Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.10.2011, 13:49   #1
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hallo liebes Trojaner-Board-Team,

ich bin ganz neu hier und mein erster Beitrag ist auch gleich ein Problem...

Zunächst hatte ich auf einmal ein Tool namens "Security Sphere 2012" bei mir auf dem Rechner, welches nach jedem Neustart "aufpoppte". Ich konnte es aber mittels der Anleitung http://www.trojaner-board.de/103761-...entfernen.html entfernen. Top!

Ernüchterung machte sich jedoch recht zügig breit: Avira kam mit folgender Viruswarnung: "Masterbootsektor HD0"; unerwünschtes Programm "BOO/TDss.D". Ein Löschen war/ist nicht möglich.

Nach weiteren Recherchen im Internet und u. a. dem vergeblichen Versuch das Programm tdsskiller.exe zu starten, wende ich mich mit meinem Problem letztlich doch persönlich an euch.

Folgende Informationen könnten noch nützlich sein:

- Malwarebytes habe ich für das Entfernen von Security Sphere benötigt, allerdings findet das Programm immer wieder Infizierungen. Das letzte Logfile ist beigefügt.
- in unregelmäßigen Abständen "pinkt" automatisch die Aufforderung hoch, dass ich doch bitte den iExplorer installieren möchte. Gerade aktuell mit der Aufforderung firefox (mein eigentlicher browser) zu installieren. Habe ich immer abgelehnt (hängt wohl auch mit dem Virus zusammen).

Ich habe eure Punkte zum Erstellen eines Themas befolgt (bzw. befolgen wollen). Folgende Abweichungen sind aufgetreten:

- defogger hat mich nicht zu einem Neustart aufgefordert (denke unproblematisch)
- ich habe ein 32-Bit-System und daher auch den Punkt 3 befolgt. Beim Start habe ich allerdings die beigefügte Fehlermeldung erhalten.
Darüber hinaus habe ich ein Bild der Auswahl des Gmer-Programms beigefügt; auf dieser Basis wurde der Scan durchgeführt.
Als Ergebnis kam nur: "GMER has not found system modification". Logfile ist leer.

Für eure Unterstützung bedanke ich mich ganz herzlich im Voraus!

Viele Grüße
Tim

OLT.txt

Code:
ATTFilter
OTL logfile created on: 10/17/2011 1:16:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\skrti011\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.18 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 65.14% Memory free
6.35 Gb Paging File | 5.09 Gb Available in Paging File | 80.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 43.97 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.61 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
 
Computer Name: SKRTI011-PC | User Name: skrti011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
PRC - [2011/10/17 10:51:34 | 000,192,000 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe
PRC - [2011/10/17 10:51:03 | 000,284,160 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe
PRC - [2011/10/17 09:56:02 | 000,176,640 | ---- | M] () -- C:\Program Files\Internet Explorer\48DE\B7C.exe
PRC - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/04 23:01:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/03 01:37:30 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpressServer.exe
PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/17 10:51:34 | 000,192,000 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe
MOD - [2011/10/17 10:51:03 | 000,284,160 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe
MOD - [2011/10/17 09:56:02 | 000,176,640 | ---- | M] () -- C:\Program Files\Internet Explorer\48DE\B7C.exe
MOD - [2011/10/15 09:06:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 09:06:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/15 09:05:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 09:04:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 09:04:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/07/26 16:27:00 | 000,010,856 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010/02/12 16:20:04 | 000,031,840 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideops.dll
MOD - [2009/11/25 01:58:42 | 001,031,976 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\Language\DEU\P2GRC.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/11/02 23:20:02 | 000,144,680 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLVistaAudioMixer.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 05:41:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/06/28 18:14:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:14:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/16 22:30:36 | 000,482,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/03/16 22:30:12 | 000,791,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/03/16 18:49:00 | 000,140,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://medion.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57616
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57616
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/23 21:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 19:24:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
 
