Home » Spyware & Browser Hijacker Support Forum » Beim öffnen von firefox oder taskmgr öffnet sich "Microsoft Security Essentials" » Themenansicht

Beim öffnen von firefox oder taskmgr öffnet sich "Microsoft Security Essentials"
#0
22.09.2010, 16:50
GreenStudios
Member

Themenstarter

Beiträge: 15
#16 Nach reinigen wurde ich nicht gefragt...

Hier der report von TDSS:

Code

2010/09/22 16:46:46.0081    TDSS rootkit removing tool 2.4.2.1 Sep  7 2010 14:43:44
2010/09/22 16:46:46.0081    ================================================================================
2010/09/22 16:46:46.0081    SystemInfo:
2010/09/22 16:46:46.0081    
2010/09/22 16:46:46.0081    OS Version: 6.1.7600 ServicePack: 0.0
2010/09/22 16:46:46.0081    Product type: Workstation
2010/09/22 16:46:46.0081    ComputerName: JAN-PC
2010/09/22 16:46:46.0082    UserName: Jan
2010/09/22 16:46:46.0082    Windows directory: C:\Windows
2010/09/22 16:46:46.0082    System windows directory: C:\Windows
2010/09/22 16:46:46.0082    Processor architecture: Intel x86
2010/09/22 16:46:46.0082    Number of processors: 2
2010/09/22 16:46:46.0082    Page size: 0x1000
2010/09/22 16:46:46.0082    Boot type: Normal boot
2010/09/22 16:46:46.0082    ================================================================================
2010/09/22 16:46:47.0183    Initialize success
2010/09/22 16:47:31.0856    ================================================================================
2010/09/22 16:47:31.0856    Scan started
2010/09/22 16:47:31.0856    Mode: Manual;
2010/09/22 16:47:31.0856    ================================================================================
2010/09/22 16:47:32.0282    1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/22 16:47:32.0390    ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/22 16:47:32.0508    AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/22 16:47:32.0639    adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/22 16:47:32.0785    adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/22 16:47:32.0911    adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/22 16:47:33.0068    AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/22 16:47:33.0171    agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/22 16:47:33.0282    aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/22 16:47:33.0417    aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/22 16:47:33.0537    amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/22 16:47:33.0642    amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/22 16:47:33.0759    AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/22 16:47:34.0022    amdkmdag        (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/22 16:47:34.0178    amdkmdap        (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/09/22 16:47:34.0284    AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/22 16:47:34.0393    amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/22 16:47:34.0504    amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/22 16:47:34.0603    amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/22 16:47:34.0738    AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/22 16:47:34.0871    arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/22 16:47:34.0973    arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/22 16:47:35.0073    AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/22 16:47:35.0190    atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/22 16:47:35.0300    AtcL001         (3d8880a2cf21dcc057c8d9a194c41f10) C:\Windows\system32\DRIVERS\l160x86.sys
2010/09/22 16:47:35.0476    AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
2010/09/22 16:47:35.0727    atikmdag        (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/22 16:47:35.0857    ATITool         (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys
2010/09/22 16:47:35.0986    atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/09/22 16:47:36.0111    avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/09/22 16:47:36.0244    avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\Windows\system32\DRIVERS\avipbb.sys
2010/09/22 16:47:36.0378    b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/22 16:47:36.0499    b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/22 16:47:36.0647    Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/22 16:47:36.0766    blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/22 16:47:36.0883    bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/22 16:47:36.0977    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/22 16:47:37.0077    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/22 16:47:37.0198    Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/22 16:47:37.0322    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/22 16:47:37.0425    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/22 16:47:37.0534    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/22 16:47:37.0644    BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/22 16:47:37.0746    BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/22 16:47:37.0857    BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/22 16:47:37.0977    BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/22 16:47:38.0085    BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/22 16:47:38.0195    cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/22 16:47:38.0324    cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/22 16:47:38.0479    circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/22 16:47:38.0566    CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/22 16:47:38.0682    CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/22 16:47:38.0784    cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/22 16:47:38.0891    CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/22 16:47:38.0990    Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/22 16:47:39.0098    CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/22 16:47:39.0207    crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/22 16:47:39.0331    CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/22 16:47:39.0493    DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/22 16:47:39.0601    discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/09/22 16:47:39.0727    Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/22 16:47:39.0849    drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/22 16:47:39.0966    DXGKrnl         (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/22 16:47:40.0166    ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/22 16:47:40.0370    ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/09/22 16:47:40.0554    elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/22 16:47:40.0671    ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/22 16:47:40.0790    exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/22 16:47:40.0897    fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/22 16:47:41.0010    fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/22 16:47:41.0025    Suspicious service (NoAccess): fflinf
2010/09/22 16:47:41.0172    fflinf          (445ad36dec917fbe1c1ab0e361c4665b) C:\Windows\system32\drivers\fflinf.sys
2010/09/22 16:47:41.0172    Suspicious file (NoAccess): C:\Windows\system32\drivers\fflinf.sys. md5: 445ad36dec917fbe1c1ab0e361c4665b
2010/09/22 16:47:41.0177    fflinf - detected Locked service (1)
2010/09/22 16:47:41.0286    FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/22 16:47:41.0394    Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/22 16:47:41.0503    flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/22 16:47:41.0641    FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/22 16:47:41.0757    FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/22 16:47:41.0860    Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/22 16:47:41.0972    fvevol          (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/22 16:47:42.0076    gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/22 16:47:42.0182    hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/22 16:47:42.0298    HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/22 16:47:42.0417    HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/22 16:47:42.0519    HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/22 16:47:42.0642    HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/22 16:47:42.0752    HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/22 16:47:42.0886    HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/22 16:47:43.0029    HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/22 16:47:43.0164    HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/22 16:47:43.0271    hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/22 16:47:43.0387    i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/22 16:47:43.0519    iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/22 16:47:43.0644    iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/22 16:47:43.0777    intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/22 16:47:43.0886    intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/22 16:47:44.0004    IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/22 16:47:44.0117    IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/22 16:47:44.0212    IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/22 16:47:44.0326    IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/22 16:47:44.0435    isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/22 16:47:44.0542    iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/22 16:47:44.0660    kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/22 16:47:44.0793    kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/22 16:47:44.0898    KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/22 16:47:45.0001    KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/22 16:47:45.0123    lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/09/22 16:47:45.0243    lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/22 16:47:45.0369    LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/22 16:47:45.0478    LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/22 16:47:45.0646    LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/22 16:47:45.0747    LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/22 16:47:45.0891    luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/22 16:47:45.0999    megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/22 16:47:46.0112    MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/22 16:47:46.0218    Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/22 16:47:46.0328    monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/22 16:47:46.0436    mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/22 16:47:46.0537    mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/22 16:47:46.0638    mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/22 16:47:46.0749    mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/22 16:47:46.0850    mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/22 16:47:46.0982    MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/22 