Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   exploit.java.cve-2011-3544 irreparabel (https://www.trojaner-board.de/108932-exploit-java-cve-2011-3544-irreparabel.html)

sly 02.02.2012 19:14
exploit.java.cve-2011-3544 irreparabel
 
Hallo zusammen,


Kaspersky hat bei einer vollständigen Untersuchung folgende Infektion gefunden

exploit.java.cve-2011-3544.ec
exploit.java.cve-2011-3544.eb

Er zeigt an das eine Desinfektion nicht möglich wäre, die Dateien konnten lediglich gelöscht werden.

Ich vermute damit ist das Problem aber nicht behoben, es heisst ja immer das das Reine löschen nichts bringt. Leider habe ich was sowas betrifft null Erfahrung, was würdet ihr mir raten?
Ursache des ganzen könnte meine gehackte Wordpress-Seite gewesen sein auf die etwas eingeschleust wurde vor einem halben Monat. Hier bekam ich bei der Anzeige dann immer Java-Sicherheitsmeldungen!
Das Problem habe ich mittlerweile aber komplett behoben, die Seite ist komplett neu aufgesetzt und sauber!

LG Sebastian

sly 03.02.2012 10:49
Habe noch logs angefertigt

defogger

HTML-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:48 on 02/02/2012 (Basti)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

dds

HTML-Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by Basti at 20:14:31 on 2012-02-02
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3325.2033 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft OfficeNew\Office14\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071207
uInternet Settings,ProxyOverride = *.local
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi61b6~1\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft officenew\office14\ONENOTEM.EXE
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\poptray.lnk - c:\program files\poptray\PopTray.exe
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\mi61b6~1\office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\mi61b6~1\office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft officenew\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft officenew\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{391E020F-240F-4880-8365-575ECBC805E8} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Hosts: 127.0.0.1        www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.heute.de/
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\progra~1\mi61b6~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi61b6~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\basti\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 54381946;54381946;c:\windows\system32\drivers\54381946.sys [2012-1-24 133208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-7-22 3026]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [2009-12-22 76800]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2011-9-16 108768]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-25 21504]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-8-8 235624]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-10-7 185640]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
R3 GT680xNT;715 USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [2007-12-18 17376]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-7 5632]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-11 105576]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-28 27632]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bd96adc49da3;Google Update Service (gupdate1c9bd96adc49da3);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 BLC;BLC;c:\users\basti\appdata\local\temp\blc.exe --> c:\users\basti\appdata\local\temp\BLC.exe [?]
S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-4-23 1347584]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-28 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 LCCNUQS;LCCNUQS;c:\users\basti\appdata\local\temp\lccnuqs.exe --> c:\users\basti\appdata\local\temp\LCCNUQS.exe [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-12-7 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-12-7 19008]
S3 PTQ;PTQ;c:\users\basti\appdata\local\temp\ptq.exe --> c:\users\basti\appdata\local\temp\PTQ.exe [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2008-11-5 98488]
S3 TridVid;Trident Analog Video;c:\windows\system32\drivers\TridVid.sys [2008-7-16 201216]
.
=============== Created Last 30 ================
.
2012-02-02 16:18:40        476904        ----a-w-        c:\program files\mozilla firefox\plugins\RENDECD.tmp
2012-02-02 13:35:51        97961        ----a-w-        c:\windows\system32\drivers\klick.dat
2012-02-02 13:35:51        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2012-02-02 13:35:41        110992        ----a-w-        c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-02-02 13:35:22        147856        ----a-w-        c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-02 13:32:15        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-02-02 13:32:15        --------        d-----w-        c:\program files\Kaspersky Lab
2012-02-01 10:24:12        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-02-01 10:24:11        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-02-01 10:24:11        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-02-01 10:24:11        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-02-01 10:24:11        377344        ----a-w-        c:\windows\system32\winhttp.dll
2012-02-01 10:24:11        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-31 12:37:45        6557240        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{2bbe77b2-f3ed-441d-829c-bf731041133c}\mpengine.dll
2012-01-25 10:18:45        --------        d-----w-        c:\windows\pss
2012-01-24 20:49:04        133208        ----a-w-        c:\windows\system32\drivers\54381946.sys
2012-01-24 20:14:37        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-24 20:09:26        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-24 20:09:26        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-24 20:09:24        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-24 20:09:11        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-24 20:09:10        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-24 20:09:08        2409784        ----a-w-        c:\program files\windows mail\OESpamFilter.dat
2012-01-24 20:09:06        497152        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-24 20:09:06        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-24 18:23:37        --------        d-----w-        c:\program files\Lavasoft
2012-01-21 04:41:41        --------        d-----w-        c:\users\basti\appdata\roaming\Malwarebytes
2012-01-21 04:41:27        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-21 04:41:26        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2011-12-07 09:08:58        236576        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-24 14:02:43        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-10 04:54:13        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-11-08 14:42:19        2048        ----a-w-        c:\windows\system32\tzres.dll
.
============= FINISH: 20:15:23,70 ===============
attach

HTML-Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 07.12.2007 00:28:29
System Uptime: 02.02.2012 14:37:53 (6 hours ago)
.
Motherboard: Dell Inc. |  | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 234,546 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7,223 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Service:
.
==== System Restore Points ===================
.
RP1270: 13.01.2012 11:01:06 - Windows Update
RP1271: 15.01.2012 01:05:35 - Geplanter Prüfpunkt
RP1272: 16.01.2012 00:20:24 - Geplanter Prüfpunkt
RP1273: 16.01.2012 14:01:31 - Geplanter Prüfpunkt
RP1274: 17.01.2012 13:12:09 - Windows Update
RP1275: 18.01.2012 17:31:00 - Geplanter Prüfpunkt
RP1276: 19.01.2012 13:42:05 - Geplanter Prüfpunkt
RP1277: 20.01.2012 09:56:08 - Windows Update
RP1278: 21.01.2012 06:58:46 - Geplanter Prüfpunkt
RP1279: 22.01.2012 19:00:04 - Geplanter Prüfpunkt
RP1280: 23.01.2012 15:23:35 - Geplanter Prüfpunkt
RP1281: 24.01.2012 09:36:22 - Windows Update
RP1282: 24.01.2012 18:45:00 - Wiederherstellungsvorgang
RP1283: 24.01.2012 19:17:31 - Installed Ad-Aware
RP1284: 24.01.2012 19:22:04 - Installed Ad-Aware
RP1286: 24.01.2012 20:35:31 - First Restore Point
RP1287: 24.01.2012 21:00:14 - Windows Update
RP1288: 24.01.2012 22:31:34 - Windows Update
RP1289: 25.01.2012 22:27:43 - Geplanter Prüfpunkt
RP1290: 26.01.2012 14:39:59 - Geplanter Prüfpunkt
RP1291: 27.01.2012 09:27:05 - Windows Update
RP1292: 28.01.2012 20:04:19 - Geplanter Prüfpunkt
RP1293: 31.01.2012 13:36:11 - Windows Update
RP1294: 01.02.2012 11:58:19 - Geplanter Prüfpunkt
RP1295: 01.02.2012 13:57:04 - Windows Update
RP1296: 02.02.2012 12:26:40 - Geplanter Prüfpunkt
RP1298: 02.02.2012 14:14:13 - First Restore Point
RP1299: 02.02.2012 14:26:17 - Installierte(s) Kaspersky Internet Security 2012.
RP1300: 02.02.2012 16:49:10 - Installed Adobe Reader X (10.1.0) - Deutsch.
RP1301: 02.02.2012 17:04:22 - Removed iTunes
RP1302: 02.02.2012 17:12:45 - Installed QuickTime
RP1303: 02.02.2012 17:16:46 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.2) - Deutsch
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
ASCOM Celestron Telescope Driver 5.0.10
ASCOM Platform 5.0a
Avanquest update
BabasChess
BabasChess Graphic Pack
BeCyPDFMetaEdit
Benutzerhandbuch
BLUDRUME
Bonjour
Brickshooter Egypt
Browser Address Error Redirector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Codec
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cartes du Ciel
Catalogue of Principal Galaxies 2007
CCleaner
Celestron HCupdate
Celestron MCupdate
Citavi
Compatibility Pack for the 2007 Office system
Cooliris for Internet Explorer
Creative MediaSource 5
DATA BECKER Creative MindMap 4 pro
DeepSkyStacker
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell Handbuch zum Einstieg
Detjeen-CD Physiologie
Digital Image Recovery 1.47
DRI Tool 2.0
Dropbox
Emsisoft HiJackFree 4.5
Eraser
Falk Navi-Manager
FileZilla Client 3.1.0.1
Garmin Lifetime Updater
Garmin Training Center
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
GSview 4.9
Guidemaster Verion 2.0.14 Beta
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hugin 0.5 beta3
ICQ6.5
Image Analyzer
Indeo® software
Intel(R) PRO Network Connections 12.1.12.4
Intel® Viiv™ Software
InterVideo DeviceService
IPM Schulung Rev D
IPM Training Rev E
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) SE Runtime Environment 6
JPGVideo 1.05.0.0
Kaspersky Internet Security 2012
Logitech QuickCam
Logitech® Camera-Treiber
Malwarebytes Anti-Malware Version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office File Validation Add-In
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mouse Suite for Desktop Computers
MozBackup 1.4.7
Mozilla Firefox 10.0 (x86 de)
Mozilla Thunderbird (3.1.18)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
Neat Image v5 Demo (with plug-in)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OLYMPUS Raw Codec
OpenAL
OpticSlim 2400
PcWatt
PDF Encrypter
PDF Settings
PDF24 Creator 3.5.2
PDFCreator
phase5
Photocopier 3.05
PicLens for Internet Explorer
PixInsight LE 1.0
PL-2303 USB-to-Serial
PopTray 3.20
PRS-500 USB driver
QuickStores-Toolbar 1.1.0
QuickTime
Reader Library by Sony
RegiStar
RegiStax 5
RegiStax Version 4
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
RuntimeLibsVC90
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SiSoftware Sandra Lite 2009.SP1
Skype™ 5.6
SmartSound Quicktracks Plugin
Sonic CinePlayer Decoder Pack
Sophos Anti-Rootkit 1.5.4
Sound Blaster X-Fi
Sprint & FineReader 5.0 Office Try&Buy
Stellarium 0.10.0
swMSM
TeamViewer 3
Trillian
TV-Browser 3.0.2
Ulead DVD DiskRecorder 2.1.1
Ulead VideoStudio 11
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VideoStudio
Virtual Moon Atlas Basic 3.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WcCtrl - WebCam Control Utility
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Writer
Windows Media Encoder 9-Reihe
Windows Media Player Firefox Plugin
Windows Mobile-Gerätecenter
Windows Mobile-Gerätecenter: Treiberupdate
ZipGenius 6 (6.0.3.1150)
.
==== End Of File ===========================
gmer

