Wie Rootkit.Bubnix entfernen?

#16 Hier ist das OTL Fix Log:

All processes killed
========== FILES ==========
c:\users\Chris\AppData\Roaming\Zyaxer folder moved successfully.
c:\users\Chris\AppData\Roaming\Yqguqo folder moved successfully.
File\Folder c:\users\Chris\AppData\Roaming\Quzi not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 768983 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50835673 bytes
->Flash cache emptied: 713 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112161 bytes
->Java cache emptied: 31537258 bytes
->FireFox cache emptied: 3255680 bytes
->Flash cache emptied: 4509 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Peter
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07222010_220617

Files\Folders moved on Reboot...
C:\Windows\temp\ACPTrace\Thu Jul 22 21.52.10 2010 7979.log moved successfully.

Registry entries deleted on Reboot...

#17 Der Gmer Scan funktionierte nicht. Nach ca 2 Minuten stoppte der Scan an der Stelle: "/Device/HarddiskVolumeShadowCopy1" und es öffnete sich ein Fenster mit der Nachricht: "Gmer funktioniert nicht mehr". Als ich das Programm anschließend erneut öffnen wollte, wurde der Bildschirm kurz blau, bevor der Computer neu startete.
Nach dem Neustart startete ich das Programm und den Scan erneut. Der Scan stoppte an der gleichen Stelle und das Fenster: "Gmer funktionierte nicht mehr" erschien.

#18 Ist wahrscheinlich Emulationssoftware, die da dazwischen funkt.

1. Lasse bitte erneut Malwarebytes laufen, Aktualisierung nicht vergessen.

2. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt)

#19 Malwarebytes hat keine infizierten Objekte gefunden.

ActiveScan hat 5 Bedrohungen (Cookies) und eine verdächtige Datei (Webcan Datei) gefunden. Habe bei der verdächtigen Datei erstamal nichts unternommen (nicht auf "An das Labor senden" oder "Desinfektionsempfehlung" geklickt.

Hier die Panda ActiveScan Textdatei:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-07-23 13:48:51
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@tradedoubler[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chris\appdata\roaming\microsoft\windows\cookies\chris@bs.serving-sys[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\philips\camsuite\1.0.9.0\acpgui.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Hier das OTL.txt Log:

OTL logfile created on: 23.07.2010 13:51:47 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Program Files\oldtimer
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 64,56 Gb Free Space | 27,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe
PRC - [2010.07.21 22:54:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.28 22:48:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.02 00:53:16 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.03.02 00:53:16 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.13 19:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_timer.exe
PRC - [2009.05.13 19:33:22 | 000,098,304 | ---- | M] (phonostar) -- C:\Program Files\phonostar\ps_agent.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe
PRC - [2008.06.11 13:28:24 | 000,815,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll
PRC - [2008.02.22 15:30:04 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc1030.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.11.23 08:23:02 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.07.22 17:22:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Program Files\oldtimer\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.22 16:29:53 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.02 00:53:16 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.02 17:03:50 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.06.11 13:28:54 | 000,741,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe -- (ACPService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 23:53:44 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009.01.02 16:48:09 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.06.15 19:44:34 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.11 18:37:10 | 003,035,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spc1030.sys -- (SPC1030) USB2.0 PC Camera (SPC1030)
DRV - [2008.05.07 11:40:00 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2008.05.03 05:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.27 14:07:38 | 002,022,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.17 17:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.22 16:58:10 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.22 16:58:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.22 16:58:10 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://de.yahoo.com/"
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 22:54:24 | 000,000,000 | ---D | M]