16:47:47.0101    mrxsmb          (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/22 16:47:47.0205    mrxsmb10        (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/22 16:47:47.0314    mrxsmb20        (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/22 16:47:47.0423    msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/22 16:47:47.0534    msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/22 16:47:47.0642    Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/22 16:47:47.0741    mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/22 16:47:47.0841    msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/22 16:47:47.0967    MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/22 16:47:48.0100    MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/22 16:47:48.0220    MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/22 16:47:48.0327    MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/22 16:47:48.0435    mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/22 16:47:48.0550    MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/22 16:47:48.0650    MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/22 16:47:48.0760    Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/22 16:47:48.0880    NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/22 16:47:49.0050    NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/22 16:47:49.0167    NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/22 16:47:49.0281    NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/22 16:47:49.0402    Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/22 16:47:49.0516    NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/22 16:47:49.0633    NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/22 16:47:49.0758    NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/22 16:47:49.0869    NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/22 16:47:50.0007    nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/22 16:47:50.0141    Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/22 16:47:50.0249    nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/22 16:47:50.0384    Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/22 16:47:50.0497    Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/22 16:47:50.0605    nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/22 16:47:50.0766    nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/22 16:47:50.0869    nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/22 16:47:50.0981    ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/22 16:47:51.0110    Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/22 16:47:51.0211    partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/22 16:47:51.0309    Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/22 16:47:51.0433    pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/22 16:47:51.0549    pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/22 16:47:51.0665    pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/22 16:47:51.0783    pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/22 16:47:51.0912    PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/22 16:47:52.0149    PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/22 16:47:52.0269    Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/22 16:47:52.0414    Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/22 16:47:52.0562    ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/22 16:47:52.0709    ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/22 16:47:52.0818    QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/22 16:47:52.0926    RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/22 16:47:53.0034    RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/22 16:47:53.0152    Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/22 16:47:53.0286    RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/22 16:47:53.0405    RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/22 16:47:53.0543    rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/22 16:47:53.0651    rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/22 16:47:53.0756    RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/22 16:47:53.0869    RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/22 16:47:53.0990    RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/22 16:47:54.0108    RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/22 16:47:54.0263    RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/22 16:47:54.0386    rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/22 16:47:54.0526    RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/22 16:47:54.0678    rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/22 16:47:54.0798    RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/09/22 16:47:54.0915    s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/22 16:47:55.0036    sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/22 16:47:55.0145    scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/22 16:47:55.0281    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/22 16:47:55.0431    Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/22 16:47:55.0549    Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/22 16:47:55.0649    sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/22 16:47:55.0807    sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/22 16:47:55.0908    sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/22 16:47:56.0016    sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/22 16:47:56.0117    sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/22 16:47:56.0231    sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/22 16:47:56.0365    SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/22 16:47:56.0466    SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/22 16:47:56.0577    Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/22 16:47:56.0699    spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/22 16:47:56.0833    sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/09/22 16:47:56.0833    Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/09/22 16:47:56.0839    sptd - detected Locked file (1)
2010/09/22 16:47:56.0954    srv             (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2010/09/22 16:47:57.0068    srv2            (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/22 16:47:57.0177    srvnet          (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/22 16:47:57.0290    ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/09/22 16:47:57.0418    stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/22 16:47:57.0551    StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2010/09/22 16:47:57.0673    storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/22 16:47:57.0787    storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/22 16:47:57.0890    swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/22 16:47:58.0055    Tcpip           (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/09/22 16:47:58.0230    TCPIP6          (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/22 16:47:58.0350    tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/22 16:47:58.0466    TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/22 16:47:58.0595    TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/22 16:47:58.0710    tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/22 16:47:58.0810    TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/22 16:47:58.0944    tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/22 16:47:59.0064    tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/22 16:47:59.0167    uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/22 16:47:59.0281    udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/22 16:47:59.0408    uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/22 16:47:59.0543    umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/22 16:47:59.0654    UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/22 16:47:59.0769    usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/22 16:47:59.0886    usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/22 16:48:00.0002    usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/22 16:48:00.0212    usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/22 16:48:00.0428    usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/22 16:48:00.0531    usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/22 16:48:00.0653    USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/22 16:48:00.0757    usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/22 16:48:00.0926    VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/09/22 16:48:01.0039    vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/22 16:48:01.0170    vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/22 16:48:01.0272    VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/22 16:48:01.0376    vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/22 16:48:01.0501    viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/22 16:48:01.0607    ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/22 16:48:01.0730    viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/22 16:48:01.0836    vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/22 16:48:01.0932    VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/22 16:48:02.0040    volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/22 16:48:02.0155    volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/22 16:48:02.0267    volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/22 16:48:02.0386    vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/22 16:48:02.0510    vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/09/22 16:48:02.0622    WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/22 16:48:02.0744    WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/22 16:48:02.0755    Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/22 16:48:02.0870    Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/22 16:48:02.0979    Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/22 16:48:03.0113    WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/22 16:48:03.0279    WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/22 16:48:03.0423    WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/22 16:48:03.0553    ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/22 16:48:03.0691    WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/09/22 16:48:03.0808    WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/22 16:48:03.0926    WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/22 16:48:04.0009    ================================================================================
2010/09/22 16:48:04.0009    Scan finished
2010/09/22 16:48:04.0009    ================================================================================
2010/09/22 16:48:04.0022    Detected object count: 2
2010/09/22 16:48:10.0587    Locked service(fflinf) - User select action: Skip
2010/09/22 16:48:10.0590    Locked file(sptd) - User select action: Skip
Seitenanfang Seitenende
22.09.2010, 17:06
raman
Moderator

