Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware protection entfernt - noch Reste auf Rechner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.06.2011, 20:32   #1
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Guten Abend,

mein Rechner (Windows Vista, Service Pack 2) hat mir mitgeteilt, dass er mit Viren verseucht sei.
Es ist ein scheinbarer Virenscan durchgelaufen, aber nicht von Kaspersky, sondern die Malware Protection. Zudem liessen sich keine Programme mehr ausführen.
Nach kurzem Schrecken habe ich das Internet getrennt,mein Virenschutzprogramm gestartet (Kaspersky) und von einem anderen Rechner mich auf die Suche nach Hilfe gemacht.

Kaspersky hat Viren erkannt, habe sie auch gelöscht, hat aber nichts daran geändert, dass die Programme sich nicht starten lassen. Und die Malware Protection war immer noch da...

Hier im Trojaner-Board bin ich fündig geworden:
Es war genau die beschriebene Malware
http://www.trojaner-board.de/99655-m...entfernen.html
Habe sie nach dieser Anleitung entfernt.
Der Scan mit Malwarebytes Anti-Malware im abgesicherten Modus hat mir Malware Protection (Trojan.FakeAlert) als Ergebnis präsentiert. Habe die Datei in Quarantäne verschoben und dann auch gelöscht.


Logfile vom Malwarefund von Malwarebytes' Anti-Malware (mit Befund)

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6705
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

11.06.2011 13:30:23
mbam-log-2011-06-11 (13-30-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148513
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Protection (Trojan.FakeAlert) -> Value: Malware Protection -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Mia\AppData\Local\Temp\D567.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         
Nach Entfernung durch das Programm und nach erneuten Starten (normaler Modus) war alles okay, d.h. keine Infizierten Registrierungswerte oder Dateien mehr.

Im Anschluss darab habe ich auch den TDSSKiller runtergeladen und installiert.
(Anleitung:
http://www.trojaner-board.de/82358-t...tml#post640150)
Hier war alles sauber.

Die Programme lassen sich nun wieder öffen und der Rechner funktioniert scheinbar normal.
Möchte nun aber ganz sicher gehen, dass keine versteckten Reste mehr im System sind.


Habe dann auch noch einen Scan mit OTL gemacht.
(Anleitung: http://www.trojaner-board.de/85104-o...-oldtimer.html)
Allerdings kann ich diese Logfiles nicht interpretieren und bitte um Hilfe.

Code:
ATTFilter
OTL logfile created on: 12.06.2011 19:42:42 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Mia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,48% Memory free
4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 10,67 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,46% Space Free | Partition Type: FAT32
 
Computer Name: Mia-LAPTOP | User Name: Mia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mia\Desktop\OTL.exe (OldTimer Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WButton.exe ()
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Mia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Firefox\Mozilla Firefox\components [2011.04.30 20:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Firefox\Mozilla Firefox\plugins [2011.04.30 20:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.03 23:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2009.07.26 16:45:20 | 000,000,000 | ---D | M]
 