[2008.06.22 00:12:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.07.22 18:09:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions
[2010.04.28 17:20:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.28 17:20:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.04.28 17:20:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.04.17 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\firegestures@xuldev.org
[2009.04.05 19:42:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\mjyvyxiq.default\extensions\moveplayer@movenetworks.com
[2010.07.22 18:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.05.03 22:50:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.12 18:06:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 18:06:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.12 18:06:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.12 18:06:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.12 18:06:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.22 20:47:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1030] C:\Windows\vspc1030.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe (phonostar)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fh-bochum.de ([std-info] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\wallpaper\Placebo\placebo54.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010.07.23 13:39:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.07.23 13:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010.07.23 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\activescan
[2010.07.22 20:50:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.07.22 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2010.07.22 20:30:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.22 20:30:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.22 20:30:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.22 20:29:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.22 20:26:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.07.22 20:26:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.22 20:25:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.22 18:21:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.22 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\oldtimer
[2010.07.22 15:28:06 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.07.22 15:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\avenger
[2010.07.22 14:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\rootrepeal
[2010.07.22 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird-Dateien
[2010.07.22 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Gmer
[2010.07.22 10:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010.07.22 00:16:29 | 000,665,072 | ---- | C] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe
[2010.07.21 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.07.21 23:29:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 23:29:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.21 23:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 23:27:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe
[2010.07.20 13:44:23 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2010.07.01 22:31:56 | 006,164,800 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe
[2010.06.29 00:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.29 00:01:04 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2010.06.27 17:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.27 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.27 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.14 12:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.14 12:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.05.31 17:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\mpDRM
[2010.05.31 17:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mpDRM
[2010.05.31 17:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\fluxDVD
[2010.05.31 17:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\fluxDVD
[2010.05.31 17:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Videoload Manager
[2010.05.06 15:54:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2009.05.18 15:12:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1030.dll