Beiträge: 7805
#17 Nutz bitte einmal Combofix, lies dir die Anleitung genau durch und speichere die combofix Datei unter anderem Namen auf deinem PC
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
22.09.2010, 20:13
GreenStudios
Member

Themenstarter

Beiträge: 15
#18 So hier der log von combofix

ist das normal das der PC währenddessen reboot macht?

Code

ComboFix 10-09-21.03 - Jan 22.09.2010  18:41:21.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3327.2519 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\CFG.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\program files\Setup.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-22 bis 2010-09-22  ))))))))))))))))))))))))))))))
.

2010-09-22 16:45 . 2010-09-22 16:46    --------    d-----w-    c:\users\Jan\AppData\Local\temp
2010-09-22 16:45 . 2010-09-22 16:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-09-22 11:38 . 2010-09-22 11:38    --------    d-----w-    c:\programdata\Avira
2010-09-22 10:40 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 10:40 . 2010-09-22 10:40    --------    d-----w-    c:\programdata\Malwarebytes
2010-09-22 10:40 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-22 10:01 . 2010-09-22 11:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-22 07:23 . 2010-09-22 07:23    --------    d-----w-    c:\users\Jan\AppData\Roaming\Avira
2010-09-22 07:20 . 2010-09-22 07:20    --------    d-----w-    c:\program files\Avira
2010-09-22 07:20 . 2010-03-01 08:05    124784    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-09-22 07:20 . 2010-02-16 12:24    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-09-22 07:20 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-09-22 07:20 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-09-22 07:01 . 2010-09-22 07:01    --------    d-----w-    c:\program files\directx
2010-09-21 18:30 . 2010-09-21 18:30    --------    d-----w-    c:\program files\Lame
2010-09-21 12:15 . 2010-09-21 12:15    --------    d-----w-    c:\windows\Sun
2010-09-19 15:25 . 2010-09-19 15:41    996    ----a-w-    c:\windows\eReg.dat
2010-09-19 15:21 . 2010-09-22 07:09    --------    d-----w-    c:\program files\Common Files\InstallShield
2010-09-18 22:01 . 2010-09-18 22:01    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2010-09-18 22:00 . 2010-09-18 22:00    22328    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 22:00 . 2010-09-18 22:00    107832    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-18 22:00 . 2010-09-18 22:00    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-09-18 22:00 . 2010-09-18 22:00    2250024    ----a-w-    c:\windows\system32\pbsvc.exe
2010-09-18 21:03 . 2010-09-18 21:03    --------    d-----w-    c:\users\Jan\AppData\Roaming\Ubisoft
2010-09-18 21:03 . 2010-09-18 21:03    --------    d-----w-    c:\programdata\Ubisoft
2010-09-18 20:43 . 2010-09-18 20:43    --------    d-----w-    c:\program files\Ubisoft
2010-09-18 20:42 . 2008-10-15 04:22    452440    ----a-w-    c:\windows\system32\d3dx10_40.dll
2010-09-18 20:42 . 2008-10-15 04:22    2036576    ----a-w-    c:\windows\system32\D3DCompiler_40.dll
2010-09-18 20:42 . 2008-10-15 04:22    4379984    ----a-w-    c:\windows\system32\D3DX9_40.dll
2010-09-18 20:01 . 2010-09-20 08:52    --------    d-----w-    c:\users\Jan\AppData\Local\Risen
2010-09-18 19:10 . 2010-09-18 19:10    281760    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-09-18 19:10 . 2010-09-18 19:10    25888    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\program files\AGEIA Technologies
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\windows\system32\AGEIA
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-09-18 19:04 . 2010-09-22 07:00    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-18 17:24 . 2010-09-18 17:24    --------    d-----w-    c:\program files\Elaborate Bytes
2010-09-17 16:14 . 2010-09-21 20:33    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-09-17 16:08 . 2010-09-17 16:08    --------    d-----w-    c:\program files\Burn4Free
2010-09-17 16:08 . 2009-08-21 10:15    557568    ----a-w-    c:\windows\system32\B4FM.dll
2010-09-17 13:02 . 2010-09-17 13:02    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2010-09-17 13:01 . 2010-09-17 13:06    --------    d-----w-    c:\program files\DAEMON Tools Lite
2010-09-17 13:01 . 2010-09-20 09:41    --------    d-----w-    c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
2010-09-17 13:01 . 2010-09-17 13:01    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2010-09-16 20:54 . 2010-09-16 23:11    --------    d-----w-    c:\users\Jan\AppData\Roaming\AccurateRip