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-03 10:25:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750640AS rev.3.ADG
Running: dims4kt3.exe; Driver: C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys


---- System - GMER 1.0.15 ----

SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAdjustPrivilegesToken [0xDB43428A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcConnectPort [0xDB44E342]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcCreatePort [0xDB44E678]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcSendWaitReceivePort [0xDB44E9EE]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwClose [0xDB434D04]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwConnectPort [0xDB44E02A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateEvent [0xDB435276]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateMutant [0xDB435164]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreatePort [0xDB44E4E8]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSection [0xDB434046]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSemaphore [0xDB43538E]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThread [0xDB4348BA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateWaitablePort [0xDB44E5B0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDebugActiveProcess [0xDB43574E]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDeviceIoControlFile [0xDB434D46]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDuplicateObject [0xDB436750]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwLoadDriver [0xDB435840]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwMapViewOfSection [0xDB435DAC]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwNotifyChangeKey [0xDB44C840]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenEvent [0xDB435308]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenMutant [0xDB4351F0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenProcess [0xDB4344C4]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSection [0xDB435B90]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSemaphore [0xDB435420]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenThread [0xDB4343B8]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryDirectoryObject [0xDB43555C]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryObject [0xDB44CA38]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQuerySection [0xDB4360D2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueueApcThread [0xDB4359E0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyPort [0xDB44E7DC]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyWaitReceivePort [0xDB44E72A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwRequestWaitReplyPort [0xDB44E848]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwResumeThread [0xDB4365F2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSecureConnectPort [0xDB44E1B2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetContextThread [0xDB434BA4]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetInformationToken [0xDB4355FA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetSystemInformation [0xDB436222]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendProcess [0xDB436316]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendThread [0xDB436450]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSystemDebugControl [0xDB435670]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateProcess [0xDB434664]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateThread [0xDB4345BA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwUnmapViewOfSection [0xDB435F8A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwWriteVirtualMemory [0xDB434750]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThreadEx [0xDB434A2A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateUserProcess [0xDB4354A6]

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 119                                                                                  862E489C 4 Bytes  [8A, 42, 43, DB]
.text    ntkrnlpa.exe!KeSetEvent + 13D                                                                                  862E48C0 8 Bytes  [42, E3, 44, DB, 78, E6, 44, ...]
.text    ntkrnlpa.exe!KeSetEvent + 181                                                                                  862E4904 4 Bytes  JMP 9967244D \SystemRoot\System32\drivers\CTEXFIFX.SYS (Creative XFi Effects/Creative Technology Ltd.)
.text    ntkrnlpa.exe!KeSetEvent + 1A9                                                                                  862E492C 4 Bytes  [04, 4D, 43, DB]
.text    ntkrnlpa.exe!KeSetEvent + 1C1                                                                                  862E4944 4 Bytes  [2A, E0, 44, DB]
.text    ...                                                                                                           
.text    C:\Windows\system32\drivers\SSHDRV84.sys                                                                        section is writeable [0x99799000, 0x233D4, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\SSHDRV84.sys                                                                        entry point in ".pklstb" section [0x997CB000]
.relo2  C:\Windows\system32\drivers\SSHDRV84.sys                                                                        unknown last section [0x997E1000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV08.sys                                                                        section is writeable [0x9B439000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV08.sys                                                                        entry point in ".pklstb" section [0x9B47D000]
.relo2  C:\Windows\system32\drivers\ACEDRV08.sys                                                                        unknown last section [0x9B499000, 0x8E, 0x42000040]
PAGE    spsys.sys!?SPVersion@@3PADA + 1ABF                                                                              9B4E703F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9B4E70AF 1 Byte  [16]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9B4E70AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB0                                                                              9B4E7130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB7                                                                              9B4E7137 2298 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE    ...                                                                                                           
?        C:\Users\Basti\AppData\Local\Temp\mbr.sys                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] C:\Windows\system32\ntdll.dll    time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] ntdll.dll!NtProtectVirtualMemory  77824BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] C:\Windows\system32\kernel32.dll  time/date stamp mismatch;
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] USER32.dll!SetScrollInfo + 7A8    77437980 4 Bytes  [E0, 13, 54, 67]
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] C:\Windows\system32\ntdll.dll    time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] ntdll.dll!NtProtectVirtualMemory  77824BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] C:\Windows\system32\kernel32.dll  time/date stamp mismatch;
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] USER32.dll!SetScrollInfo + 7A8    77437980 4 Bytes  [E0, 13, 54, 67]

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                        0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                        0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                            0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                            0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL

---- EOF - GMER 1.0.15 ----[/HTML]
--- --- ---

Hoffe das hilft weiter, LG Sebastian

sly 05.02.2012 14:08
Hier noch das Kaspersky log

Code:
Typ: Schwachstelle (2)       
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=43269        Nicht gefunden        02.02.2012 17:37:43       
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=46848        Nicht gefunden        02.02.2012 17:37:43       
Typ: trojanisches Programm (9)       
Exploit.Java.CVE-2011-3544.ec        Desinfiziert        02.02.2012 18:49:43       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:49:43       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:49:12       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:48:58       
Exploit.Java.CVE-2011-3544.eb        Desinfiziert        02.02.2012 18:48:36       
Exploit.Java.CVE-2011-3544.eb        Gelöscht        02.02.2012 18:48:32       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:46:00       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:45:54       
Exploit.Java.CVE-2011-3544.ec        Gelöscht        02.02.2012 18:45:36
LG

cosinus 05.02.2012 19:38
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

sly 06.02.2012 14:41
Hallo,


also, hier nun wie gewünscht die logs, zuerst mehrere mit Malewarebytes, zuerst der aktuelleste:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.05.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: DESKTOP01 [Administrator]

05.02.2012 20:51:10
mbam-log-2012-02-05 (20-51-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 678130
Laufzeit: 3 Stunde(n), 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ältere mbam-logs habe ich auch, nachdem ich das Problem mit meinem Wordpressblog hatte hatte ich erstmals Malewarebytes in Gebrauch, der hatte da auch promt was gefunden, diese gefundenen Sachen hatte ich dann gelöscht. Nachdem ich zu einem späteren Zeitpunkt eine Systemwiederherstellung gemacht hatte waren die Sachen wieder da und ich beseitigte sie erneut via Malwarebytes ... hier die Logs in chronologischer Reihenfolge:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: DESKTOP01 [Administrator]