[2010.12.18 19:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Extensions
[2010.12.18 19:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.11 13:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mia\AppData\Roaming\mozilla\Firefox\Profiles\cc80b7ka.default\extensions
[2009.09.06 08:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mia\AppData\Roaming\mozilla\Firefox\Profiles\cc80b7ka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.06 12:14:19 | 000,005,126 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-1.xml
[2008.09.29 21:35:58 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-2.xml
[2008.11.14 23:21:33 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-3.xml
[2008.12.24 12:58:21 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-4.xml
[2008.12.27 00:07:58 | 000,000,950 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin-5.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Mia\Application Data\Pictures\Hintergrund\P8060075.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mia\Application Data\Pictures\Hintergrund\P8060075.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eebfea7a-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfea85-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfeac0-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.12 19:41:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mia\Desktop\OTL.exe
[2011.06.12 12:06:26 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mia\Desktop\tdsskiller.exe
[2011.06.11 13:22:56 | 000,000,000 | ---D | C] -- C:\Users\Mia\AppData\Roaming\Malwarebytes
[2011.06.11 13:22:49 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 13:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 13:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 13:22:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 13:22:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.11 11:15:14 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mia\Desktop\hub.exe
[2011.06.01 07:59:27 | 000,000,000 | ---D | C] -- C:\Users\Mia\Desktop\Semestertreffen Papa
[2010.07.30 16:12:24 | 004,319,232 | ---- | C] (Öko-Institut e.V.) -- C:\Programme\Gemis.exe
[2010.07.02 16:42:08 | 000,594,944 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesCS.dll
[2010.07.02 16:42:06 | 000,611,328 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesES.dll
[2010.07.02 16:42:06 | 000,606,720 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesDE.dll
[2010.07.02 16:42:06 | 000,593,920 | ---- | C] (Oeko-Institut e.V.) -- C:\Programme\G4CountriesEN.dll
[2010.07.02 16:42:06 | 000,548,864 | ---- | C] (Oeko-Institut) -- C:\Programme\G4CountriesFR.dll
[2009.11.03 01:02:00 | 002,446,848 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.bpl
[2009.11.03 01:02:00 | 001,785,344 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.bpl
[2009.11.03 01:02:00 | 001,572,864 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.bpl
[2009.11.03 01:02:00 | 000,406,016 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.bpl
[2009.11.03 01:02:00 | 000,320,512 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.bpl
[2009.11.03 01:02:00 | 000,314,368 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.bpl
[2009.11.03 01:02:00 | 000,237,056 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.bpl
[2009.11.03 01:02:00 | 000,212,992 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.de
[2009.11.03 01:02:00 | 000,211,968 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcl140.fr
[2009.11.03 01:02:00 | 000,176,640 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.bpl
[2009.11.03 01:02:00 | 000,087,040 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.fr
[2009.11.03 01:02:00 | 000,087,040 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\rtl140.de
[2009.11.03 01:02:00 | 000,062,464 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.bpl
[2009.11.03 01:02:00 | 000,036,352 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.fr
[2009.11.03 01:02:00 | 000,036,352 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclx140.de
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.fr
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\xmlrtl140.de
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.fr
[2009.11.03 01:02:00 | 000,031,232 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vclimg140.de
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.fr
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.fr
[2009.11.03 01:02:00 | 000,030,720 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\dbrtl140.de
[2009.11.03 01:02:00 | 000,030,208 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldb140.de
[2009.11.03 01:02:00 | 000,024,064 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.fr
[2009.11.03 01:02:00 | 000,024,064 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\adortl140.de
[2009.11.03 01:02:00 | 000,022,528 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.fr
[2009.11.03 01:02:00 | 000,022,528 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Programme\vcldbx140.de
[2007.07.12 04:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Mia\AppData\Local\*.tmp files -> C:\Users\Mia\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.12 19:45:19 | 000,654,142 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.12 19:45:19 | 000,609,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.12 19:45:19 | 000,135,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.12 19:45:19 | 000,112,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.12 19:40:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mia\Desktop\OTL.exe
[2011.06.12 19:31:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.12 18:32:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 18:32:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 12:31:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.12 12:05:46 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mia\Desktop\tdsskiller.exe
[2011.06.12 10:32:28 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.06.12 10:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.12 10:32:05 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.12 07:52:50 | 005,594,656 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011.06.12 07:52:50 | 001,392,672 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2011.06.12 07:52:50 | 000,051,076 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011.06.12 07:52:50 | 000,007,936 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2011.06.11 13:22:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.11 12:02:06 | 001,007,120 | ---- | M] () -- C:\rkill.com
[2011.06.11 11:14:44 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mia\Desktop\hub.exe
[2011.06.11 10:19:28 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{5BEC8B88-CD64-455B-B7C4-93F9AB9FC6D2}
[2011.06.09 20:59:30 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 20:58:59 | 000,002,673 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011.06.09 20:58:45 | 000,002,633 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office Excel 2007.lnk
[2011.06.09 20:57:25 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{7C3B0EBF-9673-484F-A4D6-C41D6A07BD6A}
[2011.06.07 23:39:28 | 000,079,360 | ---- | M] () -- C:\Users\Mia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.07 22:35:38 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{5C445305-29F7-42D0-89A4-F994A5F0E10C}
[2011.06.07 22:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{634699C0-36E3-4EE5-BB31-E3052B45804F}
[2011.06.07 16:00:28 | 000,000,000 | ---- | M] () -- C:\Users\Mia\AppData\Local\{A6A917B2-AE33-4E62-A0C7-80AFC662422E}
[2011.06.05 09:40:08 | 000,167,745 | ---- | M] () -- C:\Users\Mia\Desktop\VP1.3.6.pdf
[2011.06.04 00:13:43 | 000,489,682 | ---- | M] () -- C:\Users\Mia\Desktop\reise.pdf
[2011.06.04 00:08:22 | 000,489,655 | ---- | M] () -- C:\Users\Mia\Desktop\reise2.pdf
[2011.06.01 08:03:54 | 000,160,431 | ---- | M] () -- C:\Users\Mia\Desktop\LEL.pdf
[2011.06.01 08:01:35 | 000,401,148 | ---- | M] () -- C:\Users\Mia\Desktop\LEL.jpg
[2011.05.30 00:07:36 | 000,488,927 | ---- | M] () -- C:\Users\Mia\Desktop\Emden.pdf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 17:26:56 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.05.16 12:28:25 | 000,002,545 | ---- | M] () -- C:\Users\Mia\Desktop\VPN Client.lnk
[2011.05.14 16:31:52 | 000,002,631 | ---- | M] () -- C:\Users\Mia\Desktop\Microsoft Office Word 2007.lnk
[1 C:\Users\Mia\AppData\Local\*.tmp files -> C:\Users\Mia\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.12 10:32:05 | 2137,186,304 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.11 13:22:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.11 13:19:14 | 001,007,120 | ---- | C] () -- C:\rkill.com
[2011.06.11 10:19:28 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{5BEC8B88-CD64-455B-B7C4-93F9AB9FC6D2}
[2011.06.09 20:57:25 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{7C3B0EBF-9673-484F-A4D6-C41D6A07BD6A}
[2011.06.07 22:35:38 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{5C445305-29F7-42D0-89A4-F994A5F0E10C}
[2011.06.07 22:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{634699C0-36E3-4EE5-BB31-E3052B45804F}
[2011.06.07 16:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Mia\AppData\Local\{A6A917B2-AE33-4E62-A0C7-80AFC662422E}
[2011.06.05 10:11:33 | 000,167,745 | ---- | C] () -- C:\Users\Mia\Desktop\VP1.3.6.pdf
[2011.06.04 00:13:43 | 000,489,682 | ---- | C] () -- C:\Users\Mia\Desktop\reise.pdf
[2011.06.04 00:08:22 | 000,489,655 | ---- | C] () -- C:\Users\Mia\Desktop\reise2.pdf
[2011.06.01 08:03:49 | 000,160,431 | ---- | C] () -- C:\Users\Mia\Desktop\LEL.pdf
[2011.06.01 08:01:34 | 000,401,148 | ---- | C] () -- C:\Users\Mia\Desktop\LEL.jpg
[2011.05.30 00:07:36 | 000,488,927 | ---- | C] () -- C:\Users\Mia\Desktop\Emden.pdf
[2010.08.16 20:46:01 | 000,000,051 | ---- | C] () -- C:\Windows\Fendt Comic.ini
[2010.07.23 10:28:50 | 000,018,326 | ---- | C] () -- C:\Programme\gemis.g4o
[2010.07.21 12:53:04 | 000,003,502 | ---- | C] () -- C:\Programme\g4readmecs.htm
[2010.07.16 14:17:06 | 000,003,327 | ---- | C] () -- C:\Programme\g4readmeen.htm
[2010.07.16 13:54:58 | 000,003,904 | ---- | C] () -- C:\Programme\g4readmede.htm
[2010.07.09 20:31:10 | 000,007,148 | ---- | C] () -- C:\Programme\g4readmees.htm
[2010.07.09 20:30:12 | 000,006,486 | ---- | C] () -- C:\Programme\g4readmefr.htm
[2009.09.25 20:57:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.25 20:57:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.26 16:46:00 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009.07.26 16:46:00 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009.07.26 16:44:57 | 005,594,656 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.07.26 16:44:57 | 001,392,672 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009.04.30 12:54:14 | 000,026,577 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.01.23 09:32:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdsuinst.exe
[2009.01.23 09:25:12 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009.01.23 09:25:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2009.01.23 09:25:12 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2008.11.09 13:04:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.09 13:04:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.09 13:03:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.11.09 12:57:16 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.07.25 23:33:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.29 09:01:13 | 000,012,800 | ---- | C] () -- C:\Windows\jrew.exe
[2008.05.29 09:01:13 | 000,012,288 | ---- | C] () -- C:\Windows\jre.exe
[2008.05.29 08:58:23 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2008.05.29 08:58:21 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008.05.29 08:58:17 | 000,086,016 | ---- | C] () -- C:\Windows\System32\AFFile.dll
[2008.05.29 08:58:16 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008.01.28 15:21:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.01.13 22:58:33 | 000,001,190 | ---- | C] () -- C:\Windows\mozver.dat
[2007.09.27 11:34:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.27 11:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.09.06 11:16:54 | 000,079,360 | ---- | C] () -- C:\Users\Mia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.06 10:46:08 | 000,553,174 | ---- | C] () -- C:\Users\Mia\AppData\Roaming\UserTile.png
[2007.09.06 09:03:51 | 000,007,226 | ---- | C] () -- C:\Users\Mia\AppData\Roaming\wklnhst.dat
[2007.09.06 08:45:41 | 000,000,093 | ---- | C] () -- C:\Users\Mia\AppData\Local\fusioncache.dat
[2007.07.12 04:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.09 17:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2007.07.06 07:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.07.06 07:39:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.07.06 07:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.07.06 06:41:51 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.07.06 06:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.06.20 13:44:37 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007.06.20 13:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.06.20 13:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.06.11 14:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.06.11 14:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,654,142 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,135,602 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,370,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,018 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,112,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2004.09.16 16:26:50 | 000,001,901 | ---- | C] () -- C:\Programme\g4licencecs.htm
[2000.03.16 17:32:26 | 000,001,675 | ---- | C] () -- C:\Programme\g4licencede.htm
[2000.03.16 17:31:42 | 000,001,462 | ---- | C] () -- C:\Programme\g4licencees.htm
[2000.03.16 17:31:42 | 000,001,462 | ---- | C] () -- C:\Programme\g4licenceen.htm

