\shlwapi.dll
0x777F0000 \Windows\System32\kernel32.dll
0xFF800000 \Windows\System32\msctf.dll
0x77BE0000 \Windows\System32\psapi.dll
0xFF730000 \Windows\System32\usp10.dll
0xFF690000 \Windows\System32\clbcatq.dll
0xFF5F0000 \Windows\System32\comdlg32.dll
0xFF590000 \Windows\System32\Wldap32.dll
0xFF330000 \Windows\System32\iertutil.dll
0xFF310000 \Windows\System32\imagehlp.dll
0xFF100000 \Windows\System32\ole32.dll
0xFE370000 \Windows\System32\shell32.dll
0xFE290000 \Windows\System32\oleaut32.dll
0xFE1B0000 \Windows\System32\advapi32.dll
0xFE140000 \Windows\System32\gdi32.dll
0x77BD0000 \Windows\System32\normaliz.dll
0xFE120000 \Windows\System32\sechost.dll
0xFDFA0000 \Windows\System32\urlmon.dll
0xFDF50000 \Windows\System32\ws2_32.dll
0xFDF40000 \Windows\System32\nsi.dll
0xFDD60000 \Windows\System32\setupapi.dll
0xFDD30000 \Windows\System32\imm32.dll
0xFDCF0000 \Windows\System32\cfgmgr32.dll
0xFDB80000 \Windows\System32\crypt32.dll
0xFDB40000 \Windows\System32\wintrust.dll
0xFDB20000 \Windows\System32\devobj.dll
0xFDAB0000 \Windows\System32\KernelBase.dll
0xFDA10000 \Windows\System32\comctl32.dll
0xFDA00000 \Windows\System32\msasn1.dll

Processes (total 52):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
376 csrss.exe
492 C:\Windows\System32\wininit.exe
520 csrss.exe
552 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\nvvsvc.exe
884 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\nvvsvc.exe
1168 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\spoolsv.exe
1432 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1480 C:\Windows\System32\svchost.exe
1640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1688 E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe
1744 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1756 C:\Windows\System32\conhost.exe
1944 C:\Windows\System32\svchost.exe
1980 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1736 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2360 WUDFHost.exe
2400 C:\Windows\System32\svchost.exe
2716 C:\Windows\System32\taskhost.exe
2896 C:\Windows\System32\dwm.exe
2928 C:\Windows\explorer.exe
2856 C:\Windows\System32\svchost.exe
404 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
3068 C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
2832 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1336 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2596 C:\Windows\System32\SearchIndexer.exe
3356 C:\Program Files\Windows Media Player\wmpnetwk.exe
2864 C:\Windows\SysWOW64\svchost.exe
2392 C:\Program Files\Internet Explorer\iexplore.exe
1300 C:\Program Files\Internet Explorer\iexplore.exe
3136 C:\Windows\System32\audiodg.exe
1120 C:\Windows\System32\SearchProtocolHost.exe
2576 C:\Windows\System32\SearchFilterHost.exe
1648 taskhost.exe
2760 C:\Users\boelzebub\Desktop\MBRCheck.exe
2876 C:\Windows\System32\conhost.exe
3660 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x000000aa`e6100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000030`d4100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 16.05.2011 23:04
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ezechiel32 16.05.2011 23:59
Hier schon mal die Malwarebytes Log-Datei:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6593

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

17.05.2011 00:55:07
mbam-log-2011-05-17 (00-55-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 323188
Laufzeit: 42 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ezechiel32 17.05.2011 00:52
Und hier noch SuperAntiSpyware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/17/2011 at 01:45 AM

Application Version : 4.52.1000

Core Rules Database Version : 7068
Trace Rules Database Version: 4880

Scan type : Complete Scan
Total Scan Time : 01:25:04

Memory items scanned : 607
Memory threats detected : 0
Registry items scanned : 14311
Registry threats detected : 0
File items scanned : 170686
File threats detected : 22