21.01.2012 08:50:59
mbam-log-2012-01-21 (08-50-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222216
Laufzeit: 5 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: DESKTOP01 [Administrator]

21.01.2012 09:15:19
mbam-log-2012-01-21 (09-15-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 512490
Laufzeit: 1 Stunde(n), 58 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: DESKTOP01 [Administrator]

24.01.2012 21:17:20
mbam-log-2012-01-24 (21-17-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222713
Laufzeit: 11 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: DESKTOP01 [Administrator]

25.01.2012 11:08:20
mbam-log-2012-01-25 (11-08-20).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 10404
Laufzeit: 10 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


nun noch das Eset-Log:

Code:
SETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=258bce9d3b2aab4ca9ff528920fb672b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 01:23:57
# local_time=2012-02-06 02:23:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 103163730 103163730 0 0
# compatibility_mode=1280 16777215 100 0 333027 333027 0 0
# compatibility_mode=5892 16776637 100 100 86368 166051690 0 0
# compatibility_mode=8192 67108863 100 0 4512 4512 0 0
# scanned=540348
# found=7
# cleaned=0
# scan_time=15674
C:\DELL\drivers\R188694\PCTuneUp2.exe        probably unknown NewHeur_PE virus (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Basti\Desktop\Tools\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Basti\Desktop\Tools\Unlocker1.9.1.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
F:\BackUp\Tools\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
F:\BackUp\Tools\Unlocker1.9.1.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
F:\THINK-PAED\Backup Set 2011-10-23 151743\Backup Files 2011-10-23 151743\Backup files 16.zip        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
bei Eset fiel auf das er anzeigte Windows Defender wäre in Betrieb, das habe ich aber zum Scannen definitiv abgeschaltet, sowohl automatische Prüfungen als auch Echtzeitschutz ... irgendwie zeigte Eset das trotzdem als aktiv an ... ich hoffe das ist von den Scan nicht weiter von Belang ... wie gesagt, ich habe das vorher definitiv abgeschaltet.

An dieser Stelle schon mal vielen Dank für die umfassenden Mühen.

LG Sebastian

cosinus 06.02.2012 15:25
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sly 06.02.2012 17:03
Hallo, der Log ist zu lang zum posten,

habe ihn als Archiv angehangen


Gruß Sebastian

cosinus 06.02.2012 19:46
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - File not found [On_Demand | Stopped] --  -- (PTQ)
SRV - File not found [On_Demand | Stopped] --  -- (LCCNUQS)
SRV - File not found [On_Demand | Stopped] --  -- (BLC)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
[2012.02.05 14:00:23 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-1.xml
[2009.03.28 12:34:18 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-10.xml
[2009.04.25 12:01:46 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-11.xml
[2009.04.29 15:54:41 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-12.xml
[2009.06.13 20:45:15 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-13.xml
[2009.07.06 15:01:34 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-14.xml
[2009.07.23 13:51:56 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-15.xml
[2009.08.06 12:57:37 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-16.xml
[2009.09.13 11:49:50 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-17.xml
[2009.10.31 15:14:42 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-18.xml
[2009.11.07 10:34:43 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-19.xml
[2008.02.10 21:21:52 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-2.xml
[2010.01.07 11:15:11 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-20.xml
[2010.01.15 14:39:56 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-21.xml
[2010.02.27 17:17:26 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-22.xml
[2010.03.24 07:02:13 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-23.xml
[2010.04.03 13:33:59 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-24.xml
[2010.04.05 10:19:45 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-25.xml
[2010.06.28 11:27:46 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-26.xml
[2010.07.30 10:02:27 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-27.xml
[2010.08.14 17:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-28.xml
[2008.03.27 15:23:02 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-3.xml
[2008.04.25 18:38:17 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-4.xml
[2008.04.26 16:42:28 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-5.xml
[2008.06.18 21:29:26 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-6.xml
[2008.07.02 22:22:22 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-7.xml
[2008.07.16 22:41:29 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-8.xml
[2009.03.23 11:01:38 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-9.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin.xml
[2008.05.09 14:54:13 | 000,001,421 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\simbad-basic-search.xml
[2008.01.11 22:58:56 | 000,002,386 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\siteadvisor.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2010.11.02 14:29:16 | 000,000,073 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Menu.exe -- [2010.11.02 14:22:38 | 009,830,400 | ---- | M] (Markement GmbH                                              )
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C97C8631
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sly 06.02.2012 20:24
Hallo,

Fix habe ich durchgeführt, anbei das Log

Code:
All processes killed
========== OTL ==========
Service PTQ stopped successfully!
Service PTQ deleted successfully!
Service LCCNUQS stopped successfully!
Service LCCNUQS deleted successfully!
Service BLC stopped successfully!
Service BLC deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\simbad-basic-search.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\siteadvisor.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
F:\AutoOff.exe moved successfully.
F:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
F:\Menu.exe moved successfully.
ADS C:\ProgramData\TEMP:C97C8631 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 548056 bytes
->Temporary Internet Files folder emptied: 401623 bytes
->Flash cache emptied: 84 bytes
 
User: All Users
 
User: Basti
->Temp folder emptied: 155769086 bytes
->Temporary Internet Files folder emptied: 808454 bytes
->Java cache emptied: 35787121 bytes
->FireFox cache emptied: 283982273 bytes
->Apple Safari cache emptied: 5465088 bytes
->Flash cache emptied: 121973 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 1368 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 169527 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16490483 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 476,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02062012_201431

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gruß Sebastian

cosinus 06.02.2012 20:54
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

sly 06.02.2012 21:08
auch komplett:

Code:
21:09:06.0903 5472        TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
21:09:07.0059 5472        ============================================================
21:09:07.0059 5472        Current date / time: 2012/02/06 21:09:07.0059
21:09:07.0059 5472        SystemInfo:
21:09:07.0059 5472       
21:09:07.0059 5472        OS Version: 6.0.6002 ServicePack: 2.0
21:09:07.0059 5472        Product type: Workstation
21:09:07.0059 5472        ComputerName: DESKTOP01
21:09:07.0059 5472        UserName: Basti
21:09:07.0059 5472        Windows directory: C:\Windows
21:09:07.0059 5472        System windows directory: C:\Windows
21:09:07.0059 5472        Processor architecture: Intel x86
21:09:07.0059 5472        Number of processors: 4
21:09:07.0059 5472        Page size: 0x1000
21:09:07.0059 5472        Boot type: Normal boot
21:09:07.0059 5472        ============================================================
21:09:07.0543 5472        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:09:07.0574 5472        Drive \Device\Harddisk5\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:07.0590 5472        \Device\Harddisk0\DR0:
21:09:07.0590 5472        MBR used
21:09:07.0590 5472        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
21:09:07.0590 5472        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x5572A000
21:09:07.0590 5472        \Device\Harddisk5\DR5:
21:09:07.0590 5472        MBR used
21:09:07.0590 5472        \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:09:07.0652 5472        Initialize success
21:09:07.0652 5472        ============================================================
21:09:40.0145 2768        ============================================================
21:09:40.0145 2768        Scan started
21:09:40.0145 2768        Mode: Manual; SigCheck; TDLFS;
21:09:40.0145 2768        ============================================================
21:09:40.0707 2768        54381946        (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\54381946.sys
21:09:40.0816 2768        54381946 - ok
21:09:40.0878 2768        61883          (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
21:09:40.0910 2768        61883 - ok
21:09:40.0988 2768        ACEDRV08        (da06d89cdfdd0d24de75165cf6d4270b) C:\Windows\system32\drivers\ACEDRV08.sys
21:09:41.0003 2768        ACEDRV08 - ok
21:09:41.0034 2768        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:09:41.0034 2768        ACPI - ok
21:09:41.0128 2768        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:09:41.0144 2768        adp94xx - ok
21:09:41.0175 2768        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:09:41.0190 2768        adpahci - ok
21:09:41.0222 2768        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:09:41.0237 2768        adpu160m - ok
21:09:41.0253 2768        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:09:41.0268 2768        adpu320 - ok
21:09:41.0362 2768        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:09:41.0378 2768        AFD - ok
21:09:41.0440 2768        agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:09:41.0456 2768        agp440 - ok
21:09:41.0518 2768        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:09:41.0534 2768        aic78xx - ok
21:09:41.0612 2768        aliide          (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:09:41.0627 2768        aliide - ok
21:09:41.0674 2768        amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:09:41.0690 2768        amdagp - ok
21:09:41.0721 2768        amdide          (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:09:41.0736 2768        amdide - ok
21:09:41.0799 2768        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:09:41.0846 2768        AmdK7 - ok
21:09:41.0877 2768        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:09:41.0908 2768        AmdK8 - ok
21:09:41.0970 2768        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:09:41.0970 2768        arc - ok
21:09:42.0033 2768        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:09:42.0033 2768        arcsas - ok
21:09:42.0142 2768        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:42.0158 2768        AsyncMac - ok
21:09:42.0204 2768        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:09:42.0204 2768        atapi - ok
21:09:42.0251 2768        Avc            (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
21:09:42.0282 2768        Avc - ok
21:09:42.0345 2768        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:09:42.0376 2768        Beep - ok
21:09:42.0423 2768        blbdrive - ok
21:09:42.0485 2768        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:09:42.0501 2768        bowser - ok
21:09:42.0579 2768        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:09:42.0594 2768        BrFiltLo - ok
21:09:42.0672 2768        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:09:42.0704 2768        BrFiltUp - ok
21:09:42.0735 2768        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:09:42.0782 2768        Brserid - ok
21:09:42.0828 2768        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:09:42.0860 2768        BrSerWdm - ok
21:09:42.0984 2768        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:09:43.0016 2768        BrUsbMdm - ok
21:09:43.0047 2768        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:09:43.0094 2768        BrUsbSer - ok
21:09:43.0140 2768        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:09:43.0156 2768        BthEnum - ok
21:09:43.0218 2768        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:09:43.0234 2768        BTHMODEM - ok
21:09:43.0312 2768        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:09:43.0328 2768        BthPan - ok
21:09:43.0374 2768        BTHPORT        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:09:43.0406 2768        BTHPORT - ok
21:09:43.0452 2768        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:09:43.0468 2768        BTHUSB - ok
21:09:43.0530 2768        btwaudio        (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
21:09:43.0546 2768        btwaudio - ok
21:09:43.0562 2768        btwavdt        (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
21:09:43.0562 2768        btwavdt - ok
21:09:43.0608 2768        btwrchid        (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
21:09:43.0608 2768        btwrchid - ok
21:09:43.0702 2768        camdrv41        (2948ebd41fa73c5743162a5c49ebf224) C:\Windows\system32\DRIVERS\camdrv41.sys
21:09:43.0733 2768        camdrv41 - ok
21:09:43.0827 2768        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:43.0858 2768        cdfs - ok
21:09:43.0920 2768        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:43.0952 2768        cdrom - ok
21:09:43.0983 2768        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:09:44.0014 2768        circlass - ok
21:09:44.0045 2768        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:09:44.0061 2768        CLFS - ok
21:09:44.0123 2768        cmdide          (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:09:44.0139 2768        cmdide - ok
21:09:44.0186 2768        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:09:44.0186 2768        Compbatt - ok
21:09:44.0201 2768        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:09:44.0217 2768        crcdisk - ok
21:09:44.0232 2768        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:09:44.0279 2768        Crusoe - ok
21:09:44.0373 2768        CT20XUT        (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
21:09:44.0373 2768        CT20XUT - ok
21:09:44.0404 2768        CT20XUT.DLL - ok
21:09:44.0435 2768        CT20XUT.SYS    (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
21:09:44.0451 2768        CT20XUT.SYS - ok
21:09:44.0513 2768        ctac32k        (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
21:09:44.0529 2768        ctac32k - ok
21:09:44.0576 2768        ctaud2k        (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
21:09:44.0591 2768        ctaud2k - ok
21:09:44.0638 2768        CTEXFIFX        (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
21:09:44.0669 2768        CTEXFIFX - ok
21:09:44.0716 2768        CTEXFIFX.DLL - ok
21:09:44.0778 2768        CTEXFIFX.SYS    (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
21:09:44.0810 2768        CTEXFIFX.SYS - ok
21:09:44.0872 2768        CTHWIUT        (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
21:09:44.0888 2768        CTHWIUT - ok
21:09:44.0888 2768        CTHWIUT.DLL - ok
21:09:44.0903 2768        CTHWIUT.SYS    (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
21:09:44.0919 2768        CTHWIUT.SYS - ok
21:09:44.0966 2768        ctprxy2k        (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
21:09:44.0966 2768        ctprxy2k - ok
21:09:44.0997 2768        ctsfm2k        (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
21:09:44.0997 2768        ctsfm2k - ok
21:09:45.0075 2768        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:09:45.0075 2768        DfsC - ok
21:09:45.0184 2768        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:09:45.0200 2768        disk - ok
21:09:45.0278 2768        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:09:45.0293 2768        drmkaud - ok
21:09:45.0340 2768        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:45.0356 2768        DXGKrnl - ok
21:09:45.0465 2768        e1express      (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:09:45.0465 2768        e1express - ok
21:09:45.0512 2768        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:09:45.0558 2768        E1G60 - ok
21:09:45.0621 2768        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:09:45.0636 2768        Ecache - ok
21:09:45.0714 2768        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:09:45.0714 2768        elxstor - ok
21:09:45.0808 2768        emupia          (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
21:09:45.0808 2768        emupia - ok
21:09:45.0902 2768        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:09:45.0917 2768        exfat - ok
21:09:45.0948 2768        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:09:45.0964 2768        fastfat - ok
21:09:46.0042 2768        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:09:46.0089 2768        fdc - ok
21:09:46.0151 2768        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:09:46.0167 2768        FileInfo - ok
21:09:46.0182 2768        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:09:46.0214 2768        Filetrace - ok
21:09:46.0260 2768        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:46.0307 2768        flpydisk - ok
21:09:46.0370 2768        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:09:46.0385 2768        FltMgr - ok
21:09:46.0448 2768        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:46.0463 2768        Fs_Rec - ok
21:09:46.0494 2768        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:09:46.0510 2768        gagp30kx - ok
21:09:46.0572 2768        GEARAspiWDM    (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:09:46.0572 2768        GEARAspiWDM - ok
21:09:46.0635 2768        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
21:09:46.0635 2768        ggflt - ok
21:09:46.0666 2768        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
21:09:46.0666 2768        ggsemc - ok
21:09:46.0760 2768        grmnusb        (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
21:09:46.0760 2768        grmnusb - ok
21:09:46.0931 2768        GT680xNT        (0827f8a536e7e33393308eae4285e1e3) C:\Windows\system32\drivers\gt680x.sys
21:09:46.0947 2768        GT680xNT - ok
21:09:47.0072 2768        ha20x2k        (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
21:09:47.0103 2768        ha20x2k - ok
21:09:47.0165 2768        hamachi        (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
21:09:47.0181 2768        hamachi - ok
21:09:47.0243 2768        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:09:47.0259 2768        HdAudAddService - ok
21:09:47.0290 2768        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:47.0321 2768        HDAudBus - ok
21:09:47.0352 2768        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
21:09:47.0368 2768        HidBth - ok
21:09:47.0415 2768        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:09:47.0446 2768        HidIr - ok
21:09:47.0508 2768        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:47.0524 2768        HidUsb - ok