< End of report >
         
Dankeschön!
Mia

Alt 14.06.2011, 10:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Zitat:
Datenbank Version: 6705
Art des Suchlaufs: Quick-Scan
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
__________________

__________________

Alt 14.06.2011, 12:37   #3
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



So, jetzt habe ich Malwarebytes aktualisiert und einen Voll-Scan gemacht.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6852

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

14.06.2011 13:32:07
mbam-log-2011-06-14 (13-32-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 330082
Laufzeit: 1 Stunde(n), 32 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 14.06.2011, 12:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eebfea7a-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfea85-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{eebfeac0-457e-11df-b6bc-0016d3840d56}\Shell\AutoRun\command - "" = F:\Menu.exe
:Files
C:\Users\Mia\AppData\Local\{*
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.06.2011, 18:29   #5
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Hallo cosinus,

danke für deine Hilfe.
Hier sind meine Logs.

Einmal als Admin ausgeführt das OTL
Code:
ATTFilter
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ not found.
========== FILES ==========
File\Folder C:\Users\Mia\AppData\Local\{* not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.0 log created on 06162011_190154
         
und einmal ganz normal ausgeführt.

Code:
ATTFilter
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ not found.
========== FILES ==========
C:\Users\Mia\AppData\Local\{5BEC8B88-CD64-455B-B7C4-93F9AB9FC6D2} moved successfully.
C:\Users\Mia\AppData\Local\{5C445305-29F7-42D0-89A4-F994A5F0E10C} moved successfully.
C:\Users\Mia\AppData\Local\{634699C0-36E3-4EE5-BB31-E3052B45804F} moved successfully.
C:\Users\Mia\AppData\Local\{7C3B0EBF-9673-484F-A4D6-C41D6A07BD6A} moved successfully.
C:\Users\Mia\AppData\Local\{A6A917B2-AE33-4E62-A0C7-80AFC662422E} moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.0 log created on 06162011_185839
         


Alt 16.06.2011, 20:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Malware protection entfernt - noch Reste auf Rechner?

Alt 22.06.2011, 08:51   #7
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



So, und hier ist die Logdatei vom TDSSKillder:

Code:
ATTFilter
2011/06/22 07:27:40.0467 4272	TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/22 07:27:40.0560 4272	================================================================================
2011/06/22 07:27:40.0560 4272	SystemInfo:
2011/06/22 07:27:40.0560 4272	
2011/06/22 07:27:40.0560 4272	OS Version: 6.0.6002 ServicePack: 2.0
2011/06/22 07:27:40.0560 4272	Product type: Workstation
2011/06/22 07:27:40.0560 4272	ComputerName: MIA-LAPTOP
2011/06/22 07:27:40.0560 4272	UserName: Mia
2011/06/22 07:27:40.0560 4272	Windows directory: C:\Windows
2011/06/22 07:27:40.0560 4272	System windows directory: C:\Windows
2011/06/22 07:27:40.0560 4272	Processor architecture: Intel x86
2011/06/22 07:27:40.0560 4272	Number of processors: 2
2011/06/22 07:27:40.0560 4272	Page size: 0x1000
2011/06/22 07:27:40.0560 4272	Boot type: Normal boot
2011/06/22 07:27:40.0560 4272	================================================================================
2011/06/22 07:27:41.0590 4272	Initialize success
2011/06/22 07:28:06.0051 5344	================================================================================
2011/06/22 07:28:06.0051 5344	Scan started
2011/06/22 07:28:06.0051 5344	Mode: Manual; 
2011/06/22 07:28:06.0051 5344	================================================================================
2011/06/22 07:28:06.0940 5344	61883           (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/06/22 07:28:07.0018 5344	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/22 07:28:07.0111 5344	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/22 07:28:07.0189 5344	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/22 07:28:07.0252 5344	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/22 07:28:07.0299 5344	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/22 07:28:07.0455 5344	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/22 07:28:07.0517 5344	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/22 07:28:07.0642 5344	akshasp         (3f9f42085ab5b6a55498a539c54575ab) C:\Windows\system32\DRIVERS\akshasp.sys
2011/06/22 07:28:07.0782 5344	aksusb          (d2b95315cc47f9230006fdbcba394d8d) C:\Windows\system32\DRIVERS\aksusb.sys
2011/06/22 07:28:07.0923 5344	aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
2011/06/22 07:28:08.0047 5344	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/22 07:28:08.0125 5344	amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
2011/06/22 07:28:08.0203 5344	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/22 07:28:08.0266 5344	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/22 07:28:08.0391 5344	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/22 07:28:08.0469 5344	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/22 07:28:08.0547 5344	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/22 07:28:08.0640 5344	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/22 07:28:08.0749 5344	Avc             (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/06/22 07:28:08.0859 5344	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/22 07:28:09.0015 5344	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/22 07:28:09.0093 5344	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/22 07:28:09.0139 5344	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/22 07:28:09.0186 5344	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/22 07:28:09.0217 5344	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/22 07:28:09.0249 5344	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/22 07:28:09.0280 5344	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/22 07:28:09.0327 5344	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/22 07:28:09.0389 5344	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/22 07:28:09.0483 5344	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/22 07:28:09.0592 5344	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/22 07:28:09.0654 5344	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/22 07:28:09.0763 5344	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/22 07:28:09.0826 5344	cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
2011/06/22 07:28:09.0857 5344	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/22 07:28:09.0919 5344	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/22 07:28:09.0966 5344	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/22 07:28:10.0075 5344	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/06/22 07:28:10.0153 5344	CVPNDRVA        (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/06/22 07:28:10.0294 5344	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/22 07:28:10.0387 5344	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/22 07:28:10.0528 5344	DNE             (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2011/06/22 07:28:10.0668 5344	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/22 07:28:10.0793 5344	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/22 07:28:10.0871 5344	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/22 07:28:10.0980 5344	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/22 07:28:11.0074 5344	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/22 07:28:11.0214 5344	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/22 07:28:11.0277 5344	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/22 07:28:11.0323 5344	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/22 07:28:11.0370 5344	FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/06/22 07:28:11.0433 5344	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/22 07:28:11.0495 5344	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/22 07:28:11.0573 5344	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/22 07:28:11.0635 5344	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/22 07:28:11.0745 5344	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/22 07:28:11.0776 5344	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/22 07:28:11.0823 5344	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/22 07:28:12.0010 5344	hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
2011/06/22 07:28:12.0103 5344	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/22 07:28:12.0181 5344	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/22 07:28:12.0213 5344	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/22 07:28:12.0275 5344	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/22 07:28:12.0337 5344	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/22 07:28:12.0431 5344	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/06/22 07:28:12.0462 5344	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/22 07:28:12.0571 5344	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/22 07:28:12.0634 5344	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/22 07:28:12.0727 5344	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/22 07:28:12.0868 5344	ialm            (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/22 07:28:12.0961 5344	iaStor          (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/22 07:28:13.0039 5344	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/22 07:28:13.0180 5344	igfx            (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/22 07:28:13.0227 5344	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/22 07:28:13.0367 5344	IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/22 07:28:13.0539 5344	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/22 07:28:13.0695 5344	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/22 07:28:13.0819 5344	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/22 07:28:13.0913 5344	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/22 07:28:13.0975 5344	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/22 07:28:14.0038 5344	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/22 07:28:14.0053 5344	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/22 07:28:14.0163 5344	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/22 07:28:14.0194 5344	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/22 07:28:14.0241 5344	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/22 07:28:14.0303 5344	Iviaspi         (5dce7eed60bae992bab7f5ff1ce60641) C:\Windows\system32\drivers\iviaspi.sys
2011/06/22 07:28:14.0381 5344	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/22 07:28:14.0412 5344	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/22 07:28:14.0490 5344	kl1             (cd6a8fa9395460ffe7fd8881a6c67254) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/22 07:28:14.0568 5344	klbg            (1fdd35aa7efaeb283198a3b14800f37e) C:\Windows\system32\drivers\klbg.sys
2011/06/22 07:28:14.0631 5344	KLFLTDEV        (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\Windows\system32\DRIVERS\klfltdev.sys
2011/06/22 07:28:14.0693 5344	KLIF            (a21a5d752ac69e94ef89aaa814a0296c) C:\Windows\system32\DRIVERS\klif.sys
2011/06/22 07:28:14.0724 5344	KLIM6           (29458f09e485e3c37ef3d440bab9ca9b) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/22 07:28:14.0818 5344	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/22 07:28:14.0927 5344	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/22 07:28:15.0005 5344	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/22 07:28:15.0052 5344	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/22 07:28:15.0083 5344	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/22 07:28:15.0145 5344	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/22 07:28:15.0255 5344	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/22 07:28:15.0317 5344	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/22 07:28:15.0379 5344	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/22 07:28:15.0457 5344	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/22 07:28:15.0489 5344	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/22 07:28:15.0535 5344	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/22 07:28:15.0613 5344	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/22 07:28:15.0707 5344	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/22 07:28:15.0801 5344	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/22 07:28:15.0879 5344	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/22 07:28:15.0957 5344	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/22 07:28:16.0035 5344	mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/22 07:28:16.0081 5344	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/22 07:28:16.0144 5344	msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
2011/06/22 07:28:16.0191 5344	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/22 07:28:16.0300 5344	MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/06/22 07:28:16.0347 5344	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/22 07:28:16.0409 5344	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/22 07:28:16.0503 5344	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/22 07:28:16.0565 5344	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/22 07:28:16.0643 5344	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/22 07:28:16.0705 5344	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/22 07:28:16.0768 5344	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/22 07:28:16.0799 5344	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/22 07:28:16.0846 5344	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/22 07:28:16.0939 5344	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/22 07:28:17.0033 5344	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/22 07:28:17.0111 5344	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/22 07:28:17.0173 5344	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/22 07:28:17.0205 5344	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/22 07:28:17.0267 5344	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/22 07:28:17.0345 5344	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/22 07:28:17.0407 5344	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/22 07:28:17.0485 5344	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/22 07:28:17.0610 5344	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/22 07:28:17.0657 5344	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/22 07:28:17.0782 5344	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/22 07:28:17.0860 5344	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/22 07:28:17.0907 5344	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/22 07:28:17.0938 5344	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/22 07:28:17.0985 5344	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/22 07:28:18.0063 5344	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/22 07:28:18.0250 5344	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/22 07:28:18.0343 5344	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/06/22 07:28:18.0406 5344	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/22 07:28:18.0453 5344	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/22 07:28:18.0531 5344	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/22 07:28:18.0577 5344	pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
2011/06/22 07:28:18.0640 5344	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/22 07:28:18.0718 5344	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/22 07:28:18.0874 5344	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/22 07:28:18.0921 5344	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/22 07:28:19.0030 5344	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/22 07:28:19.0108 5344	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/22 07:28:19.0155 5344	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/22 07:28:19.0233 5344	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/22 07:28:19.0342 5344	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/22 07:28:19.0404 5344	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/22 07:28:19.0482 5344	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/22 07:28:19.0560 5344	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/22 07:28:19.0638 5344	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/22 07:28:19.0716 5344	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/22 07:28:19.0794 5344	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/22 07:28:19.0872 5344	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/22 07:28:19.0919 5344	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/22 07:28:19.0966 5344	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/22 07:28:20.0091 5344	rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/22 07:28:20.0169 5344	rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/22 07:28:20.0247 5344	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/22 07:28:20.0325 5344	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/22 07:28:20.0356 5344	RTL8169         (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/22 07:28:20.0434 5344	RTL8187B        (0f2d736066656dee1c791087e0751e99) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/06/22 07:28:20.0512 5344	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/22 07:28:20.0668 5344	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/22 07:28:20.0761 5344	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/22 07:28:20.0855 5344	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/22 07:28:20.0949 5344	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/06/22 07:28:20.0980 5344	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/22 07:28:21.0120 5344	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/22 07:28:21.0167 5344	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/22 07:28:21.0214 5344	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/22 07:28:21.0245 5344	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/22 07:28:21.0307 5344	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/22 07:28:21.0354 5344	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/22 07:28:21.0463 5344	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/22 07:28:21.0573 5344	smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/22 07:28:21.0775 5344	SNP2UVC         (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/22 07:28:21.0822 5344	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/22 07:28:21.0916 5344	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/22 07:28:22.0025 5344	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/22 07:28:22.0134 5344	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/22 07:28:22.0228 5344	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/22 07:28:22.0353 5344	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/22 07:28:22.0415 5344	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/22 07:28:22.0446 5344	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/22 07:28:22.0493 5344	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/22 07:28:22.0555 5344	SynTP           (3196c5df63d5e86fc0041ae0c816b80f) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/22 07:28:22.0711 5344	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/22 07:28:22.0805 5344	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/22 07:28:22.0867 5344	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/22 07:28:22.0930 5344	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/22 07:28:22.0977 5344	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/22 07:28:23.0055 5344	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/22 07:28:23.0148 5344	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/22 07:28:23.0273 5344	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/22 07:28:23.0335 5344	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/22 07:28:23.0382 5344	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/22 07:28:23.0429 5344	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/22 07:28:23.0507 5344	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/22 07:28:23.0585 5344	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/22 07:28:23.0616 5344	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/22 07:28:23.0679 5344	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/22 07:28:23.0710 5344	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/22 07:28:23.0772 5344	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/22 07:28:23.0850 5344	USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/22 07:28:23.0913 5344	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/22 07:28:23.0944 5344	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/22 07:28:24.0069 5344	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/22 07:28:24.0178 5344	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/22 07:28:24.0225 5344	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/22 07:28:24.0271 5344	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/22 07:28:24.0381 5344	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/22 07:28:24.0412 5344	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/22 07:28:24.0459 5344	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/22 07:28:24.0490 5344	usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/22 07:28:24.0599 5344	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/22 07:28:24.0661 5344	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/22 07:28:24.0708 5344	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/22 07:28:24.0739 5344	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/22 07:28:24.0833 5344	viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
2011/06/22 07:28:24.0880 5344	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/22 07:28:24.0958 5344	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/22 07:28:25.0051 5344	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/22 07:28:25.0129 5344	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/22 07:28:25.0207 5344	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/22 07:28:25.0285 5344	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 07:28:25.0317 5344	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 07:28:25.0395 5344	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/22 07:28:25.0504 5344	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/22 07:28:25.0753 5344	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/22 07:28:25.0909 5344	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/22 07:28:26.0081 5344	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/22 07:28:26.0175 5344	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/22 07:28:26.0175 5344	================================================================================
2011/06/22 07:28:26.0175 5344	Scan finished
2011/06/22 07:28:26.0175 5344	================================================================================
2011/06/22 07:28:26.0237 5332	Detected object count: 0
2011/06/22 07:28:26.0237 5332	Actual detected object count: 0
         