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Extensions
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Firefox\Profiles\cskd47h4.default\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/17 00:08:52 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/10/27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B7C.exe] C:\Program Files\Internet Explorer\48DE\B7C.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [B7C.exe] C:\Users\skrti011\AppData\Roaming\Microsoft\48DE\B7C.exe ()
F3 - HKCU WinNT: Load - (C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe) -C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 10.120.136.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB5CB38F-18CC-4EB4-8415-2AAD680E5D04}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe) -C:\Users\skrti011\AppData\Roaming\E0104\A5448.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell\AutoRun\command - "" = E:\web.exe html\INDEX.HTM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.10.17 13:10:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011.10.17 12:21:09 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011.10.17 11:53:26 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011.10.17 11:26:06 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011.10.17 11:16:45 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011.10.17 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\Malwarebytes
[2011.10.17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.17 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.17 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\04700
[2011.10.17 09:48:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011.10.16 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\04700
[2011.10.16 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011.10.16 19:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\cE01300MgKfO01300
[2011.10.11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Local\{9D38B318-B402-40B0-8E22-5A80034D019C}
[2011.10.01 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\skrti011\Documents\Yvonne
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.17 13:18:30 | 000,176,640 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\iexplore.exe
[2011.10.17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011.10.17 13:09:46 | 000,000,000 | ---- | M] () -- C:\Users\skrti011\defogger_reenable
[2011.10.17 13:06:59 | 000,050,477 | ---- | M] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011.10.17 12:51:50 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.17 12:51:50 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.17 12:50:59 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.17 12:50:59 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.17 12:50:59 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.17 12:50:59 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.17 12:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.17 12:43:52 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.17 12:21:16 | 003,313,664 | ---- | M] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011.10.17 11:47:22 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011.10.17 11:24:58 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011.10.17 11:16:52 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011.10.17 10:34:10 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 10:32:22 | 000,000,150 | ---- | M] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011.10.17 10:32:02 | 000,000,130 | ---- | M] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011.10.17 09:49:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011.10.17 09:44:26 | 001,008,092 | ---- | M] () -- C:\Users\skrti011\Desktop\martin.com
[2011.10.15 09:42:31 | 000,197,877 | ---- | M] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011.10.15 09:39:52 | 000,254,284 | ---- | M] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011.10.15 09:03:29 | 000,290,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.01 19:44:28 | 000,006,934 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/02/11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.10.17 13:09:46 | 000,000,000 | ---- | C] () -- C:\Users\skrti011\defogger_reenable
[2011.10.17 13:06:59 | 000,050,477 | ---- | C] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011.10.17 12:45:09 | 000,176,640 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\iexplore.exe
[2011.10.17 10:34:10 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 10:32:00 | 000,000,130 | ---- | C] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011.10.17 09:57:51 | 000,000,150 | ---- | C] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011.10.17 09:45:59 | 001,008,092 | ---- | C] () -- C:\Users\skrti011\Desktop\martin.com
[2011.10.15 09:42:30 | 000,197,877 | ---- | C] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011.10.15 09:39:51 | 000,254,284 | ---- | C] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011.02.17 00:03:55 | 000,256,258 | ---- | C] () -- C:\Windows\hpwins24.dat
[2010/08/09 15:26:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/08/09 06:37:40 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/09 06:37:39 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/09 06:37:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/27 08:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 08:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/05/12 15:13:56 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/03/16 22:30:36 | 000,482,304 | ---- | C] () -- C:\Windows\System32\drivers\WSR_DWA.SYS
[2010/03/16 22:30:12 | 000,791,040 | ---- | C] () -- C:\Windows\System32\drivers\WSR_HWA.SYS
[2010/03/16 18:49:00 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\WSR_RCI.SYS
[2010.12.30 10:49:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.05 21:14:08 | 000,006,934 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[2010.08.14 00:50:46 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.08.14 00:50:45 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.08.09 14:23:48 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2009/07/14 06:33:53 | 000,290,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.11.06 11:53:13 | 000,001,832 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/04/21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== LOP Check ==========
 
[2010.10.30 16:51:55 | 000,000,000 | -HSD | M] -- C:\Users\skrti011\AppData\Roaming\.#
[2010.11.05 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\.freeciv
[2011.10.17 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\04700
[2010.10.31 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Ashampoo
[2010.11.05 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\BitTorrent
[2011.10.17 10:51:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011.08.16 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Juniper Networks
[2011.01.30 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Lexware
[2011.10.11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\SoftGrid Client
[2010.10.30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\TP
[2011.10.03 11:41:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.20 19:19:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.20 08:22:18 | 000,000,000 | ---D | M] -- C:\Backup Ext. Festplatte
[2011.03.21 19:17:09 | 000,000,000 | ---D | M] -- C:\Backup USB-Stick DFS 21.03.2011
[2011.10.15 01:34:25 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.10.30 16:09:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.03 13:19:23 | 000,000,000 | ---D | M] -- C:\Filme
[2010.08.09 06:44:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.17 10:34:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.17 10:34:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.05 18:23:39 | 000,000,000 | ---D | M] -- C:\Programme
[2010.10.30 16:09:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.08.10 21:39:06 | 000,000,000 | ---D | M] -- C:\redcoon
[2011.10.03 11:49:18 | 000,000,000 | ---D | M] -- C:\spiele
[2011.10.17 13:18:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.30 16:17:06 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.17 09:54:41 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-14 23:34:26

< End of report >
         

Alt 17.10.2011, 18:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 18.10.2011, 02:49   #3
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

also ich hab den vollständigen Scan mit Malwarebytes durchgeführt.