Adware.Tracking Cookie
ad-emea.doubleclick.net [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
ads2.msads.net [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
banners.securedataimages.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
bc.youporn.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
cdn1.eyewonder.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
cdn4.specificclick.net [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
cdn5.specificclick.net [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
cloud.video.unrulymedia.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
ds.serving-sys.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
files.youporn.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
ia.media-imdb.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
imagesrv.adition.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
macromedia.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
media.ign.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
media.mtvnservices.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
media.scanscout.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
objects.tremormedia.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
s0.2mdn.net [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
secure-us.imrworldwide.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
serving-sys.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
static.youporn.com [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]
Amateur Porno Videos direkt von echten Amateuren. Filme, Telefonsex, Privatnachrichten und LiveCams [ C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HKCJNYW4 ]

cosinus 17.05.2011 08:30
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

ezechiel32 17.05.2011 09:13
Hab nochmal Malwarebytes drüberlaufen lassen, es kamen aber keine neuen Funde mehr. Zwei Probleme habe ich noch:

zum einen habe ich auf bestimmte Ordner keinen Zugriff (Dokumente und Einstellungen, Programme, etc.) Auf den Ordner-Icons ist ein kleines Schloss. Wenn ich versuche eine Freigabe zu erteilen kommt die Meldung "Beim Versuch [Ordnername] freizugeben ist ein Fehler aufgetreten. Zugriff verweigert. Die freigegebene Ressource wurde nicht erstellt."

zum anderen ist mein Startmenü leer und alle Verknüpfungen, etc. sind wohl noch in Quarantäne.

Sind das die Auswirkungen von ComboFix?

Vielen, vielen Dank für die große Hilfe! Mein Rechner hat schon fast wieder Normal-Zustand! :daumenhoc

cosinus 17.05.2011 09:32
Zitat:
zum einen habe ich auf bestimmte Ordner keinen Zugriff (Dokumente und Einstellungen, Programme, etc.)
unhide hast du ausgeführt j/n?

Zitat:
Sind das die Auswirkungen von ComboFix?
Nach CF wurde Windows schon neu gestartet j/n?

ezechiel32 17.05.2011 09:59
Zitat:
Zitat von cosinus (Beitrag 659548)
unhide hast du ausgeführt j/n?
Ja, habe ich ausgeführt. Alles ist sichtbar. Ich habe auch versteckte Dateien und Ordner anzeigen lassen. Könnte es damit zusammenhängen?

Zitat:
Zitat von cosinus (Beitrag 659548)
Nach CF wurde Windows schon neu gestartet j/n?
Ja, ich habe schon mehrere Neustarts seit CF durchgeführt. Die Dateien befinden sich in einem Unterverzeichnis von "C:\Qoobox\Quarantine\C\Users\..."

cosinus 17.05.2011 10:14
Achso, hab ich dich falsch verstanden? Die siehst alles du hast nur keinen Zugriff?

ezechiel32 17.05.2011 13:14
genau, das ist aber nur bei manchen Ordnern so.

cosinus 17.05.2011 13:46
Das kann normal sein. Welche Ordner sind das? komplette Pfadangaben bitte.

ezechiel32 17.05.2011 13:58
C:\Documents and Settings\
C:\Dokumente und Einstellungen\
C:\Programme\

Das scheinen aber alles versteckte Ordner zu sein.

cosinus 17.05.2011 14:20
Lesen => Kein Zugriff auf Verzeichnisse unter Windows Vista? - .: Daniel Melanchthon :. - Site Home - TechNet Blogs

Was ist ein symbolischer Link? Lesen => Symbolische Verknüpfung ? Wikipedia

ezechiel32 17.05.2011 14:51
OK, soweit klar. Dann war das Problem mit den Ordnern eigentlich gar kein Problem. :lach:

Nur mit dem Quarantäne-Ordner steig ich nicht ganz durch. Muss ich die Verknüpfungen, etc. per Hand wieder ins Startmenü einfügen? :wtf:

cosinus 17.05.2011 15:02
Zitat:
Nur mit dem Quarantäne-Ordner steig ich nicht ganz durch. Muss ich die Verknüpfungen, etc. per Hand wieder ins Startmenü einfügen?
Was hat eine Quarantäne mit den Verknüpfungen im Startmenü zu tun? :dummguck:

ezechiel32 17.05.2011 15:14
Nunja, wenn ich im Start-Menü > alle Programme auswähle ist in so gut wie jedem Ordner nur noch (Leer) zu finden. Wenn ich nach den Inhalten suche, finde ich diese im Verzeichnis C:\Qoobox\Quarantine\...