Alt 22.06.2011, 11:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2011, 11:13   #9
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Hallo cosinus,

hier kommen die Logs.

Ist das normal, dass ich mit dem Rechner fast nichts mehr machen kann, d.h. keine Programme/ exe-Dateien ausführen kann? Er verhält sich so ähnlich, wie als er infizier war.

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-23.03 - Mia 24.06.2011  11:21:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.934 [GMT 2:00]
ausgeführt von:: c:\users\Mia\Desktop\cofi.exe.exe
AV: Kaspersky Security Suite CBE 09 *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Security Suite CBE 09 *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Security Suite CBE 09 *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\rnaph.dll
c:\windows\system32\temp.00A
c:\windows\system32\UNWISE.EXE
c:\windows\system32\userdata.dll
c:\windows\unin0407.exe
.
c:\windows\system32\kernel32.dll . . . ist infiziert!!
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-24 bis 2011-06-24  ))))))))))))))))))))))))))))))
.
.
2011-06-24 09:17 . 2011-06-24 09:17	--------	d-----w-	C:\32788R22FWJFW
2011-06-24 07:09 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{73228227-111D-42AA-ABBA-C0E49723CFCA}\mpengine.dll
2011-06-22 05:10 . 2011-04-21 13:58	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-22 05:10 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-22 05:10 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-22 05:08 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-22 05:01 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-22 04:58 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-22 04:58 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-22 04:58 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-22 04:58 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-22 04:58 . 2011-04-30 06:09	758784	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-22 04:58 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 16:58 . 2011-06-16 16:58	--------	d-----w-	C:\_OTL
2011-06-12 05:52 . 2011-06-12 05:52	0	---ha-w-	c:\users\Mia\AppData\Local\BIT44F4.tmp
2011-06-11 11:22 . 2011-06-11 11:22	--------	d-----w-	c:\users\Mia\AppData\Roaming\Malwarebytes
2011-06-11 11:22 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 11:22 . 2011-06-11 11:22	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-11 11:22 . 2011-06-11 11:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-11 11:22 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-11 11:19 . 2011-06-11 10:02	1007120	----a-w-	C:\rkill.com
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 15:21	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-03-08 08:11 . 2009-11-02 23:02	31232	----a-w-	c:\program files\xmlrtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02	31232	----a-w-	c:\program files\xmlrtl140.de
2011-03-08 08:11 . 2009-11-02 23:02	1572864	----a-w-	c:\program files\xmlrtl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	62464	----a-w-	c:\program files\vcldbx140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	36352	----a-w-	c:\program files\vclx140.fr
2011-03-08 08:11 . 2009-11-02 23:02	36352	----a-w-	c:\program files\vclx140.de
2011-03-08 08:11 . 2009-11-02 23:02	320512	----a-w-	c:\program files\vclimg140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	31232	----a-w-	c:\program files\vclimg140.fr
2011-03-08 08:11 . 2009-11-02 23:02	31232	----a-w-	c:\program files\vclimg140.de
2011-03-08 08:11 . 2009-11-02 23:02	237056	----a-w-	c:\program files\vclx140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	22528	----a-w-	c:\program files\vcldbx140.fr
2011-03-08 08:11 . 2009-11-02 23:02	22528	----a-w-	c:\program files\vcldbx140.de
2011-03-08 08:11 . 2009-11-02 23:02	314368	----a-w-	c:\program files\vcldb140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	30720	----a-w-	c:\program files\vcldb140.fr
2011-03-08 08:11 . 2009-11-02 23:02	30208	----a-w-	c:\program files\vcldb140.de
2011-03-08 08:11 . 2009-11-02 23:02	2446848	----a-w-	c:\program files\vcl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	212992	----a-w-	c:\program files\vcl140.de
2011-03-08 08:11 . 2009-11-02 23:02	211968	----a-w-	c:\program files\vcl140.fr
2011-03-08 08:11 . 2009-11-02 23:02	87040	----a-w-	c:\program files\rtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02	87040	----a-w-	c:\program files\rtl140.de
2011-03-08 08:11 . 2009-11-02 23:02	1785344	----a-w-	c:\program files\rtl140.bpl
2011-03-08 08:11 . 2010-07-30 14:12	4319232	----a-w-	c:\program files\Gemis.exe
2011-03-08 08:11 . 2010-07-02 14:42	611328	----a-w-	c:\program files\G4CountriesES.dll
2011-03-08 08:11 . 2010-07-02 14:42	593920	----a-w-	c:\program files\G4CountriesEN.dll
2011-03-08 08:11 . 2010-07-02 14:42	548864	----a-w-	c:\program files\G4CountriesFR.dll
2011-03-08 08:11 . 2010-07-02 14:42	594944	----a-w-	c:\program files\G4CountriesCS.dll
2011-03-08 08:11 . 2010-07-02 14:42	606720	----a-w-	c:\program files\G4CountriesDE.dll
2011-03-08 08:11 . 2009-11-02 23:02	406016	----a-w-	c:\program files\dbrtl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02	30720	----a-w-	c:\program files\dbrtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02	30720	----a-w-	c:\program files\dbrtl140.de
2011-03-08 08:11 . 2009-11-02 23:02	24064	----a-w-	c:\program files\adortl140.fr
2011-03-08 08:11 . 2009-11-02 23:02	24064	----a-w-	c:\program files\adortl140.de
2011-03-08 08:11 . 2009-11-02 23:02	176640	----a-w-	c:\program files\adortl140.bpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe" [2010-02-04 208616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-9-16 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll
.
[HKLM\~\startupfolder\C:^Users^Mia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-04-02 07:13	2356088	----a-w-	c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 14:58	65536	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-16 18:35	220160	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10	46632	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55	5674352	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12	30248	----a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46	255528	----a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 15:31	630784	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54	16896	----a-w-	c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-10 01:27	36864	----a-w-	c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 19:10]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 19:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Firefox\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
AddRemove-BZA-Rind SE 2.6.1 Demoversion - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-24 11:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conime.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-24  11:50:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-24 09:50
.
Vor Suchlauf: 9 Verzeichnis(se), 12.684.894.208 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.798.705.664 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6,129
- - End Of File - - 4E87168788C12B555BF9A8B144BAE30D
         
--- --- ---

Alt 24.06.2011, 11:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Filelook::
c:\windows\system32\kernel32.dll

File::
c:\users\Mia\AppData\Local\BIT44F4.tmp
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2011, 11:43   #11
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Ich kann die Datei nicht auf Combofix ziehen.