2010-09-16 20:54 . 2010-09-16 20:54    --------    d-----w-    c:\program files\Exact Audio Copy
2010-09-13 19:08 . 2010-09-13 19:08    --------    d-----w-    c:\program files\FLAC
2010-09-13 16:36 . 2010-09-16 10:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2010-09-13 11:34 . 2010-09-13 11:34    --------    d-----w-    c:\program files\Mp3tag
2010-09-13 10:36 . 2004-02-22 22:00    119808    ----a-w-    c:\windows\system32\msstdfmt.dll
2010-09-13 10:36 . 2001-07-05 13:05    40448    ----a-w-    c:\windows\system32\dsofile.dll
2010-09-13 10:36 . 2000-10-11 16:07    98304    ----a-w-    c:\windows\system32\ccrpUCW6.dll
2010-09-13 10:26 . 2010-09-13 10:26    --------    d-----w-    c:\program files\Rename Master
2010-09-13 10:26 . 2010-01-22 18:21    2211    ----a-w-    c:\program files\ExampleScripts.zip
2010-09-13 10:26 . 2010-01-14 11:59    1918464    ----a-w-    c:\program files\RenameMaster.exe
2010-09-13 09:46 . 2010-09-21 12:33    --------    d-----w-    c:\program files\The KMPlayer
2010-09-13 09:36 . 2010-09-13 09:36    --------    d-----w-    c:\programdata\WEBREG
2010-09-13 09:33 . 2010-09-13 09:33    --------    d-----w-    c:\users\Jan\AppData\Local\HP
2010-09-13 06:35 . 2010-09-13 09:33    272363    ----a-w-    c:\windows\hpwins20.dat
2010-09-13 06:35 . 2010-07-28 13:56    1678    ------w-    c:\windows\hpwmdl20.dat
2010-09-13 06:35 . 2010-09-13 09:33    --------    d-----w-    c:\programdata\HP
2010-09-13 06:35 . 2010-05-31 04:36    267608    ----a-w-    c:\windows\system32\hpzids01.dll
2010-09-13 06:35 . 2010-02-01 06:54    729088    ----a-w-    c:\windows\system32\hpwwiax4.dll
2010-09-13 06:35 . 2010-02-01 06:54    593920    ----a-w-    c:\windows\system32\hpwtscl3.dll
2010-09-13 06:35 . 2010-02-01 06:54    364544    ----a-w-    c:\windows\system32\hppldcoi.dll
2010-09-13 06:35 . 2010-02-01 06:54    294912    ----a-w-    c:\windows\system32\hpovst11.dll
2010-09-13 06:31 . 2010-09-13 06:32    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-13 06:30 . 2010-09-13 06:30    --------    d-----w-    c:\programdata\McAfee
2010-09-13 06:30 . 2010-09-13 06:33    --------    d-----w-    c:\users\Jan\AppData\Local\Adobe
2010-09-13 06:23 . 2010-09-13 06:23    --------    d-----w-    c:\windows\system32\Macromed
2010-09-13 06:15 . 2010-09-13 06:15    --------    d-----w-    c:\programdata\Hewlett-Packard
2010-09-13 06:15 . 2009-07-14 01:15    280064    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-09-12 22:14 . 2010-09-18 16:50    --------    d-----w-    c:\program files\ATITool
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\Common Files\Java
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\users\Jan\AppData\Roaming\IrfanView
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\IrfanView
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\Java
2010-09-12 21:51 . 2010-09-12 21:53    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-12 21:50 . 2010-09-20 10:43    --------    d-----w-    c:\program files\JDownloader
2010-09-12 21:41 . 2010-09-19 19:14    58336    ----a-w-    c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\users\Jan\AppData\Roaming\ATI
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\users\Jan\AppData\Local\ATI
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\programdata\ATI
2010-09-12 21:38 . 2010-09-12 20:47    --------    d-----w-    c:\windows\Panther
2010-09-12 21:37 . 2010-09-12 21:38    --------    d-----w-    C:\Boot
2010-09-12 21:35 . 2010-09-22 16:36    --------    d-----w-    c:\users\Jan\AppData\Roaming\foobar2000
2010-09-12 21:32 . 2010-09-20 18:32    --------    d-----w-    c:\users\Jan\AppData\Roaming\XBMC
2010-09-12 21:32 . 2010-09-12 21:32    --------    d-----w-    c:\program files\XBMC
2010-09-12 21:31 . 2010-09-12 21:31    --------    d-----w-    c:\program files\foobar2000
2010-09-12 21:30 . 2010-09-12 21:30    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2010-09-12 21:29 . 2010-09-19 15:41    --------    d-sh--w-    c:\windows\Installer
2010-09-12 21:29 . 2010-09-12 21:30    --------    d-----w-    c:\program files\ATI
2010-09-12 21:28 . 2010-09-12 21:30    --------    d-----w-    c:\program files\ATI Technologies
2010-09-12 21:28 . 2010-09-12 21:28    --------    d-----w-    C:\ATI
2010-09-12 21:16 . 2010-05-21 12:14    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-09-12 21:07 . 2010-09-12 21:07    --------    d-----w-    c:\users\Jan\AppData\Local\Mozilla
2010-09-12 20:51 . 2010-09-22 16:44    --------    d-----w-    c:\windows\system32\wbem\Performance
2010-09-12 20:41 . 2010-09-12 20:41    0    ----a-w-    c:\windows\ativpsrm.bin