Im Combofix Logfile glaube ich stand auch drin, dass alle Verknüpfungen in diesen Ordner verschoben wurden. Ich hoffe zumindest, dass ich das richtig verstanden habe... :confused:

cosinus 17.05.2011 15:28
Hat CF die gelöscht? :confused:

Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

ezechiel32 17.05.2011 15:58
Irgendwie ist es mir nicht möglich den Ordner zu zippen. Es kommen 2 Fehlermeldungen.

"konnte Qoobox.rar nicht erstellen"
"Zugriff verweigert"

Der Schreibschutz ist immer wieder aktiv, egal ob man ihn vorher deaktiviert hat.

Freigabe habe ich auf "jeder" gestellt, die Fehlermeldungen kommen aber immer noch. :(

ezechiel32 17.05.2011 16:06
Hab's hinbekommen. Ein Dateiname hatte ein unzulässiges Zeichen. Hab den Ordner hochgeladen.

cosinus 17.05.2011 18:03
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
DEQUARANTINE::
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp
QUIT::
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Danach bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ezechiel32 17.05.2011 22:15
Ich bin die Vorgaben Schritt für Schritt durchgegangen. Zog die CFScript.txt auf die cofi.exe und nach kurzer Zeit spuckte diese dann folgende Log-Datei aus, aber nicht mit dem Titel Combofix.txt:

DeQuarantine.txt:

C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Default Programs.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Windows Update.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\æTorrent.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\æTorrent.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\The Lord of the Rings Online.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\The Lord of the Rings Online.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Print Management.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Print Management.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Security Configuration Management.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Amazon MP3-Downloader.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Amazon MP3-Downloader.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Uninstall Amazon MP3-Downloader.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Uninstall Amazon MP3-Downloader.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\CD Audio Burn Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\CD Audio Burn Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\CD Audio Rip Extractor.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\CD Audio Rip Extractor.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Dictation Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Dictation Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\DJ Mixing Software.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\DJ Mixing Software.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Multichannel Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Multichannel Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Multitrack Mixer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Multitrack Mixer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Record to CD or Mp3 Wizard.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Record to CD or Mp3 Wizard.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Editor.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Editor.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Sound File Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Streaming Audio Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Streaming Audio Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Streaming Audio Server.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Streaming Audio Server.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Text-to-Speech Reader.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs\Text-to-Speech Reader.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir Hilfe.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir Hilfe.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir im Internet.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir im Internet.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir starten.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop\AntiVir starten.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\CCleaner Homepage.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\CCleaner Homepage.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\CCleaner.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\CCleaner.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\CCleaner\Uninstall CCleaner.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Connection Wizard.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Connection Wizard.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Uninstall.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Uninstall.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Wireless Connection Manager.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\D-Link\D-Link Wireless N DWA-140\Wireless Connection Manager.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\SPTD Setup.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\SPTD Setup.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\Uninstall.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DAEMON Tools Lite\Uninstall.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\ReadMe.txt anzeigen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\ReadMe.txt anzeigen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\S.T.A.L.K.E.R. - Clear Sky entfernen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\S.T.A.L.K.E.R. - Clear Sky entfernen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\S.T.A.L.K.E.R. - Clear Sky.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\S.T.A.L.K.E.R. - Clear Sky.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Spielanleitung.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Spielanleitung.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Website des Publishers.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Website des Publishers.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Website zum Spiel.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\Website zum Spiel.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Bringe DivX©-Videos auf Deine Website.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Bringe DivX©-Videos auf Deine Website.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Codec-Einstellungen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Codec-Einstellungen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Player.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Player.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Technische Untersttzung.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\DivX Technische Untersttzung.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Nach Updates suchen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Nach Updates suchen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Registrieren.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Registrieren.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Warum DivX Pro kaufen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\DivX Plus\Warum DivX Pro kaufen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Dragon Age Origins deinstallieren.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Dragon Age Origins deinstallieren.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Dragon Age Origins.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Dragon Age Origins.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\EA Product Support-Hilfe.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\EA Product Support-Hilfe.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Readme lesen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Readme lesen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\BioWare-Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\BioWare-Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\Dragon Age Origins-Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\Dragon Age Origins-Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\EA-Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\EA-Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\Support-Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Dragon Age Origins\Links\Support-Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Burn\Express Burn Help.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Burn\Express Burn Help.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Burn\Express Burn.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Burn\Express Burn.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Rip\Express Rip Help.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Rip\Express Rip Help.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Rip\Express Rip.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Express Rip\Express Rip.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter entfernen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter entfernen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Documentation.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Documentation.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\FDM remote control server.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\FDM remote control server.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Free Download Manager on the Web.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Free Download Manager on the Web.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Free Download Manager.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Free Download Manager.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Uninstall Free Download Manager.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Free Download Manager\Uninstall Free Download Manager.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\FreeRIP on the Web.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\FreeRIP on the Web.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\FreeRIP.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\FreeRIP.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\License.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\License.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\Read me.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\Read me.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\Version history.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\FreeRIP3\Version history.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dead Rising 2.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dead Rising 2.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dead Space 2.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dead Space 2.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dragon Age Origins.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\Dragon Age Origins.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Hamachi\LogMeIn Hamachi.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Hamachi\LogMeIn Hamachi.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Hamachi\Uninstall.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Hamachi\Uninstall.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Go to www.last.fm.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Go to www.last.fm.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Last.fm entfernen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Last.fm entfernen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Last.fm.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Last.fm\Last.fm.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digitales Zertifikat fr VBA-Projekte.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digitales Zertifikat fr VBA-Projekte.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Spracheinstellungen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Spracheinstellungen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office-Diagnose.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office-Diagnose.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Handbuch fr den ergonomischen Umgang mit der Maus.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Handbuch fr den ergonomischen Umgang mit der Maus.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Maus fr Bluetooth verbinden.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Maus fr Bluetooth verbinden.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Maushilfe.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Maushilfe.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Microsoft-Maus.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Microsoft-Maus.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Qualit„tseinstellungen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Maus\Qualit„tseinstellungen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Handbuch fr den ergonomischen Umgang mit der Tastatur.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Handbuch fr den ergonomischen Umgang mit der Tastatur.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Microsoft-Tastatur.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Microsoft-Tastatur.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Qualit„tseinstellungen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Qualit„tseinstellungen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Tastatur fr Bluetooth verbinden.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Tastatur fr Bluetooth verbinden.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Tastaturhilfe.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft-Tastatur\Tastaturhilfe.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Help.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Help.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Home Edition on the Web.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Home Edition on the Web.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Home Edition.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\MiniTool Partition Wizard Home Edition.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\Uninstall MiniTool Partition Wizard Home Edition.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\MiniTool Partition Wizard Home Edition 5.2\Uninstall MiniTool Partition Wizard Home Edition.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Dictate Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Dictate Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Rip CD Ripper.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Rip CD Ripper.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Talk Softphone.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Express Talk Softphone.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Golden Records LP Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Golden Records LP Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\IVM Telephone Answering Attendant.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\IVM Telephone Answering Attendant.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Prism Video File Format Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Prism Video File Format Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Switch Sound File Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\Switch Sound File Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\VRS Sound Recorder.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\VRS Sound Recorder.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\WavePad Sound Editor.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite\WavePad Sound Editor.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\Hilfe.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\Hilfe.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\News File Grabber entfernen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\News File Grabber entfernen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\News File Grabber.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\News File Grabber.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\UnRAR.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\News File Grabber\UnRAR.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Quests and Legends\Uninstall Quests and Legends Patches.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Quests and Legends\Uninstall Quests and Legends Patches.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\QuickPar.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\QuickPar.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\Uninstall.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\Uninstall.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\Website.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickPar\Website.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime - Bitte lesen.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime - Bitte lesen.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime deinstallieren.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime deinstallieren.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\RAR Password Recovery Help.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\RAR Password Recovery Help.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\RAR Password Recovery.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\RAR Password Recovery.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\Uninstall RAR Password Recovery.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\RAR Password Recovery\Uninstall RAR Password Recovery.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\SopCast web site.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\SopCast web site.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\SopCast.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\SopCast.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\Uninstall.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\SopCast\Uninstall.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Account Management Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Account Management Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Community Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Community Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\README.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\README.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Support Website.url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Support Website.url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\The Lord of the Rings Online.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\The Lord of the Rings Online.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Turbine, Inc..url -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Turbine, Inc..url
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Uninstall The Lord of the Rings Online.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\Uninstall The Lord of the Rings Online.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\User Manual (pdf).lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Turbine\The Lord of the Rings Online\User Manual (pdf).lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Liesmich.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Liesmich.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Two Worlds II deinstallieren.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Two Worlds II deinstallieren.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Two Worlds II.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Two Worlds II\Two Worlds II.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Slideshow Creator Software.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Slideshow Creator Software.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Capture Software.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Capture Software.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video File Format Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video File Format Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Streaming Server.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Streaming Server.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Tape to DVD Converter.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Video Related Programs\Video Tape to DVD Converter.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Documentation.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Documentation.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Release Notes.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Release Notes.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VideoLAN Website.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player skinned.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Benutzerhandbuch fr die Konsolenversion von RAR.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Benutzerhandbuch fr die Konsolenversion von RAR.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Hilfe zu WinRAR.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Google Chrome.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Google Chrome.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Last.fm.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Last.fm.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Media Center.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Media Center.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office Excel 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office Excel 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office OneNote 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office OneNote 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office PowerPoint 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office PowerPoint 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office Word 2007.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Microsoft Office Word 2007.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\SopCast.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\SopCast.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Windows Media Player.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\Windows Media Player.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\æTorrent.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\3\æTorrent.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\CCleaner.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\CCleaner.lnk
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\desktop.ini -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\desktop.ini
C:\Qoobox\Quarantine\C\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\News File Grabber.lnk -> C:\Users\BOELZE~1\AppData\Local\Temp\smtmp\4\News File Grabber.lnk
249 Datei(en) kopiert