Fehlermeldung
"es wurde versucht ein Regierungsschlüßel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde".
C/User/Mia/Desktop/confiexe.exe

Ich kann keine Programe öffen und auch über die Systemsteuerung die Firewall nicht deaktiviern.
Hilfe - so langsam bekomme ich Panik!

ich habe den rechner runtergefahren und noch mal gestartet und nun hat sich die Datei auf Combofix ziehen lassen... nun läuft es

Hier die Log - jetzt scheint alles wieder normal zu gehen.

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-23.03 - Mia 24.06.2011  13:08:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1025 [GMT 2:00]
ausgeführt von:: c:\users\Mia\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Mia\Desktop\CFScript.txt
AV: Kaspersky Security Suite CBE 09 *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Security Suite CBE 09 *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Security Suite CBE 09 *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mia\AppData\Local\BIT44F4.tmp"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mia\AppData\Local\BIT44F4.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-24 bis 2011-06-24  ))))))))))))))))))))))))))))))
.
.
2011-06-24 11:22 . 2011-06-24 11:22    --------    d-----w-    c:\users\Mia\AppData\Local\temp
2011-06-24 11:22 . 2011-06-24 11:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-06-24 09:17 . 2011-06-24 09:50    --------    d-----w-    C:\cofi.exe
2011-06-24 09:17 . 2011-06-24 11:04    --------    d-----w-    C:\32788R22FWJFW
2011-06-24 07:09 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{73228227-111D-42AA-ABBA-C0E49723CFCA}\mpengine.dll
2011-06-22 05:10 . 2011-04-21 13:58    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2011-06-22 05:10 . 2011-04-29 13:25    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2011-06-22 05:10 . 2011-04-29 13:25    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2011-06-22 05:08 . 2011-04-14 14:59    75264    ----a-w-    c:\windows\system32\drivers\dfsc.sys
2011-06-22 05:01 . 2010-12-20 16:35    563712    ----a-w-    c:\windows\system32\oleaut32.dll
2011-06-22 04:58 . 2011-05-02 17:16    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2011-06-22 04:58 . 2011-04-29 13:24    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-22 04:58 . 2011-04-29 13:24    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-22 04:58 . 2011-04-29 13:24    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-22 04:58 . 2011-04-30 06:09    758784    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-22 04:58 . 2011-05-02 12:02    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2011-06-16 16:58 . 2011-06-16 16:58    --------    d-----w-    C:\_OTL
2011-06-11 11:22 . 2011-06-11 11:22    --------    d-----w-    c:\users\Mia\AppData\Roaming\Malwarebytes
2011-06-11 11:22 . 2011-05-29 07:11    39984    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 11:22 . 2011-06-11 11:22    --------    d-----w-    c:\programdata\Malwarebytes
2011-06-11 11:22 . 2011-06-11 11:22    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-06-11 11:22 . 2011-05-29 07:11    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-06-11 11:19 . 2011-06-11 10:02    1007120    ----a-w-    C:\rkill.com
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 15:21    222080    ------w-    c:\windows\system32\MpSigStub.exe
2011-03-08 08:11 . 2009-11-02 23:02    31232    ----a-w-    c:\program files\xmlrtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02    31232    ----a-w-    c:\program files\xmlrtl140.de
2011-03-08 08:11 . 2009-11-02 23:02    1572864    ----a-w-    c:\program files\xmlrtl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    62464    ----a-w-    c:\program files\vcldbx140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    36352    ----a-w-    c:\program files\vclx140.fr
2011-03-08 08:11 . 2009-11-02 23:02    36352    ----a-w-    c:\program files\vclx140.de
2011-03-08 08:11 . 2009-11-02 23:02    320512    ----a-w-    c:\program files\vclimg140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    31232    ----a-w-    c:\program files\vclimg140.fr
2011-03-08 08:11 . 2009-11-02 23:02    31232    ----a-w-    c:\program files\vclimg140.de
2011-03-08 08:11 . 2009-11-02 23:02    237056    ----a-w-    c:\program files\vclx140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    22528    ----a-w-    c:\program files\vcldbx140.fr
2011-03-08 08:11 . 2009-11-02 23:02    22528    ----a-w-    c:\program files\vcldbx140.de
2011-03-08 08:11 . 2009-11-02 23:02    314368    ----a-w-    c:\program files\vcldb140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    30720    ----a-w-    c:\program files\vcldb140.fr
2011-03-08 08:11 . 2009-11-02 23:02    30208    ----a-w-    c:\program files\vcldb140.de
2011-03-08 08:11 . 2009-11-02 23:02    2446848    ----a-w-    c:\program files\vcl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    212992    ----a-w-    c:\program files\vcl140.de
2011-03-08 08:11 . 2009-11-02 23:02    211968    ----a-w-    c:\program files\vcl140.fr
2011-03-08 08:11 . 2009-11-02 23:02    87040    ----a-w-    c:\program files\rtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02    87040    ----a-w-    c:\program files\rtl140.de
2011-03-08 08:11 . 2009-11-02 23:02    1785344    ----a-w-    c:\program files\rtl140.bpl
2011-03-08 08:11 . 2010-07-30 14:12    4319232    ----a-w-    c:\program files\Gemis.exe
2011-03-08 08:11 . 2010-07-02 14:42    611328    ----a-w-    c:\program files\G4CountriesES.dll
2011-03-08 08:11 . 2010-07-02 14:42    593920    ----a-w-    c:\program files\G4CountriesEN.dll
2011-03-08 08:11 . 2010-07-02 14:42    548864    ----a-w-    c:\program files\G4CountriesFR.dll
2011-03-08 08:11 . 2010-07-02 14:42    594944    ----a-w-    c:\program files\G4CountriesCS.dll
2011-03-08 08:11 . 2010-07-02 14:42    606720    ----a-w-    c:\program files\G4CountriesDE.dll
2011-03-08 08:11 . 2009-11-02 23:02    406016    ----a-w-    c:\program files\dbrtl140.bpl
2011-03-08 08:11 . 2009-11-02 23:02    30720    ----a-w-    c:\program files\dbrtl140.fr
2011-03-08 08:11 . 2009-11-02 23:02    30720    ----a-w-    c:\program files\dbrtl140.de
2011-03-08 08:11 . 2009-11-02 23:02    24064    ----a-w-    c:\program files\adortl140.fr
2011-03-08 08:11 . 2009-11-02 23:02    24064    ----a-w-    c:\program files\adortl140.de
2011-03-08 08:11 . 2009-11-02 23:02    176640    ----a-w-    c:\program files\adortl140.bpl
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\kernel32.dll ---
Company: Microsoft Corporation
File Description: Client-DLL für Windows NT-Basis-API
File Version: 6.0.6001.18000 (longhorn_rtm.080118-1840)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: kernel32
File size: 891392
Created time: 2009-09-25 18:57
Modified time: 2009-04-11 06:28
MD5: BB8509089E7DF514310814E1B2593FFC
SHA1: B399DC427FBAE211A1D1C55C5B7C89AB4D4E8607
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe" [2010-02-04 208616]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-9-16 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll
.
[HKLM\~\startupfolder\C:^Users^Mia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-04-02 07:13    2356088    ----a-w-    c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 14:58    65536    ------w-    c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-16 18:35    220160    ----a-w-    c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10    46632    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55    5674352    ----a-w-    c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12    30248    ----a-w-    c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46    255528    ----a-w-    c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 15:31    630784    ----a-w-    c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 14:54    16896    ----a-w-    c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-10 01:27    36864    ----a-w-    c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 19:10]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 19:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\cc80b7ka.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Firefox\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-24 13:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H???????????H5??*e?w????H5??????0???$???????d????? w;???????Rs?w?s?w????????????Cb?v????4???&??v????????x???t???? A?????????? A?Z:??Cb?v|????????a@?H??????????? ?A?>???????? A???@??????x@??????:????@???????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-06-24  13:33:53
ComboFix-quarantined-files.txt  2011-06-24 11:33
ComboFix2.txt  2011-06-24 09:50
.
Vor Suchlauf: 14 Verzeichnis(se), 12.735.471.616 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.697.997.312 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6,129
- - End Of File - - 65863DF0E88A5988AE89B977DC77458F
         