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010.07.23 13:51:41 | 003,932,160 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.07.23 13:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job
[2010.07.23 13:28:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.23 13:25:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.23 13:25:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 13:25:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 13:25:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.23 13:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 13:25:05 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 00:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.07.23 00:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.07.23 00:49:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.23 00:48:57 | 002,471,592 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.07.23 00:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.22 22:22:00 | 262,870,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.22 21:59:11 | 000,087,608 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2010.07.22 21:59:11 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2010.07.22 21:59:11 | 000,007,887 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2010.07.22 21:59:11 | 000,001,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2010.07.22 20:47:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.07.22 20:47:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.22 20:21:26 | 003,741,082 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.07.22 14:09:09 | 000,066,421 | ---- | M] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm
[2010.07.22 10:51:24 | 000,001,956 | ---- | M] () -- C:\Users\Chris\Desktop\HJT.lnk
[2010.07.22 00:16:32 | 000,665,072 | ---- | M] (Crawler Inc. ) -- C:\Program Files\SpywareTerminatorSetup272.exe
[2010.07.21 23:29:39 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 23:27:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam146-setup.exe
[2010.07.21 19:42:28 | 000,225,280 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 23:35:18 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.12 23:53:33 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.10 15:08:49 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.10 15:08:49 | 000,616,010 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.10 15:08:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.10 15:08:49 | 000,122,110 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.10 15:08:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.09 16:12:22 | 000,001,394 | ---- | M] () -- C:\Users\Chris\Desktop\DivX Movies.lnk
[2010.07.09 16:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.01 22:33:16 | 000,000,914 | ---- | M] () -- C:\Users\Chris\Desktop\Free FLV Converter.lnk
[2010.07.01 22:31:59 | 006,164,800 | ---- | M] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe
[2010.06.30 17:57:28 | 000,059,862 | ---- | M] () -- C:\Program Files\huggiesjeans.jpg
[2010.06.29 00:02:47 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2010.06.28 22:50:09 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.28 22:48:57 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.06.15 17:12:33 | 000,053,476 | ---- | M] () -- C:\Users\Chris\Documents\Aprikosensorbet.pdf
[2010.06.15 17:11:52 | 000,054,458 | ---- | M] () -- C:\Users\Chris\Documents\Pfannenbrot.pdf
[2010.06.15 17:09:11 | 000,042,472 | ---- | M] () -- C:\Users\Chris\Documents\Schokokuechlein.pdf
[2010.06.15 13:29:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.14 12:42:59 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.06.08 11:30:38 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe
[2010.06.08 00:21:50 | 000,075,776 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.06.08 00:19:15 | 000,053,573 | ---- | M] () -- C:\Users\Chris\Documents\SalatButtermilchdressing.pdf
[2010.06.08 00:15:56 | 000,039,939 | ---- | M] () -- C:\Users\Chris\Documents\Spaghetti_Tomatensauce_Fleischbaellchen.pdf
[2010.06.08 00:14:48 | 000,041,349 | ---- | M] () -- C:\Users\Chris\Documents\Hack_Calzone.pdf
[2010.06.08 00:12:27 | 000,043,651 | ---- | M] () -- C:\Users\Chris\Documents\Serviettenknoedel.pdf
[2010.06.08 00:09:44 | 000,042,942 | ---- | M] () -- C:\Users\Chris\Documents\Kartoffelgratin.pdf
[2010.06.08 00:06:18 | 000,037,362 | ---- | M] () -- C:\Users\Chris\Documents\Apfelmus.pdf
[2010.06.08 00:04:57 | 000,042,590 | ---- | M] () -- C:\Users\Chris\Documents\CremeBrulee.pdf
[2010.06.08 00:04:27 | 000,040,100 | ---- | M] () -- C:\Users\Chris\Documents\Ziegenfrischkaese_Mousse.pdf
[2010.06.08 00:00:40 | 000,043,554 | ---- | M] () -- C:\Users\Chris\Documents\Ofenschlupfer.pdf
[2010.06.07 23:59:49 | 000,043,798 | ---- | M] () -- C:\Users\Chris\Documents\RicottaKaesekuchen.pdf
[2010.06.04 17:01:12 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.06.03 00:38:45 | 000,293,106 | ---- | M] () -- C:\Users\Chris\.recently-used.xbel
[2010.05.22 13:04:47 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.13 23:16:24 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 18:14:20 | 000,000,063 | ---- | M] () -- C:\Users\Chris\.gtk-bookmarks
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.22 21:59:11 | 000,087,608 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2010.07.22 20:30:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.22 20:30:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.22 20:30:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.22 20:30:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.22 20:30:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.22 20:21:25 | 003,741,082 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2010.07.22 15:21:35 | 000,731,136 | ---- | C] () -- C:\Users\Chris\Desktop\avenger.exe
[2010.07.22 14:09:06 | 000,066,421 | ---- | C] () -- C:\Users\Chris\Documents\wie-combofix-benutzt-wird.htm
[2010.07.22 10:51:24 | 000,001,956 | ---- | C] () -- C:\Users\Chris\Desktop\HJT.lnk
[2010.07.21 23:29:39 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.30 17:57:26 | 000,059,862 | ---- | C] () -- C:\Program Files\huggiesjeans.jpg
[2010.06.28 22:50:09 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.06.27 17:30:03 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.15 17:12:33 | 000,053,476 | ---- | C] () -- C:\Users\Chris\Documents\Aprikosensorbet.pdf
[2010.06.15 17:11:52 | 000,054,458 | ---- | C] () -- C:\Users\Chris\Documents\Pfannenbrot.pdf
[2010.06.15 17:09:11 | 000,042,472 | ---- | C] () -- C:\Users\Chris\Documents\Schokokuechlein.pdf
[2010.06.14 12:42:59 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.06.08 00:19:14 | 000,053,573 | ---- | C] () -- C:\Users\Chris\Documents\SalatButtermilchdressing.pdf
[2010.06.08 00:15:56 | 000,039,939 | ---- | C] () -- C:\Users\Chris\Documents\Spaghetti_Tomatensauce_Fleischbaellchen.pdf
[2010.06.08 00:14:48 | 000,041,349 | ---- | C] () -- C:\Users\Chris\Documents\Hack_Calzone.pdf
[2010.06.08 00:12:26 | 000,043,651 | ---- | C] () -- C:\Users\Chris\Documents\Serviettenknoedel.pdf
[2010.06.08 00:09:43 | 000,042,942 | ---- | C] () -- C:\Users\Chris\Documents\Kartoffelgratin.pdf
[2010.06.08 00:06:17 | 000,037,362 | ---- | C] () -- C:\Users\Chris\Documents\Apfelmus.pdf
[2010.06.08 00:04:56 | 000,042,590 | ---- | C] () -- C:\Users\Chris\Documents\CremeBrulee.pdf
[2010.06.08 00:04:26 | 000,040,100 | ---- | C] () -- C:\Users\Chris\Documents\Ziegenfrischkaese_Mousse.pdf
[2010.06.08 00:00:39 | 000,043,554 | ---- | C] () -- C:\Users\Chris\Documents\Ofenschlupfer.pdf
[2010.06.07 23:59:47 | 000,043,798 | ---- | C] () -- C:\Users\Chris\Documents\RicottaKaesekuchen.pdf
[2010.06.03 00:38:45 | 000,293,106 | ---- | C] () -- C:\Users\Chris\.recently-used.xbel
[2010.05.22 13:04:47 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.28 18:14:20 | 000,000,063 | ---- | C] () -- C:\Users\Chris\.gtk-bookmarks
[2010.01.20 18:37:51 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.01 23:24:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.29 05:11:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.18 15:12:07 | 003,035,776 | ---- | C] () -- C:\Windows\System32\drivers\spc1030.sys
[2009.05.18 15:12:07 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2009.05.18 15:12:07 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1030c.sys
[2009.05.18 15:12:07 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.08.26 14:59:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.08.18 15:37:51 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008.07.01 14:44:28 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.06.17 10:14:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 11:33:52 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2008.06.15 19:44:34 | 000,611,064 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.15 19:44:34 | 000,142,904 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2008.06.15 17:35:11 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008.06.15 17:35:11 | 000,004,144 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010.01.21 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\avidemux
[2009.10.10 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeFLVConverter
[2010.06.03 00:38:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2008.08.17 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Image Zone Express
[2008.06.30 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2010.02.04 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\phonostar GmbH
[2010.07.20 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\phonostar-Player
[2008.08.17 13:36:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Printer Info Cache
[2009.01.02 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2009.06.10 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\VistaCodecs
[2010.07.22 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2010.07.12 23:53:33 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.07.23 00:49:16 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.23 13:51:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5AE8D99D-8F09-45C8-8FC7-4DA218EA997E}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