21:09:47.0540 2768        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:09:47.0555 2768        HpCISSs - ok
21:09:47.0586 2768        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:09:47.0618 2768        HTTP - ok
21:09:47.0696 2768        hwinterface    (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
21:09:47.0696 2768        hwinterface ( UnsignedFile.Multi.Generic ) - warning
21:09:47.0696 2768        hwinterface - detected UnsignedFile.Multi.Generic (1)
21:09:47.0711 2768        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:09:47.0727 2768        i2omp - ok
21:09:47.0789 2768        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:47.0820 2768        i8042prt - ok
21:09:47.0836 2768        iaStor          (bdc361489a7f22e568060fa6fb3c960e) C:\Windows\system32\drivers\iastor.sys
21:09:47.0852 2768        iaStor - ok
21:09:47.0867 2768        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:09:47.0883 2768        iaStorV - ok
21:09:47.0898 2768        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:09:47.0914 2768        iirsp - ok
21:09:47.0976 2768        IntelDH        (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
21:09:47.0992 2768        IntelDH - ok
21:09:48.0008 2768        intelide        (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:09:48.0008 2768        intelide - ok
21:09:48.0054 2768        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:48.0086 2768        intelppm - ok
21:09:48.0132 2768        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:48.0164 2768        IpFilterDriver - ok
21:09:48.0164 2768        IpInIp - ok
21:09:48.0210 2768        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:09:48.0242 2768        IPMIDRV - ok
21:09:48.0288 2768        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:48.0320 2768        IPNAT - ok
21:09:48.0351 2768        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:09:48.0382 2768        IRENUM - ok
21:09:48.0413 2768        isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:09:48.0413 2768        isapnp - ok
21:09:48.0476 2768        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:48.0491 2768        iScsiPrt - ok
21:09:48.0538 2768        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:09:48.0554 2768        iteatapi - ok
21:09:48.0616 2768        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:09:48.0616 2768        iteraid - ok
21:09:48.0647 2768        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:48.0663 2768        kbdclass - ok
21:09:48.0678 2768        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:48.0694 2768        kbdhid - ok
21:09:48.0772 2768        KL1            (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
21:09:48.0788 2768        KL1 - ok
21:09:48.0803 2768        kl2            (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
21:09:48.0819 2768        kl2 - ok
21:09:48.0866 2768        KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
21:09:48.0897 2768        KLIF - ok
21:09:48.0928 2768        KLIM6          (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
21:09:48.0928 2768        KLIM6 - ok
21:09:48.0975 2768        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
21:09:48.0975 2768        klmouflt - ok
21:09:49.0006 2768        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:09:49.0053 2768        KSecDD - ok
21:09:49.0100 2768        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:49.0131 2768        lltdio - ok
21:09:49.0178 2768        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:09:49.0178 2768        LSI_FC - ok
21:09:49.0193 2768        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:09:49.0209 2768        LSI_SAS - ok
21:09:49.0256 2768        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:09:49.0271 2768        LSI_SCSI - ok
21:09:49.0287 2768        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:09:49.0318 2768        luafv - ok
21:09:49.0427 2768        LVcKap          (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
21:09:49.0474 2768        LVcKap - ok
21:09:49.0552 2768        LVMVDrv        (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:09:49.0599 2768        LVMVDrv - ok
21:09:49.0708 2768        lvpopflt        (92990b040b68632cc3f80a742d163937) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:09:49.0739 2768        lvpopflt - ok
21:09:49.0770 2768        LVPr2Mon        (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:09:49.0786 2768        LVPr2Mon - ok
21:09:49.0833 2768        LVUSBSta        (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
21:09:49.0848 2768        LVUSBSta - ok
21:09:49.0926 2768        LVUVC          (b0dfee7da5e6d04762e25e355d94d8b5) C:\Windows\system32\DRIVERS\lvuvc.sys
21:09:50.0004 2768        LVUVC - ok
21:09:50.0098 2768        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:09:50.0114 2768        megasas - ok
21:09:50.0145 2768        MEMSWEEP2 - ok
21:09:50.0176 2768        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:09:50.0207 2768        Modem - ok
21:09:50.0254 2768        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:09:50.0285 2768        monitor - ok
21:09:50.0301 2768        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:50.0316 2768        mouclass - ok
21:09:50.0332 2768        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:50.0363 2768        mouhid - ok
21:09:50.0394 2768        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:09:50.0394 2768        MountMgr - ok
21:09:50.0472 2768        MPFP            (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
21:09:50.0472 2768        MPFP - ok
21:09:50.0504 2768        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:09:50.0504 2768        mpio - ok
21:09:50.0535 2768        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:09:50.0550 2768        mpsdrv - ok
21:09:50.0566 2768        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:09:50.0582 2768        Mraid35x - ok
21:09:50.0597 2768        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:09:50.0613 2768        MRxDAV - ok
21:09:50.0660 2768        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:50.0675 2768        mrxsmb - ok
21:09:50.0706 2768        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:50.0722 2768        mrxsmb10 - ok
21:09:50.0722 2768        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:50.0738 2768        mrxsmb20 - ok
21:09:50.0769 2768        msahci          (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:09:50.0784 2768        msahci - ok
21:09:50.0800 2768        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:09:50.0816 2768        msdsm - ok
21:09:50.0878 2768        MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
21:09:50.0894 2768        MSDV - ok
21:09:50.0940 2768        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:09:50.0972 2768        Msfs - ok
21:09:51.0018 2768        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:09:51.0034 2768        msisadrv - ok
21:09:51.0065 2768        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:51.0096 2768        MSKSSRV - ok
21:09:51.0143 2768        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:51.0159 2768        MSPCLOCK - ok
21:09:51.0174 2768        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:09:51.0206 2768        MSPQM - ok
21:09:51.0237 2768        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:09:51.0252 2768        MsRPC - ok
21:09:51.0299 2768        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:51.0299 2768        mssmbios - ok
21:09:51.0362 2768        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:09:51.0377 2768        MSTEE - ok
21:09:51.0408 2768        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:09:51.0424 2768        Mup - ok
21:09:51.0502 2768        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:51.0518 2768        NativeWifiP - ok
21:09:51.0596 2768        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:09:51.0611 2768        NDIS - ok
21:09:51.0658 2768        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:51.0674 2768        NdisTapi - ok
21:09:51.0720 2768        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:51.0752 2768        Ndisuio - ok
21:09:51.0783 2768        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:51.0798 2768        NdisWan - ok
21:09:51.0830 2768        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:09:51.0845 2768        NDProxy - ok
21:09:51.0892 2768        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:09:51.0908 2768        NetBIOS - ok
21:09:51.0954 2768        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:09:51.0986 2768        netbt - ok
21:09:52.0079 2768        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:09:52.0095 2768        nfrd960 - ok
21:09:52.0126 2768        nmsunidr        (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
21:09:52.0126 2768        nmsunidr - ok
21:09:52.0157 2768        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:09:52.0173 2768        Npfs - ok
21:09:52.0204 2768        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:09:52.0220 2768        nsiproxy - ok
21:09:52.0251 2768        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:09:52.0329 2768        Ntfs - ok
21:09:52.0360 2768        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:09:52.0407 2768        ntrigdigi - ok
21:09:52.0422 2768        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:09:52.0454 2768        Null - ok
21:09:52.0500 2768        NVHDA          (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
21:09:52.0516 2768        NVHDA - ok
21:09:52.0812 2768        nvlddmkm        (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:53.0062 2768        nvlddmkm - ok
21:09:53.0109 2768        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:09:53.0124 2768        nvraid - ok
21:09:53.0140 2768        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:09:53.0156 2768        nvstor - ok
21:09:53.0171 2768        nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:09:53.0187 2768        nv_agp - ok
21:09:53.0202 2768        NwlnkFlt - ok
21:09:53.0202 2768        NwlnkFwd - ok
21:09:53.0280 2768        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:09:53.0296 2768        ohci1394 - ok
21:09:53.0358 2768        ossrv          (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
21:09:53.0374 2768        ossrv - ok
21:09:53.0421 2768        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:09:53.0452 2768        Parport - ok
21:09:53.0483 2768        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:09:53.0499 2768        partmgr - ok
21:09:53.0530 2768        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:09:53.0577 2768        Parvdm - ok
21:09:53.0608 2768        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:09:53.0624 2768        pci - ok
21:09:53.0639 2768        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:09:53.0655 2768        pciide - ok
21:09:53.0686 2768        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:09:53.0686 2768        pcmcia - ok
21:09:53.0780 2768        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:09:53.0826 2768        PEAUTH - ok
21:09:53.0904 2768        pmxmouse        (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
21:09:53.0920 2768        pmxmouse - ok
21:09:53.0951 2768        pmxusblf        (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
21:09:53.0967 2768        pmxusblf - ok
21:09:54.0045 2768        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:54.0076 2768        PptpMiniport - ok
21:09:54.0107 2768        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:09:54.0138 2768        Processor - ok
21:09:54.0216 2768        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:09:54.0248 2768        PSched - ok
21:09:54.0279 2768        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:09:54.0294 2768        PxHelp20 - ok
21:09:54.0372 2768        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:09:54.0388 2768        ql2300 - ok
21:09:54.0435 2768        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:09:54.0450 2768        ql40xx - ok
21:09:54.0513 2768        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:09:54.0528 2768        QWAVEdrv - ok
21:09:54.0591 2768        R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:54.0669 2768        R300 - ok
21:09:54.0716 2768        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:54.0747 2768        RasAcd - ok