--- --- ---

Alt 24.06.2011, 13:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.07.2011, 21:51   #13
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



GMER ist abgestürzt, deshalb keine Logs

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:53:30 on 14.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Mia\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys
"mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys  (File not found)
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll  (File not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
"ICQ Lite" - ? - C:\Program Files\ICQLite\ICQLite.exe  (File not found)
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe  (File not found)
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
"Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Kaspersky Security Suite CBE 09" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
und dann noch MBRCheck

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	MEDION
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		MEDION
System Product Name:		WIM2160
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 152):
  0x8884A000 \SystemRoot\system32\ntoskrnl.exe
  0x88817000 \SystemRoot\system32\hal.dll
  0x89003000 \SystemRoot\system32\kdcom.dll
  0x8900A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8907A000 \SystemRoot\system32\PSHED.dll
  0x8908B000 \SystemRoot\system32\BOOTVID.dll
  0x89093000 \SystemRoot\system32\CLFS.SYS
  0x890D4000 \SystemRoot\system32\CI.dll
  0x891B4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x89230000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8923D000 \SystemRoot\system32\drivers\acpi.sys
  0x89283000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8928C000 \SystemRoot\system32\drivers\msisadrv.sys
  0x89294000 \SystemRoot\system32\drivers\pci.sys
  0x892BB000 \SystemRoot\System32\drivers\partmgr.sys
  0x892CA000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x892CD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x892D7000 \SystemRoot\system32\drivers\volmgr.sys
  0x892E6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x89330000 \SystemRoot\system32\drivers\intelide.sys
  0x89337000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x89345000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8E400000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8E4B8000 \SystemRoot\system32\drivers\atapi.sys
  0x8E4C0000 \SystemRoot\system32\drivers\ataport.SYS
  0x8E4DE000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8E510000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8E520000 \SystemRoot\system32\drivers\klbg.sys
  0x8E52B000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8E59C000 \SystemRoot\system32\drivers\ndis.sys
  0x8E6A7000 \SystemRoot\system32\drivers\msrpc.sys
  0x8E6D2000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8E70D000 \SystemRoot\System32\drivers\tcpip.sys
  0x89355000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8E805000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8E915000 \SystemRoot\system32\drivers\volsnap.sys
  0x8E94E000 \SystemRoot\system32\DRIVERS\uagp35.sys
  0x8E95F000 \SystemRoot\System32\Drivers\spldr.sys
  0x8E967000 \SystemRoot\System32\Drivers\mup.sys
  0x8E976000 \SystemRoot\System32\drivers\ecache.sys
  0x8E99D000 \SystemRoot\system32\drivers\disk.sys
  0x8E9AE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8E9CF000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8EA9D000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8EAA8000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8EAB1000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8EAC0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x94804000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x94E08000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x94EA8000 \SystemRoot\System32\drivers\watchdog.sys
  0x94EB4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x94F41000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x94F4C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x94F8A000 \SystemRoot\system32\DRIVERS\klfltdev.sys
  0x94F93000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x94FA2000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x94FB2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x94FC0000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x94FDA000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x94FE8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8EAC9000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x94FFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8EB1A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8EB2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8EB38000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x94800000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8EB63000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8EB6E000 \SystemRoot\system32\drivers\iviaspi.sys
  0x8EB71000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8EB89000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8EB8F000 \SystemRoot\system32\DRIVERS\dne2000.sys
  0x8EBAD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x89370000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EBDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EBE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x893B1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x893BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x893DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x95808000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9581C000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x95831000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x95841000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x95843000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9586D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x95877000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x95884000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x958B9000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x958CA000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x95A72000 \SystemRoot\system32\drivers\portcls.sys
  0x95A9F000 \SystemRoot\system32\drivers\drmk.sys
  0x95AC4000 \SystemRoot\system32\DRIVERS\smserial.sys
  0x95BB4000 \SystemRoot\system32\drivers\modem.sys
  0x95BC1000 \SystemRoot\system32\DRIVERS\klif.sys
  0x8E7F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x95800000 \SystemRoot\System32\Drivers\Null.SYS
  0x893EE000 \SystemRoot\System32\Drivers\Beep.SYS
  0x9600B000 \SystemRoot\System32\drivers\vga.sys
  0x96017000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x96038000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x96040000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x96048000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x96053000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x96061000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9606A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x96400000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x9691F000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x96AC6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x96AD3000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x96ADA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x96AEE000 \SystemRoot\system32\drivers\afd.sys
  0x96B36000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
  0x96B83000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x96BB5000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x96BCB000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x96BD2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x96BE0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x96BF3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x96080000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x960BC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x96BF9000 \SystemRoot\System32\Drivers\Hotkey.SYS
  0x960C6000 \SystemRoot\System32\Drivers\dfsc.sys
  0x960DD000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x96105000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x96112000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x844F0000 \SystemRoot\System32\win32k.sys
  0x961CA000 \SystemRoot\System32\drivers\Dxapi.sys
  0x961D4000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x84710000 \SystemRoot\System32\TSDDD.dll
  0x84730000 \SystemRoot\System32\cdd.dll
  0x961E3000 \SystemRoot\system32\drivers\luafv.sys
  0x96206000 \SystemRoot\system32\drivers\spsys.sys
  0x962B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x962C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x962F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x962FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9630D000 \SystemRoot\system32\drivers\HTTP.sys
  0x9637A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x96397000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x963B0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x963C5000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8E9D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8E9F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x963E6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8EA30000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xB6C01000 \SystemRoot\System32\DRIVERS\srv.sys
  0xB6C50000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
  0xB6CE0000 \??\C:\Windows\system32\drivers\hardlock.sys
  0xB6D8A000 \SystemRoot\system32\drivers\peauth.sys
  0xB6E68000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xB6E72000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xB6E7E000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 74):
       0 System Idle Process
       4 System
     572 C:\Windows\System32\smss.exe
     688 csrss.exe
     732 C:\Windows\System32\wininit.exe
     740 csrss.exe
     776 C:\Windows\System32\services.exe
     808 C:\Windows\System32\winlogon.exe
     828 C:\Windows\System32\lsass.exe
     848 C:\Windows\System32\lsm.exe
     992 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\audiodg.exe
    1372 C:\Windows\System32\svchost.exe
    1388 C:\Windows\System32\SLsvc.exe
    1536 C:\Windows\System32\svchost.exe
    1784 C:\Windows\System32\spoolsv.exe
    1808 C:\Windows\System32\svchost.exe
    1972 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2008 C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
    2040 C:\Program Files\Bonjour\mDNSResponder.exe
     216 C:\Windows\System32\svchost.exe
     224 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
     408 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
     724 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
     864 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
     832 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
     888 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
    1592 C:\Windows\System32\svchost.exe
    1656 C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe
     364 C:\Windows\System32\svchost.exe
    1352 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    1572 C:\Windows\System32\svchost.exe
    2064 C:\Windows\System32\SearchIndexer.exe
    2148 C:\Windows\System32\taskeng.exe
    2452 C:\Windows\System32\dwm.exe
     728 C:\Windows\explorer.exe
    2616 C:\Windows\System32\taskeng.exe
    2904 C:\Windows\RtHDVCpl.exe
    2508 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3380 C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
    3408 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3516 C:\Windows\System32\igfxtray.exe
    3512 C:\Windows\System32\hkcmd.exe
    3540 C:\Windows\System32\igfxpers.exe
    3564 C:\Program Files\Launch Manager\LaunchAp.exe
    3576 C:\Program Files\Launch Manager\HotkeyApp.exe
    3620 C:\Program Files\Launch Manager\OSD.exe
     968 C:\Program Files\Launch Manager\WButton.exe
    3120 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    3712 C:\Program Files\iTunes\iTunesHelper.exe
    3780 C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
    3792 C:\Program Files\Windows Sidebar\sidebar.exe
    3840 C:\Windows\ehome\ehtray.exe
    3696 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    3760 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2788 C:\Windows\System32\wbem\unsecapp.exe
    2608 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1300 C:\Program Files\Launch Manager\WisLMSvc.exe
    3808 WmiPrvSE.exe
    1408 C:\Windows\System32\igfxsrvc.exe
    3900 C:\Windows\ehome\ehmsas.exe
    3004 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    4112 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    4172 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    4464 C:\Program Files\iPod\bin\iPodService.exe
    4624 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\wuauclt.exe
    3456 C:\Users\Mia\Desktop\MBRCheck.exe
    4092 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`bfc6da00  (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Alt 17.07.2011, 21:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