Danach habe ich die unhide.exe ausgeführt. Im Moment scheint die Situation aber unverändert.

cosinus 18.05.2011 10:19
Hm, eigentlich sollte unhide die Verküpfungen selbst zurück an die richtige Stelle kopieren. Wenn nicht, mach es selbst.

Deine Verknüpfungen liegen jetzt in:

C:\Users\BOELZE~1\AppData\Local\Temp\smtmp

Und müssen passend nach

C:\ProgramData\Microsoft\Windows\Start Menu\Programs

kopiert werden

ezechiel32 18.05.2011 11:58
Klasse! Vielen, vielen Dank! Absolute Spitze! :dankeschoen: :daumenhoc

Alles ist wieder an seinem Platz! Und der Virus scheint weg zu sein.

Wie kann ich es denn vermeiden, mir nochmal so etwas einzufangen bzw. mich besser absichern?

cosinus 18.05.2011 12:10
Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?



Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

ezechiel32 18.05.2011 12:45
Klasse! Du warst eine fantastische Hilfe, Arne! :applaus:

Das ist mir dann auch noch eine Spende an Trojaner-Board wert. So viel Arbeit sollte honoriert werden! Alleine hätte ich das niemals hinbekommen! :daumenhoc

Ich werde die Tipps beherzigen!

Nochmal vielen Dank!

cosinus 18.05.2011 13:17
Zitat:
Das ist mir dann auch noch eine Spende an Trojaner-Board wert.
:dankeschoen: :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131