21:09:54.0778 2768        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:54.0794 2768        Rasl2tp - ok
21:09:54.0825 2768        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:54.0840 2768        RasPppoe - ok
21:09:54.0887 2768        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:54.0903 2768        RasSstp - ok
21:09:54.0934 2768        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:54.0950 2768        rdbss - ok
21:09:54.0996 2768        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:55.0028 2768        RDPCDD - ok
21:09:55.0090 2768        rdpdr          (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:09:55.0106 2768        rdpdr - ok
21:09:55.0121 2768        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:09:55.0152 2768        RDPENCDD - ok
21:09:55.0215 2768        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:09:55.0246 2768        RDPWD - ok
21:09:55.0293 2768        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:09:55.0308 2768        RFCOMM - ok
21:09:55.0340 2768        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:55.0371 2768        rspndr - ok
21:09:55.0418 2768        s117bus        (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
21:09:55.0433 2768        s117bus - ok
21:09:55.0449 2768        s117mdfl        (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
21:09:55.0464 2768        s117mdfl - ok
21:09:55.0480 2768        s117mdm        (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
21:09:55.0496 2768        s117mdm - ok
21:09:55.0527 2768        s117mgmt        (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
21:09:55.0527 2768        s117mgmt - ok
21:09:55.0542 2768        s117nd5        (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
21:09:55.0558 2768        s117nd5 - ok
21:09:55.0589 2768        s117obex        (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
21:09:55.0605 2768        s117obex - ok
21:09:55.0636 2768        s117unic        (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
21:09:55.0636 2768        s117unic - ok
21:09:55.0761 2768        SANDRA          (1644ad672da94378b5564fbac4c7ce28) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys
21:09:55.0776 2768        SANDRA - ok
21:09:55.0808 2768        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:09:55.0823 2768        sbp2port - ok
21:09:55.0854 2768        SDDMI2 - ok
21:09:55.0901 2768        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:09:55.0932 2768        secdrv - ok
21:09:56.0010 2768        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
21:09:56.0026 2768        seehcri - ok
21:09:56.0073 2768        Ser2pl          (6cd8dc61304bf5ca16fe48dc3039cc05) C:\Windows\system32\DRIVERS\ser2pl.sys
21:09:56.0088 2768        Ser2pl - ok
21:09:56.0104 2768        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
21:09:56.0151 2768        Serenum - ok
21:09:56.0182 2768        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:09:56.0229 2768        Serial - ok
21:09:56.0260 2768        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:09:56.0291 2768        sermouse - ok
21:09:56.0322 2768        sffdisk        (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:09:56.0322 2768        sffdisk - ok
21:09:56.0338 2768        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:56.0354 2768        sffp_mmc - ok
21:09:56.0369 2768        sffp_sd        (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:09:56.0385 2768        sffp_sd - ok
21:09:56.0400 2768        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:09:56.0447 2768        sfloppy - ok
21:09:56.0463 2768        sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:09:56.0478 2768        sisagp - ok
21:09:56.0494 2768        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:09:56.0510 2768        SiSRaid2 - ok
21:09:56.0525 2768        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:09:56.0541 2768        SiSRaid4 - ok
21:09:56.0572 2768        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:09:56.0588 2768        Smb - ok
21:09:56.0650 2768        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:09:56.0666 2768        spldr - ok
21:09:56.0728 2768        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:09:56.0744 2768        srv - ok
21:09:56.0775 2768        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:09:56.0790 2768        srv2 - ok
21:09:56.0853 2768        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:56.0853 2768        srvnet - ok
21:09:56.0884 2768        SSHDRV84        (cfc9b1ca57b41323a721d5f01fb2f899) C:\Windows\system32\drivers\SSHDRV84.sys
21:09:56.0900 2768        SSHDRV84 ( UnsignedFile.Multi.Generic ) - warning
21:09:56.0900 2768        SSHDRV84 - detected UnsignedFile.Multi.Generic (1)
21:09:56.0931 2768        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:09:56.0946 2768        swenum - ok
21:09:57.0024 2768        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:09:57.0040 2768        Symc8xx - ok
21:09:57.0102 2768        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:09:57.0102 2768        Sym_hi - ok
21:09:57.0134 2768        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:09:57.0149 2768        Sym_u3 - ok
21:09:57.0227 2768        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:09:57.0258 2768        Tcpip - ok
21:09:57.0305 2768        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:57.0336 2768        Tcpip6 - ok
21:09:57.0383 2768        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:09:57.0399 2768        tcpipreg - ok
21:09:57.0461 2768        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:09:57.0477 2768        TDPIPE - ok
21:09:57.0492 2768        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:09:57.0524 2768        TDTCP - ok
21:09:57.0555 2768        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:09:57.0570 2768        tdx - ok
21:09:57.0602 2768        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:09:57.0617 2768        TermDD - ok
21:09:57.0648 2768        TridVid        (edb4065c757df24db891e3d0b66c2b72) C:\Windows\system32\DRIVERS\TridVid.sys
21:09:57.0664 2768        TridVid ( UnsignedFile.Multi.Generic ) - warning
21:09:57.0664 2768        TridVid - detected UnsignedFile.Multi.Generic (1)
21:09:57.0773 2768        TSHWMDTCP      (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
21:09:57.0773 2768        TSHWMDTCP - ok
21:09:57.0820 2768        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:57.0836 2768        tssecsrv - ok
21:09:57.0929 2768        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:09:57.0945 2768        tunmp - ok
21:09:57.0960 2768        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:57.0976 2768        tunnel - ok
21:09:58.0007 2768        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:09:58.0023 2768        uagp35 - ok
21:09:58.0054 2768        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:09:58.0070 2768        udfs - ok
21:09:58.0101 2768        uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:09:58.0116 2768        uliagpkx - ok
21:09:58.0132 2768        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:09:58.0148 2768        uliahci - ok
21:09:58.0163 2768        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:09:58.0179 2768        UlSata - ok
21:09:58.0194 2768        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:09:58.0194 2768        ulsata2 - ok
21:09:58.0226 2768        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:09:58.0241 2768        umbus - ok
21:09:58.0319 2768        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:09:58.0335 2768        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
21:09:58.0335 2768        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
21:09:58.0366 2768        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:09:58.0397 2768        usbaudio - ok
21:09:58.0460 2768        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:58.0475 2768        usbccgp - ok
21:09:58.0506 2768        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:09:58.0553 2768        usbcir - ok
21:09:58.0569 2768        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:58.0600 2768        usbehci - ok
21:09:58.0631 2768        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:58.0647 2768        usbhub - ok
21:09:58.0662 2768        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:09:58.0709 2768        usbohci - ok
21:09:58.0725 2768        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:58.0756 2768        usbprint - ok
21:09:58.0803 2768        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:58.0834 2768        USBSTOR - ok
21:09:58.0850 2768        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:58.0881 2768        usbuhci - ok
21:09:58.0928 2768        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:58.0959 2768        vga - ok
21:09:58.0990 2768        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:09:59.0021 2768        VgaSave - ok
21:09:59.0052 2768        viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:09:59.0052 2768        viaagp - ok
21:09:59.0068 2768        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:09:59.0115 2768        ViaC7 - ok
21:09:59.0130 2768        viaide          (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:09:59.0146 2768        viaide - ok
21:09:59.0177 2768        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:09:59.0177 2768        volmgr - ok
21:09:59.0208 2768        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:09:59.0224 2768        volmgrx - ok
21:09:59.0286 2768        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:09:59.0302 2768        volsnap - ok
21:09:59.0318 2768        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:09:59.0333 2768        vsmraid - ok
21:09:59.0364 2768        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:09:59.0396 2768        WacomPen - ok
21:09:59.0427 2768        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:59.0458 2768        Wanarp - ok
21:09:59.0458 2768        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:59.0474 2768        Wanarpv6 - ok
21:09:59.0505 2768        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:09:59.0505 2768        Wd - ok
21:09:59.0567 2768        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:09:59.0583 2768        Wdf01000 - ok
21:09:59.0661 2768        WinUsb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
21:09:59.0692 2768        WinUsb - ok
21:09:59.0708 2768        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:09:59.0754 2768        WmiAcpi - ok
21:09:59.0832 2768        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:09:59.0848 2768        WpdUsb - ok
21:09:59.0895 2768        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:59.0926 2768        ws2ifsl - ok
21:09:59.0973 2768        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:59.0988 2768        WUDFRd - ok
21:10:00.0004 2768        yeddef - ok
21:10:00.0035 2768        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:10:00.0207 2768        \Device\Harddisk0\DR0 - ok
21:10:00.0222 2768        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5
21:10:00.0300 2768        \Device\Harddisk5\DR5 - ok
21:10:00.0316 2768        Boot (0x1200)  (6d5a8c089733f2a0fa98493040fc0442) \Device\Harddisk0\DR0\Partition0
21:10:00.0332 2768        \Device\Harddisk0\DR0\Partition0 - ok
21:10:00.0332 2768        Boot (0x1200)  (e98b6bbb6c07439fb11e84f7dfb7ca78) \Device\Harddisk0\DR0\Partition1
21:10:00.0332 2768        \Device\Harddisk0\DR0\Partition1 - ok
21:10:00.0332 2768        Boot (0x1200)  (e1ead77bc452b15aca06b232ee72d747) \Device\Harddisk5\DR5\Partition0
21:10:00.0332 2768        \Device\Harddisk5\DR5\Partition0 - ok
21:10:00.0332 2768        ============================================================
21:10:00.0332 2768        Scan finished
21:10:00.0332 2768        ============================================================
21:10:00.0347 3412        Detected object count: 4
21:10:00.0347 3412        Actual detected object count: 4
21:10:09.0192 3412        hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412        hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412        SSHDRV84 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412        SSHDRV84 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412        TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412        TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Sebastian