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 16:44 . 2009-07-14 08:47    643628    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-22 16:44 . 2009-07-14 08:47    126188    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-21 20:33 . 2010-09-17 16:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-09-20 10:30 . 2010-09-13 08:54    --------    d-----w-    c:\users\Jan\AppData\Roaming\HpUpdate
2010-09-13 09:33 . 2010-09-13 06:49    --------    d-----w-    c:\users\Jan\AppData\Roaming\HP
2010-09-13 08:54 . 2010-09-13 06:36    --------    d-----w-    c:\program files\HP
2010-09-13 08:53 . 2010-09-13 08:53    --------    d-----w-    c:\programdata\HP Product Assistant
2010-09-13 08:51 . 2010-09-13 08:51    --------    d-----w-    c:\program files\Common Files\HP
2010-09-13 06:38 . 2010-09-13 06:37    --------    d-----w-    c:\program files\Bing Bar Installer
2010-09-13 06:38 . 2010-09-13 06:38    --------    d-----w-    c:\program files\MSN Toolbar
2010-09-13 06:38 . 2010-09-13 06:38    --------    d-----w-    c:\program files\Microsoft
2010-09-13 06:37 . 2010-09-13 06:37    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-13 06:36 . 2010-09-13 06:36    --------    d-----w-    c:\program files\Common Files\Hewlett-Packard
2010-09-13 06:29 . 2010-09-13 06:29    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Vorlagen
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Startmenü
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Favoriten
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Dokumente
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Anwendungsdaten
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\program files\Gemeinsame Dateien
2010-07-07 02:29 . 2010-07-07 02:29    5882368    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55    15461888    ----a-w-    c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54    513024    ----a-w-    c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51    446464    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51    380928    ----a-w-    c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49    159744    ----a-w-    c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49    356352    ----a-w-    c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49    278528    ----a-w-    c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2009-07-13 22:09    3826688    ----a-w-    c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29    46080    ----a-w-    c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29    44032    ----a-w-    c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28    3975680    ----a-w-    c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27    4323840    ----a-w-    c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-07-07 01:24    50176    ----a-w-    c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23    3058688    ----a-w-    c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16    237568    ----a-w-    c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    16896    ----a-w-    c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    210944    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14    22528    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11    52736    ----a-w-    c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11    52736    ----a-w-    c:\windows\system32\amdpcom32.dll
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-17 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - fflinf

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rrm6bzu4.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
AddRemove-Name It Your Way (NIYoW)_is1 - c:\program files\NIYoW\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fflinf]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1560690974-3462417053-1049903493-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,cd,78,51,69,b2,a0,3c,65,f1,da,61,43,ed,06,a9,06,a3,82,f7,f2,
   38,b9,46,35,07,ee,b3,46,bc,1f,d5,67,17,a6,53,c3,a6,a5,6e,ad,02,a5,7c,09,2a,\
"rkeysecu"=hex:a6,11,e0,2f,3b,a3,76,cb,93,54,75,db,7d,89,3b,96

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-22  18:47:12
ComboFix-quarantined-files.txt  2010-09-22 16:47

Vor Suchlauf: 6 Verzeichnis(se), 113.842.143.232 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 113.531.420.672 Bytes frei

- - End Of File - - 0143BE3253A37C55009B19E5DE879692
Seitenanfang Seitenende
23.09.2010, 05:31
raman
Moderator

Beiträge: 7805
#19 Mache bitte folgendes:

1. Starte Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code

KillAll::
Driver:
fflinf
file::
C:\Windows\system32\drivers\fflinf.sys


3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.





6. Nach dem Neustart (falls du gefragt wirst, ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt


Poste den neu erstellten Combofix Report

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
23.09.2010, 14:02
GreenStudios
Member

Themenstarter

Beiträge: 15
#20 Hallo

so bin von der Arbeit wieder zurück.

Leider kommt jetzt jedesmal beim booten

1.) Windows konnte nicht richtig gesartet werden und dann muss man windows normal starten wählen damit er bootet

2.) diese Meldung von DT Lite:
---------------------------
DAEMON Tools Lite
---------------------------
Dieses Programm benötigt mindestens Windows 2000 mit installiertem SPTD-Treiber v1.60.
Kerneldebugger müssen deaktiviert werden.
---------------------------
OK
---------------------------

Hier der CF Log:

Code

ComboFix 10-09-22.06 - Jan 23.09.2010  13:32:49.2.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3327.2411 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\CFG.exe
Benutzte Befehlsschalter :: c:\users\Jan\Desktop\CFScript.txt.txt
 * Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\windows\system32\drivers\fflinf.sys"
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-23 bis 2010-09-23  ))))))))))))))))))))))))))))))
.