#20 Gehört wohl zu Philips CamSuit. Sagt Dir das was?

Lade bitte diese zwei Dateien

Zitat

C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe
C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll

bei VirusTotal http://www.virustotal.com/de/ hoch und poste die Links zu den Ergebnissen.

Ist aber wahrscheinlich ein Fehlalarm.

#21 Philips CamSuite gehört zu meiner Webcam.

Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe:

http://www.virustotal.com/de/analisis/78ba48507f25f7dca1acf66827979de73e9c5a2d9a577395304d57f384cefefb-1264010967

Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll:

http://www.virustotal.com/de/analisis/4cceef5959afa67efe3403e15c82d91b2d4739dc674787b1edc0b7ccd4b5aebe-1278698941

#22 Ok,

ausnahmslos heuristische Erkennungen, mit ziemlicher Sicherheit ein Fehlalarm.

Falls keine Probleme mehr bestehen, kommen wir zum Abschluß.

1. Könntest Du bitte die Ordner C:\_OTL und C:\Qoobox zippen, die zip-Datei auf http://www.file-upload.net/ hochladen und mir den Downloadlink per PM schicken? Das sind die Quarantäne-Ordner. Ich würde mir die Sachen ansehen und ggf. an verschiedene AV-Hersteller schicken, um die Erkennung zu verbessern. Danke

Danach (sonst sind die Ordner weg):
2. Starte OTL und klicke bitte auf CleanUP

3. Hol Dir http://secunia.com/vulnerability_scanning/personal/ und halte damit Dein System auf dem neuesten Stand.

4. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Wir sind fertig

Gruß,
gangren

#23 Sorry, hab dir die falschen Links geschickt. Sende die richtigen Links in Kürze.

#24 Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPService.exe:

http://www.virustotal.com/de/analisis/78ba48507f25f7dca1acf66827979de73e9c5a2d9a577395304d57f384cefefb-1279892873

Hier der Link zu C:\Program Files\Philips\CamSuite\1.0.9.0\ACPGUI.dll:



http://www.virustotal.com/de/analisis/4cceef5959afa67efe3403e15c82d91b2d4739dc674787b1edc0b7ccd4b5aebe-1279893253

#25 Immer noch kein Problem.
Siehe mein Post oben

#26 Ich habe beide Ordner in eine Datei mit dem Namen _OTL.zip gepackt. Beim Zippen mit WINRAR bekam ich eine Warnmeldung/Fehlermeldung.
Daraufhin meldete sich mein Antivir. Folgende Datei wurde in Quarantäne gesteckt:
Die Datei 'C:\_OTL\MovedFiles\07222010_182100\C_Windows\System32\aecachef.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].

Schreibe bitte kurz, ob die Warnmeldungen beim Zippen der Quarantäneordner normal sind, bevor ich mit OTL weitermache.

Den Downloadlink schicke ich dir.

#27 Ja, das ist normal, beim Zugriff ist Antivir "erwacht". Die Dateien werden beim Packen aber nicht ausgeführt, kein Problem.

#28 Ok, ich habe OTL CleanUp ausgeführt.
Ich bedanke mich für die großartige, superschnelle Hilfe und Deine Geduld, so dass auch ich als Laie in Sachen Viren/Trojaner die Programme und die einzelnen Schritte ausführen konnte.

Mach's gut!

Chris