cosinus 06.02.2012 21:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sly 06.02.2012 21:12
Sorry, hatte noch das OTL-Log im Zwischenspeicher,

habe den Beitrag editiert und du findest jetzt das TDSS-Log, wie gewünscht

LG Sebastian

sly 06.02.2012 21:44
hier nun das Log von Combofix

Code:
ComboFix 12-02-06.02 - Basti 06.02.2012  21:21:54.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3325.1895 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml92B0.tmp
c:\programdata\xml989A.tmp
c:\programdata\xml99A4.tmp
c:\programdata\xmlC70.tmp
c:\programdata\xmlCEE.tmp
c:\programdata\xmlF7B7.tmp
c:\users\Basti\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-06 bis 2012-02-06  ))))))))))))))))))))))))))))))
.
.
2012-02-06 20:33 . 2012-02-06 20:33        --------        d-----w-        c:\users\Basti\AppData\Local\temp
2012-02-06 19:14 . 2012-02-06 19:14        --------        d-----w-        C:\_OTL
2012-02-06 08:47 . 2012-02-06 08:47        --------        d-----w-        c:\program files\ESET
2012-02-04 16:05 . 2012-02-04 16:06        --------        d-----w-        c:\program files\Security Task Manager
2012-02-03 09:36 . 2012-01-17 03:39        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D92D1DDF-AFA7-4634-97CE-968493AD6D04}\mpengine.dll
2012-02-02 16:11 . 2012-02-02 16:11        --------        d-----w-        c:\program files\Apple Software Update
2012-02-02 13:35 . 2012-02-02 13:59        97961        ----a-w-        c:\windows\system32\drivers\klick.dat
2012-02-02 13:35 . 2012-02-02 13:59        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2012-02-02 13:35 . 2011-04-24 22:13        110992        ----a-w-        c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-02-02 13:35 . 2011-04-24 22:13        147856        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-02 13:32 . 2012-02-06 20:12        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-02-02 13:32 . 2012-02-02 13:32        --------        d-----w-        c:\program files\Kaspersky Lab
2012-02-01 10:24 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-02-01 10:24 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-02-01 10:24 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll
2012-02-01 10:24 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-02-01 10:24 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-02-01 10:24 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-01-24 20:49 . 2012-01-24 09:44        133208        ----a-w-        c:\windows\system32\drivers\54381946.sys
2012-01-24 20:14 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-24 20:09 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-24 20:09 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-24 20:09 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-24 20:09 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-24 20:09 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-24 20:09 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-24 20:09 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-24 20:09 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-24 18:23 . 2012-01-24 18:23        --------        d-----w-        c:\program files\Lavasoft
2012-01-21 04:41 . 2012-01-21 04:41        --------        d-----w-        c:\users\Basti\AppData\Roaming\Malwarebytes
2012-01-21 04:41 . 2012-01-21 04:41        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-21 04:41 . 2012-01-31 14:34        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-03 06:48        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-24 14:02 . 2011-05-27 17:40        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-14 18:47        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-10 04:54 . 2010-04-29 19:43        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-31 18:22 . 2012-01-24 20:06        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 19982472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-08-05 220552]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft OfficeNew\Office14\ONENOTEM.EXE [2011-9-2 227712]
PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-9-16 1666048]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-8-18 2068832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Community Agent]
2001-01-31 14:32        241664        ----a-w-        c:\program files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03        17920        ----a-w-        c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03        916240        ----a-w-        c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06        2027792        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01        220552        ----a-w-        c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1110373458-1285038473-1068350359-1001]
"EnableNotificationsRef"=dword:00000001
.
S0 54381946;54381946;c:\windows\system32\DRIVERS\54381946.sys [2012-01-24 133208]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2011-09-16 108768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42174787
*NewlyCreated* - 92871784
*Deregistered* - 42174787
*Deregistered* - 92871784
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 06:51]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 06:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MI61B6~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI61B6~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.heute.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-BLUDRUME - c:\program files\BLUDRUME\uninstall.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-06 21:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C77.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-06  21:38:31
ComboFix-quarantined-files.txt  2012-02-06 20:38
.
Vor Suchlauf: 20 Verzeichnis(se), 248.034.656.256 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 247.936.229.376 Bytes frei
.
- - End Of File - - 875FF4ADF5DA222D2425DA8E1249BE4B
sonst keine bisher aufgefallenen Probleme

Gruß Sebastian

cosinus 06.02.2012 21:55
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

sly 07.02.2012 12:36
Hallo,

der Scan mit Avast wurde wegen eines Fehlers abgebrochen. Soll ich den nochmal wiederholen?

Hier ein Bild der Fehlermeldung:
http://www.slyspace.de/avast.jpg

die Scans mit GMER und OSAM habe ich durchgeführt, anbei die Logs:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:33:12 on 07.02.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - C:\Program Files\Sonic\CinePlayer Decoder Pack\cmdvdpak.cpl
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV08.sys
"catchme" (catchme) - ? - C:\Users\Basti\AppData\Local\Temp\catchme.sys  (File not found)
"CT20XUT.DLL" (CT20XUT.DLL) - ? - C:\Windows\System32\CT20XUT.DLL  (File not found)
"CTEXFIFX.DLL" (CTEXFIFX.DLL) - ? - C:\Windows\System32\CTEXFIFX.DLL  (File not found)
"CTHWIUT.DLL" (CTHWIUT.DLL) - ? - C:\Windows\System32\CTHWIUT.DLL  (File not found)
"fxlirpoc" (fxlirpoc) - ? - C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"hwinterface" (hwinterface) - "Logix4u" - C:\Windows\System32\Drivers\hwinterface.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Logitech LVPr2Mon Driver" (LVPr2Mon) - "Logitech Inc." - C:\Windows\System32\DRIVERS\LVPr2Mon.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\3C77.tmp  (File not found)
"Philips SPC 900NC PC Camera" (camdrv41) - ? - C:\Windows\System32\DRIVERS\camdrv41.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys
"SDDMI2" (SDDMI2) - ? - C:\Windows\system32\DDMI2.sys  (File not found)
"SSHDRV84" (SSHDRV84) - ? - C:\Windows\system32\drivers\SSHDRV84.sys
"Trident Analog Video" (TridVid) - "Trident Multimedia Technologies Co.,Ltd" - C:\Windows\System32\DRIVERS\TridVid.sys
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"YEDDEF driver" (yeddef) - ? - C:\Windows\System32\Drivers\yeddef.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{FE8D01BF-610A-4261-9C6E-32D65A42C907} "ZipGenius DnD Extract handler" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
{310A0C95-EA11-42AE-A8E4-53E69E650310} "ZipGenius Drag and Drop handler" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} "ZipGenius Shell Extension" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\contmenu.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{04F93351-81D2-4484-9982-0D55DEFFFAE6} "Launch Cooliris" - "Cooliris Inc." - C:\Program Files\PicLensIE\cooliris.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} "{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}" - "Cooliris Inc." - C:\Program Files\PicLensIE\cooliris.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PopTray.lnk" - "Renier Crause" - C:\Program Files\PopTray\PopTray.exe  (Shortcut exists | File exists)
"Trillian.lnk" - "Cerulean Studios" - C:\Program Files\Trillian\trillian.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
"Garmin Lifetime Updater" - "Garmin" - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Reader Library Launcher" - "Sony Corporation" - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VolPanel" - "Creative Technology Ltd" - "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe
"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate1c9bd96adc49da3)" (gupdate1c9bd96adc49da3) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
"Sony SCSI Helper Service" (Sony SCSI Helper Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)
"TeamViewer 3" (TeamViewer) - "TeamViewer GmbH" - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-07 11:23:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750640AS rev.3.ADG
Running: dims4kt3.exe; Driver: C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys


---- System - GMER 1.0.15 ----

SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAdjustPrivilegesToken [0x99E3928A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcConnectPort [0x99E53342]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcCreatePort [0x99E53678]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcSendWaitReceivePort [0x99E539EE]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwClose [0x99E39D04]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwConnectPort [0x99E5302A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateEvent [0x99E3A276]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateMutant [0x99E3A164]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreatePort [0x99E534E8]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSection [0x99E39046]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSemaphore [0x99E3A38E]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThread [0x99E398BA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateWaitablePort [0x99E535B0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDebugActiveProcess [0x99E3A74E]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDeviceIoControlFile [0x99E39D46]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDuplicateObject [0x99E3B750]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwLoadDriver [0x99E3A840]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwMapViewOfSection [0x99E3ADAC]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwNotifyChangeKey [0x99E51840]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenEvent [0x99E3A308]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenMutant [0x99E3A1F0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenProcess [0x99E394C4]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSection [0x99E3AB90]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSemaphore [0x99E3A420]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenThread [0x99E393B8]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryDirectoryObject [0x99E3A55C]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryObject [0x99E51A38]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQuerySection [0x99E3B0D2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueueApcThread [0x99E3A9E0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyPort [0x99E537DC]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyWaitReceivePort [0x99E5372A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwRequestWaitReplyPort [0x99E53848]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwResumeThread [0x99E3B5F2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSecureConnectPort [0x99E531B2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetContextThread [0x99E39BA4]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetInformationToken [0x99E3A5FA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetSystemInformation [0x99E3B222]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendProcess [0x99E3B316]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendThread [0x99E3B450]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSystemDebugControl [0x99E3A670]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateProcess [0x99E39664]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateThread [0x99E395BA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwUnmapViewOfSection [0x99E3AF8A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwWriteVirtualMemory [0x99E39750]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThreadEx [0x99E39A2A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateUserProcess [0x99E3A4A6]

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 119                                                                                  862AF89C 4 Bytes  [8A, 92, E3, 99]
.text    ntkrnlpa.exe!KeSetEvent + 13D                                                                                  862AF8C0 8 Bytes  [42, 33, E5, 99, 78, 36, E5, ...] {INC EDX; XOR ESP, EBP; CDQ ; JS 0x3c; IN EAX, 0x99}
.text    ntkrnlpa.exe!KeSetEvent + 181                                                                                  862AF904 4 Bytes  [EE, 39, E5, 99] {OUT DX, AL ; CMP EBP, ESP; CDQ }
.text    ntkrnlpa.exe!KeSetEvent + 1A9                                                                                  862AF92C 4 Bytes  [04, 9D, E3, 99] {ADD AL, 0x9d; JECXZ 0xffffffffffffff9d}
.text    ntkrnlpa.exe!KeSetEvent + 1C1                                                                                  862AF944 4 Bytes  [2A, 30, E5, 99] {SUB DH, [EAX]; IN EAX, 0x99}
.text    ...                                                                                                           
.text    C:\Windows\system32\drivers\SSHDRV84.sys                                                                        section is writeable [0x99E9F000, 0x233D4, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\SSHDRV84.sys                                                                        entry point in ".pklstb" section [0x99ED1000]
.relo2  C:\Windows\system32\drivers\SSHDRV84.sys                                                                        unknown last section [0x99EE7000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV08.sys                                                                        section is writeable [0x9C39B000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV08.sys                                                                        entry point in ".pklstb" section [0x9C3DF000]
.relo2  C:\Windows\system32\drivers\ACEDRV08.sys                                                                        unknown last section [0x9C3FB000, 0x8E, 0x42000040]
PAGE    spsys.sys!?SPVersion@@3PADA + 1ABF                                                                              9BF8E03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9BF8E0AF 1 Byte  [16]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9BF8E0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB0                                                                              9BF8E130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB7                                                                              9BF8E137 229 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE    ...                                                                                                           

---- User code sections - GMER 1.0.15 ----

?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] C:\Windows\system32\ntdll.dll    time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] ntdll.dll!NtProtectVirtualMemory  77544BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] C:\Windows\system32\kernel32.dll  time/date stamp mismatch;
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] USER32.dll!SetScrollInfo + 7A8    76587980 4 Bytes  [E0, 13, 54, 67]
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] C:\Windows\system32\ntdll.dll    time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] ntdll.dll!NtProtectVirtualMemory  77544BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] C:\Windows\system32\kernel32.dll  time/date stamp mismatch;
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] USER32.dll!SetScrollInfo + 7A8    76587980 4 Bytes  [E0, 13, 54, 67]
.text    C:\Program Files\Mozilla Thunderbird\thunderbird.exe[6052] ntdll.dll!LdrLoadDll                                77509378 5 Bytes  JMP 003C12F7 C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                        0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                        0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                            0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                            0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32                             
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@Class                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL

---- EOF - GMER 1.0.15 ----

GMER hat an die 13h oder sowas benötigt


Gruß Sebastian

cosinus 07.02.2012 12:41
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sly 07.02.2012 21:06
Hallo hab erstmal SuperAntispyware fertig mit mehreren Funden nach über 7 Stunden. Malewarebytes lass ich jetzt noch laufen!

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/07/2012 at 08:58 PM

Application Version : 5.0.1144

Core Rules Database Version : 8208
Trace Rules Database Version: 6020

Scan type      : Complete Scan
Total Scan Time : 07:29:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 775
Memory threats detected  : 0
Registry items scanned    : 39075
Registry threats detected : 0
File items scanned        : 523340
File threats detected    : 21

Unclassified.Unknown Origin
        F:\BACKUP\DOCUMENTS\VERSION CUE\KEYGEN.NFO
        F:\SICHERUNG\DOCUMENTS\VERSION CUE\KEYGEN.NFO
        C:\USERS\BASTI\DOCUMENTS\VERSION CUE\KEYGEN.NFO

Trojan.Agent/Gen-SoftonicDownloader
        ZIP ARCHIVE( F:\THINK-PAED\BACKUP SET 2011-10-23 151743\BACKUP FILES 2011-10-23 151743\BACKUP FILES 16.ZIP )/C\USERS\SEBASTIAN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_ZIPGENIUS.EXE
        F:\THINK-PAED\BACKUP SET 2011-10-23 151743\BACKUP FILES 2011-10-23 151743\BACKUP FILES 16.ZIP

Adware.Tracking Cookie
        .kaspersky.122.2o7.net [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        secure.wikimedia.org [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        secure.wikimedia.org [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FakeSmoke
        C:\WINDOWS\SYSTEM32\ACCESOR.DLL

Trojan.Agent/Gen-Weirdon
        C:\WINDOWS\SYSTEM32\MFC45.DLL
Gruß Sebastian

sly 07.02.2012 21:12
P.S.: die habe ich jetzt in die Quarantäne geschoben ABER NICHT GELÖSCHT, ich hoffe das war richtig?

Gruß Sebastian

sly 07.02.2012 21:26
Hmm,


irgendwie hat der jetzt doch einiges gelöscht,
in der Quarantäne befinden sich nur noch die Dateien:

3x Keygen.NFO

1x GenFakeSmoke (Accessor.dll)

1x Gen Weirdon (MFC45.dll)

alle anderen scheinen doch gelöscht nach dem Neustart,
lass jetzt noch Malwarebytes laufen und meld mich wenn das fertig ist.

LG Sebastian

cosinus 07.02.2012 22:15
Zitat:
3x Keygen.NFO
Illegale Software kann sehr zerstörerisch sein.:pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

sly 07.02.2012 22:26
Ich kann mich nicht erinnern illegale Software genutzt zu haben???

Aber ich denke da versteht ihr wohl keinen Spass allen Beteuerungen zum Trotz.
Zitat:
Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.
Also bleibt mir jetzt die zu löschen und das System neu aufzusetzen ???

Gruß Sebastian

cosinus 07.02.2012 22:33
Du kannst dich nicht erinnern, aber deine Festplatte! :D

=> C:\USERS\BASTI\DOCUMENTS\VERSION CUE\KEYGEN.NFO

sly 07.02.2012 22:39
Ja, ich find das in der Tat gar nicht lustig ... aber ich versteh euch da natürlich ...

LG Sebastian


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132