2010-09-23 11:36 . 2010-09-23 11:36    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-09-23 11:36 . 2010-09-23 11:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-09-22 16:47 . 2010-09-23 11:36    --------    d-----w-    c:\users\Jan\AppData\Local\temp
2010-09-22 11:38 . 2010-09-22 11:38    --------    d-----w-    c:\programdata\Avira
2010-09-22 10:40 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 10:40 . 2010-09-22 10:40    --------    d-----w-    c:\programdata\Malwarebytes
2010-09-22 10:40 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-22 10:01 . 2010-09-22 11:15    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-22 07:23 . 2010-09-22 07:23    --------    d-----w-    c:\users\Jan\AppData\Roaming\Avira
2010-09-22 07:20 . 2010-09-22 07:20    --------    d-----w-    c:\program files\Avira
2010-09-22 07:20 . 2010-03-01 08:05    124784    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-09-22 07:20 . 2010-02-16 12:24    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-09-22 07:20 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-09-22 07:20 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-09-22 07:01 . 2010-09-22 07:01    --------    d-----w-    c:\program files\directx
2010-09-21 18:30 . 2010-09-21 18:30    --------    d-----w-    c:\program files\Lame
2010-09-21 12:15 . 2010-09-21 12:15    --------    d-----w-    c:\windows\Sun
2010-09-19 15:25 . 2010-09-19 15:41    996    ----a-w-    c:\windows\eReg.dat
2010-09-19 15:21 . 2010-09-22 07:09    --------    d-----w-    c:\program files\Common Files\InstallShield
2010-09-18 22:01 . 2010-09-18 22:01    107888    ----a-w-    c:\windows\system32\CmdLineExt.dll
2010-09-18 22:00 . 2010-09-18 22:00    22328    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 22:00 . 2010-09-18 22:00    107832    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-09-18 22:00 . 2010-09-18 22:00    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-09-18 22:00 . 2010-09-18 22:00    2250024    ----a-w-    c:\windows\system32\pbsvc.exe
2010-09-18 21:03 . 2010-09-18 21:03    --------    d-----w-    c:\users\Jan\AppData\Roaming\Ubisoft
2010-09-18 21:03 . 2010-09-18 21:03    --------    d-----w-    c:\programdata\Ubisoft
2010-09-18 20:43 . 2010-09-18 20:43    --------    d-----w-    c:\program files\Ubisoft
2010-09-18 20:42 . 2008-10-15 04:22    452440    ----a-w-    c:\windows\system32\d3dx10_40.dll
2010-09-18 20:42 . 2008-10-15 04:22    2036576    ----a-w-    c:\windows\system32\D3DCompiler_40.dll
2010-09-18 20:42 . 2008-10-15 04:22    4379984    ----a-w-    c:\windows\system32\D3DX9_40.dll
2010-09-18 20:01 . 2010-09-20 08:52    --------    d-----w-    c:\users\Jan\AppData\Local\Risen
2010-09-18 19:10 . 2010-09-18 19:10    281760    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-09-18 19:10 . 2010-09-18 19:10    25888    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\program files\AGEIA Technologies
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\windows\system32\AGEIA
2010-09-18 19:10 . 2010-09-18 19:10    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-09-18 19:04 . 2010-09-22 07:00    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-18 17:24 . 2010-09-18 17:24    --------    d-----w-    c:\program files\Elaborate Bytes
2010-09-17 16:14 . 2010-09-21 20:33    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-09-17 16:08 . 2010-09-17 16:08    --------    d-----w-    c:\program files\Burn4Free
2010-09-17 16:08 . 2009-08-21 10:15    557568    ----a-w-    c:\windows\system32\B4FM.dll
2010-09-17 13:02 . 2010-09-17 13:02    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2010-09-17 13:01 . 2010-09-17 13:06    --------    d-----w-    c:\program files\DAEMON Tools Lite
2010-09-17 13:01 . 2010-09-20 09:41    --------    d-----w-    c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
2010-09-17 13:01 . 2010-09-17 13:01    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2010-09-16 20:54 . 2010-09-16 23:11    --------    d-----w-    c:\users\Jan\AppData\Roaming\AccurateRip
2010-09-16 20:54 . 2010-09-16 20:54    --------    d-----w-    c:\program files\Exact Audio Copy
2010-09-13 19:08 . 2010-09-13 19:08    --------    d-----w-    c:\program files\FLAC
2010-09-13 16:36 . 2010-09-16 10:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2010-09-13 11:34 . 2010-09-13 11:34    --------    d-----w-    c:\program files\Mp3tag
2010-09-13 10:36 . 2004-02-22 22:00    119808    ----a-w-    c:\windows\system32\msstdfmt.dll
2010-09-13 10:36 . 2001-07-05 13:05    40448    ----a-w-    c:\windows\system32\dsofile.dll
2010-09-13 10:36 . 2000-10-11 16:07    98304    ----a-w-    c:\windows\system32\ccrpUCW6.dll
2010-09-13 10:26 . 2010-09-13 10:26    --------    d-----w-    c:\program files\Rename Master
2010-09-13 10:26 . 2010-01-22 18:21    2211    ----a-w-    c:\program files\ExampleScripts.zip
2010-09-13 10:26 . 2010-01-14 11:59    1918464    ----a-w-    c:\program files\RenameMaster.exe
2010-09-13 09:46 . 2010-09-21 12:33    --------    d-----w-    c:\program files\The KMPlayer
2010-09-13 09:36 . 2010-09-13 09:36    --------    d-----w-    c:\programdata\WEBREG
2010-09-13 09:33 . 2010-09-13 09:33    --------    d-----w-    c:\users\Jan\AppData\Local\HP
2010-09-13 06:35 . 2010-09-13 09:33    272363    ----a-w-    c:\windows\hpwins20.dat
2010-09-13 06:35 . 2010-07-28 13:56    1678    ------w-    c:\windows\hpwmdl20.dat
2010-09-13 06:35 . 2010-09-13 09:33    --------    d-----w-    c:\programdata\HP
2010-09-13 06:35 . 2010-05-31 04:36    267608    ----a-w-    c:\windows\system32\hpzids01.dll
2010-09-13 06:35 . 2010-02-01 06:54    729088    ----a-w-    c:\windows\system32\hpwwiax4.dll
2010-09-13 06:35 . 2010-02-01 06:54    593920    ----a-w-    c:\windows\system32\hpwtscl3.dll
2010-09-13 06:35 . 2010-02-01 06:54    364544    ----a-w-    c:\windows\system32\hppldcoi.dll
2010-09-13 06:35 . 2010-02-01 06:54    294912    ----a-w-    c:\windows\system32\hpovst11.dll
2010-09-13 06:31 . 2010-09-13 06:32    --------    d-----w-    c:\program files\Common Files\Adobe
2010-09-13 06:30 . 2010-09-13 06:30    --------    d-----w-    c:\programdata\McAfee
2010-09-13 06:30 . 2010-09-13 06:33    --------    d-----w-    c:\users\Jan\AppData\Local\Adobe
2010-09-13 06:23 . 2010-09-13 06:23    --------    d-----w-    c:\windows\system32\Macromed
2010-09-13 06:15 . 2010-09-13 06:15    --------    d-----w-    c:\programdata\Hewlett-Packard
2010-09-13 06:15 . 2009-07-14 01:15    280064    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-09-12 22:14 . 2010-09-18 16:50    --------    d-----w-    c:\program files\ATITool
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\Common Files\Java
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\users\Jan\AppData\Roaming\IrfanView
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\IrfanView
2010-09-12 21:53 . 2010-09-12 21:53    --------    d-----w-    c:\program files\Java
2010-09-12 21:51 . 2010-09-12 21:53    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-12 21:50 . 2010-09-20 10:43    --------    d-----w-    c:\program files\JDownloader
2010-09-12 21:41 . 2010-09-19 19:14    58336    ----a-w-    c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\users\Jan\AppData\Roaming\ATI
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\users\Jan\AppData\Local\ATI
2010-09-12 21:40 . 2010-09-12 21:40    --------    d-----w-    c:\programdata\ATI
2010-09-12 21:38 . 2010-09-12 20:47    --------    d-----w-    c:\windows\Panther
2010-09-12 21:37 . 2010-09-12 21:38    --------    d-----w-    C:\Boot
2010-09-12 21:35 . 2010-09-22 20:56    --------    d-----w-    c:\users\Jan\AppData\Roaming\foobar2000
2010-09-12 21:32 . 2010-09-20 18:32    --------    d-----w-    c:\users\Jan\AppData\Roaming\XBMC
2010-09-12 21:32 . 2010-09-12 21:32    --------    d-----w-    c:\program files\XBMC
2010-09-12 21:31 . 2010-09-12 21:31    --------    d-----w-    c:\program files\foobar2000
2010-09-12 21:30 . 2010-09-12 21:30    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2010-09-12 21:29 . 2010-09-19 15:41    --------    d-sh--w-    c:\windows\Installer
2010-09-12 21:29 . 2010-09-12 21:30    --------    d-----w-    c:\program files\ATI
2010-09-12 21:28 . 2010-09-12 21:30    --------    d-----w-    c:\program files\ATI Technologies
2010-09-12 21:28 . 2010-09-12 21:28    --------    d-----w-    C:\ATI
2010-09-12 21:16 . 2010-05-21 12:14    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-09-12 21:07 . 2010-09-12 21:07    --------    d-----w-    c:\users\Jan\AppData\Local\Mozilla
2010-09-12 20:51 . 2010-09-23 11:32    --------    d-----w-    c:\windows\system32\wbem\Performance
2010-09-12 20:41 . 2010-09-12 20:41    0    ----a-w-    c:\windows\ativpsrm.bin