Ergebnis:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7967

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18.10.2011 03:15:13
mbam-log-2011-10-18 (03-15-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 446493
Laufzeit: 1 Stunde(n), 41 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 30

Infizierte Speicherprozesse:
c:\program files\internet explorer\48DE\B7C.exe (Backdoor.Bot) -> 1420 -> Failed to unload process.
c:\Users\skrti011\AppData\Roaming\E0104\A5448.exe (Backdoor.Bot) -> 4192 -> Failed to unload process.
c:\Users\skrti011\AppData\Roaming\04700\lvvm.exe (Backdoor.Bot) -> 4580 -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B7C.exe (Backdoor.Bot) -> Value: B7C.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B7C.exe (Backdoor.Bot) -> Value: B7C.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\skrti011\AppData\Roaming\04700\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\internet explorer\48DE\B7C.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\skrti011\AppData\Roaming\E0104\A5448.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\skrti011\AppData\Roaming\04700\lvvm.exe (Backdoor.Bot) -> Delete on reboot.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\B7C.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\iexplore.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\2D18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\3496.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\4308.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\4C6A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\61AE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\7C29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\8777.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\8C95.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\CD2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\D538.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\skrti011\AppData\Roaming\microsoft\48DE\EDE6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\backup ext. festplatte\fun- other stuff\winter.exe (JokeApp.EmailCollector) -> Quarantined and deleted successfully.
c:\backup ext. festplatte\thomas daten\Privat\Thomas\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
c:\program files\04700\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\1B5C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\3246.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\3A80.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\8833.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\96D2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\BD94.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\BE2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\E34C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\F7E5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\FA84.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\48DE\FB10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
         
Die älteren Logfiles sind im Anhang beigefügt.

Der Online-Scan war leider nicht möglich, da eine Online-Verbindung nach dem Vollscan nicht mehr hergestellt werden konnte: "Proxy-Server verweigert die Verbindung. Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind".

Ich hoffe, ich hab das System nicht total zerschossen. Verseucht hab ich´s ja scheinbar ganz ordentlich...

Gruß
Tim
__________________

Alt 18.10.2011, 19:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Zitat:
Der Online-Scan war leider nicht möglich, da eine Online-Verbindung nach dem Vollscan nicht mehr hergestellt werden konnte: "Proxy-Server verweigert die Verbindung. Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind".
Bitte beachten => http://www.trojaner-board.de/94344-p...n-pruefen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.10.2011, 17:06   #5
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

danke für den Tip. Allerdings konnte ich anschließend immer noch nicht mit firefox online gehen. Habe den Scan nun mit dem IE gemacht.

Hier der log.txt vom OnlineScanner:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4ff945c72cd9f44ab9ace0b0ddad452d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-18 08:28:34
# local_time=2011-10-18 10:28:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 302880 55501882 198059 0
# compatibility_mode=5893 16776574 100 94 12357193 70596217 0 0
# compatibility_mode=8192 67108863 100 0 476 476 0 0
# scanned=146587
# found=5
# cleaned=0
# scan_time=4709
C:\Backup Ext. Festplatte\Fun- other stuff\ferrariscreensaver.exe	Win32/Adware.Gator.Trickler application (unable to clean)	00000000000000000000000000000000	I
C:\Backup Ext. Festplatte\Fun- other stuff\gun.exe	probably a variant of Win32/Agent.EFDSENW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\AppData\Roaming\java.exe	a variant of Win32/Kryptik.UAA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\Downloads\SoftonicDownloader_fuer_age-of-empires.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\Downloads\SoftonicDownloader_fuer_simutrans.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4ff945c72cd9f44ab9ace0b0ddad452d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-18 11:21:51
# local_time=2011-10-19 01:21:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 307631 55506633 202810 0
# compatibility_mode=5893 16776574 100 94 12361944 70600968 0 0
# compatibility_mode=8192 67108863 100 0 5227 5227 0 0
# scanned=390075
# found=7
# cleaned=0
# scan_time=10355
C:\Backup Ext. Festplatte\Fun- other stuff\ferrariscreensaver.exe	Win32/Adware.Gator.Trickler application (unable to clean)	00000000000000000000000000000000	I
C:\Backup Ext. Festplatte\Fun- other stuff\gun.exe	probably a variant of Win32/Agent.EFDSENW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\AppData\Roaming\java.exe	a variant of Win32/Kryptik.UAA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\Downloads\SoftonicDownloader_fuer_age-of-empires.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\skrti011\Downloads\SoftonicDownloader_fuer_simutrans.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
F:\Backup Laptop 17.10.2011\Downloads\SoftonicDownloader_fuer_age-of-empires.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
F:\Backup Laptop 17.10.2011\Downloads\SoftonicDownloader_fuer_simutrans.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         
Ich musste den Scan ein zweites Mal starten. War etwas erschrocken von Softonic, da ich dies für einen seriösen Anbieter hielt und hab die zwei Dateien direkt gelöscht! Hoffe das ist kein Problem für die weitere "Reinigung" (ist mir leider erst danach gekommen).