Zitat:
"mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found)
Bitte mit OSAM deaktivieren und löschen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.07.2011, 10:49   #15
mia82
 
Malware protection entfernt - noch Reste auf Rechner? - Standard

Malware protection entfernt - noch Reste auf Rechner?



habe es mit OSAM deaktiviert (siehe Anhang)

und hier ist die Log-Datei

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:29:12 on 19.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Mia\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
(Disabled) "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll  (File not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
"ICQ Lite" - ? - C:\Program Files\ICQLite\ICQLite.exe  (File not found)
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe  (File not found)
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
"Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Kaspersky Security Suite CBE 09" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Miniaturansicht angehängter Grafiken
Malware protection entfernt - noch Reste auf Rechner?-osam-log.jpg  

Antwort

Themen zu Malware protection entfernt - noch Reste auf Rechner?
avira, avp, avp.exe, bho, bonjour, ebay, error, excel.exe, firefox, gcs.exe, home, hotkey.sys, intranet, kaspersky, keine programme, launch, malware, malwarefund, microsoft office word, mozilla, mozilla thunderbird, nicht starten, normaler modus, object, realtek, registry, scan, scan durchgelaufen, searchplugins, security, senden, software, start menu, starten, system, trojaner-board, usb, viren, vista, windows



Ähnliche Themen: Malware protection entfernt - noch Reste auf Rechner?


  1. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  2. Virus LyricsPal.exe gefunden und mit Avira entfernt. Ist der Rechner jetzt wieder sauber oder noch verseucht?
    Log-Analyse und Auswertung - 22.09.2013 (13)
  3. LyricsWoofer selbst entfernt, noch Reste vorhanden?
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (3)
  4. GVU Trojaner entfernt - noch Reste vorhanden?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (21)
  5. Nach GVU Trojaner (bereits entfernt durch euch), möglicherweise noch Rootkit auf meinem Rechner?
    Log-Analyse und Auswertung - 10.01.2013 (11)
  6. System progressive protection - noch Reste vorhanden?
    Log-Analyse und Auswertung - 08.01.2013 (2)
  7. Abnow entfernt. Reste vorhanden?
    Log-Analyse und Auswertung - 30.03.2012 (7)
  8. noch Reste von Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (1)
  9. System Check Malware entfernt, aber immer noch Probleme
    Log-Analyse und Auswertung - 13.02.2012 (37)
  10. Systemfix und Win 7 internet Security - hoffentlich bald alle reste entfernt?
    Log-Analyse und Auswertung - 08.12.2011 (7)
  11. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  12. Noch thinkpoint Reste nach Systemwiederherstellung
    Alles rund um Windows - 09.04.2011 (3)
  13. malware (reste) auf dem pc?
    Log-Analyse und Auswertung - 02.01.2011 (9)
  14. Vundo anscheinend entfernt...aber Rechner ist trotzdem noch langsam?!?!
    Log-Analyse und Auswertung - 08.04.2009 (5)
  15. WinSpywareProtect entfernt - andere Malware noch vorhanden
    Log-Analyse und Auswertung - 21.05.2008 (11)
  16. Zlob: Noch reste auf dem Comp oder bin ich ihn los??
    Plagegeister aller Art und deren Bekämpfung - 24.07.2007 (11)
  17. smid.fraud.c entfernt, aber Reste noch da
    Log-Analyse und Auswertung - 16.07.2005 (3)

Zum Thema Malware protection entfernt - noch Reste auf Rechner? - Guten Abend, mein Rechner (Windows Vista, Service Pack 2) hat mir mitgeteilt, dass er mit Viren verseucht sei. Es ist ein scheinbarer Virenscan durchgelaufen, aber nicht von Kaspersky, sondern die - Malware protection entfernt - noch Reste auf Rechner?...
Archiv
Du betrachtest: Malware protection entfernt - noch Reste auf Rechner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.