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 11:32 . 2009-07-14 08:47    643628    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-23 11:32 . 2009-07-14 08:47    126188    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-21 20:33 . 2010-09-17 16:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2010-09-20 10:30 . 2010-09-13 08:54    --------    d-----w-    c:\users\Jan\AppData\Roaming\HpUpdate
2010-09-13 09:33 . 2010-09-13 06:49    --------    d-----w-    c:\users\Jan\AppData\Roaming\HP
2010-09-13 08:54 . 2010-09-13 06:36    --------    d-----w-    c:\program files\HP
2010-09-13 08:53 . 2010-09-13 08:53    --------    d-----w-    c:\programdata\HP Product Assistant
2010-09-13 08:51 . 2010-09-13 08:51    --------    d-----w-    c:\program files\Common Files\HP
2010-09-13 06:38 . 2010-09-13 06:37    --------    d-----w-    c:\program files\Bing Bar Installer
2010-09-13 06:38 . 2010-09-13 06:38    --------    d-----w-    c:\program files\MSN Toolbar
2010-09-13 06:38 . 2010-09-13 06:38    --------    d-----w-    c:\program files\Microsoft
2010-09-13 06:37 . 2010-09-13 06:37    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-13 06:36 . 2010-09-13 06:36    --------    d-----w-    c:\program files\Common Files\Hewlett-Packard
2010-09-13 06:29 . 2010-09-13 06:29    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Vorlagen
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Startmenü
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Favoriten
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Dokumente
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\programdata\Anwendungsdaten
2010-09-12 20:47 . 2010-09-12 20:47    --------    d-sh--we    c:\program files\Gemeinsame Dateien
2010-07-07 02:29 . 2010-07-07 02:29    5882368    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55    15461888    ----a-w-    c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54    513024    ----a-w-    c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51    446464    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51    380928    ----a-w-    c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49    159744    ----a-w-    c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49    356352    ----a-w-    c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49    278528    ----a-w-    c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2009-07-13 22:09    3826688    ----a-w-    c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29    46080    ----a-w-    c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29    44032    ----a-w-    c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28    3975680    ----a-w-    c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27    4323840    ----a-w-    c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-07-07 01:24    50176    ----a-w-    c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23    3058688    ----a-w-    c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16    237568    ----a-w-    c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    16896    ----a-w-    c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15    210944    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14    22528    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11    52736    ----a-w-    c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11    52736    ----a-w-    c:\windows\system32\amdpcom32.dll
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-17 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS-Miniporttreiber für L1-Gigabit-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - fflinf

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\rrm6bzu4.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fflinf]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1560690974-3462417053-1049903493-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,cd,78,51,69,b2,a0,3c,65,f1,da,61,43,ed,06,a9,06,a3,82,f7,f2,
   38,b9,46,35,07,ee,b3,46,bc,1f,d5,67,17,a6,53,c3,a6,a5,6e,ad,02,a5,7c,09,2a,\
"rkeysecu"=hex:a6,11,e0,2f,3b,a3,76,cb,93,54,75,db,7d,89,3b,96

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-23  13:41:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-23 11:41
ComboFix2.txt  2010-09-22 16:47

Vor Suchlauf: 10 Verzeichnis(se), 60.512.997.376 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 60.426.584.064 Bytes frei

- - End Of File - - C24A520F4A1918EB4504912816174816
Seitenanfang Seitenende
23.09.2010, 14:19
raman
Moderator

Beiträge: 7805
#21 Ja, da zickt die Malware etwas rum...

Oeffne bitte einmal Antivir, gehe auf Verwaltung/Quarantaene dort druecke auf "verdaechtige DAeti zur Quarantaene hinzufuegen"(ist das 5te Symbol von Links)
Dort suchst du die Datei C:\Windows\System32\drivers\fflinf.sys danach sollte die DAtei unter Quarantaene zu finden sein.

Dann starte dein umbenanntes Gmer, gehe auf den REiter files, suche dort ebenfalls die Datei, klicke sie einmal an und druecke rechts auf kill, starte neu und erstelle einen neuen OTL report.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
23.09.2010, 18:03
GreenStudios
Member

Themenstarter

Beiträge: 15
#22 Wenn ich versuche diese Datei der Quarantäne von AntiVir hinzuzufügen kommt:

Code

[Window Title]
Öffnen

[Content]
fflinf.sys
Ein an das System angeschlossenes Gerät funktioniert nicht.


[OK]
und ich kann sie nicht hinzufügen...
Seitenanfang Seitenende
24.09.2010, 05:32
raman
Moderator

Beiträge: 7805
#23 Schade, funktioniert das mit GMer?
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
24.09.2010, 18:12
GreenStudios
Member

Themenstarter

Beiträge: 15
#24 Hallo

bei gmer wird mir im files fenster existiert der windows ordner leider nicht.... -___-



Was nun?
Für alle anderen Programme scheint die Datei nicht zu existieren..

killbox! etc.
Seitenanfang Seitenende
26.09.2010, 01:36
GreenStudios
Member

Themenstarter

Beiträge: 15
#25 Hat keiner ne Idee wie ich das wegbekomme?

Hab schon alles versucht, sogar in nem linux live system wird die Datei zwar angezeigt, würde aber nicht existieren... *paradox*

Aber das der Windows Ordner in gmer nicht angezeigt beunruhigt mich doch sehr.
Seitenanfang Seitenende
26.09.2010, 13:25
Gastaccount
Passwort: gast
Avatar Gastaccount

Beiträge: 0
#26 Es geht natuerlich auch ueber die wiederherstellungsconsole, die Combofix installiert hat. Starten, mit hilfe von cd in den drivers ordner wechseln, die entsprechende Datei umbenennen
"c:\windows\system32\drivers\fflinf.sys"

und neu starten...

Es mag schon reichen in der Console
ren c:\windows\system32\drivers\fflinf.sys c:\windows\system32\drivers\fflinf.sys.ren
einzugeben und enter zu druecken...
Seitenanfang Seitenende
26.09.2010, 13:49
GreenStudios
Member

Themenstarter

Beiträge: 15
#27 Wie komme ich in die Wiederherstellungskonsole?

In den tutorials zu combofix steht nämlich das er das fragen würde, das hat er bei mir aber beide male nicht getan.
Seitenanfang Seitenende
26.09.2010, 19:12
Gastaccount
Passwort: gast
Avatar Gastaccount

Beiträge: 0
#28 Du sooltest beim strarten 2 sekunden ein auswahlmenue finden, dort entsprechend den Eintrag auswaehlen...

Ueber die XP CD geht das auch:
http://www.vnr.de/b2c/hobby-freizeit/schnell-einsatzbereit-die-wiederherstellungskonsole.html
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12