Viele Grüße
Tim


Alt 19.10.2011, 17:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D

Alt 19.10.2011, 17:53   #7
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

hier der neue Scan mit OTL:

Code:
ATTFilter
OTL logfile created on: 10/19/2011 6:34:00 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\skrti011\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.18 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 61.37% Memory free
6.35 Gb Paging File | 4.98 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 395.40 Gb Free Space | 69.97% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.61 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Drive F: | 931.40 Gb Total Space | 208.83 Gb Free Space | 22.42% Space Free | Partition Type: FAT32
Drive G: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.74% Space Free | Partition Type: FAT
 
Computer Name: SKRTI011-PC | User Name: skrti011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
PRC - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/04 23:01:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/12/03 01:37:30 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpressServer.exe
PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/15 09:06:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 09:06:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/15 09:05:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 09:04:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 09:04:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/07/26 16:27:00 | 000,010,856 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010/02/12 16:20:04 | 000,031,840 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideops.dll
MOD - [2009/11/25 01:58:42 | 001,031,976 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\Language\DEU\P2GRC.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/11/02 23:20:02 | 000,144,680 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLVistaAudioMixer.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/28 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 21:10:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 05:41:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/06/28 18:14:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:14:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/16 22:30:36 | 000,482,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/03/16 22:30:12 | 000,791,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/03/16 18:49:00 | 000,140,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://medion.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57616
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57616
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/23 21:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 19:24:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/17 00:08:52 | 000,000,000 | ---D | M]
 
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Extensions
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skrti011\AppData\Roaming\mozilla\Firefox\Profiles\cskd47h4.default\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/30 10:46:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/17 00:08:52 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/10/27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 10.120.136.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB5CB38F-18CC-4EB4-8415-2AAD680E5D04}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) -C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell\AutoRun\command - "" = E:\web.exe html\INDEX.HTM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/18 21:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/17 13:10:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011/10/17 12:21:09 | 003,313,664 | ---- | C] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011/10/17 11:53:26 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011/10/17 11:26:06 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011/10/17 11:16:45 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011/10/17 10:34:28 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\Malwarebytes
[2011/10/17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 10:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/17 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\04700
[2011/10/17 09:48:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011/10/16 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\04700
[2011/10/16 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011/10/16 19:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\cE01300MgKfO01300
[2011/10/11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Local\{9D38B318-B402-40B0-8E22-5A80034D019C}
[2011/10/01 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\skrti011\Documents\Yvonne
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/19 16:17:22 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 16:17:22 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 16:14:14 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/19 16:14:14 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/19 16:14:14 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/19 16:14:14 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/19 16:09:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/19 16:09:51 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 02:16:14 | 000,176,640 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\java.exe
[2011/10/17 17:11:28 | 404,883,045 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/17 14:32:22 | 000,035,575 | ---- | M] () -- C:\Users\skrti011\Desktop\Logfiles + Bilder.zip
[2011/10/17 13:35:52 | 000,018,744 | ---- | M] () -- C:\Users\skrti011\Desktop\Auswahloption Gmer.JPG
[2011/10/17 13:34:10 | 000,022,716 | ---- | M] () -- C:\Users\skrti011\Desktop\Fehlermeldung Start GMER.JPG
[2011/10/17 13:26:36 | 000,302,592 | ---- | M] () -- C:\Users\skrti011\Desktop\c2npy4x.exe
[2011/10/17 13:10:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTL.exe
[2011/10/17 13:09:46 | 000,000,000 | ---- | M] () -- C:\Users\skrti011\defogger_reenable
[2011/10/17 13:06:59 | 000,050,477 | ---- | M] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011/10/17 12:21:16 | 003,313,664 | ---- | M] (Avira GmbH) -- C:\Users\skrti011\Desktop\bootwizard.exe
[2011/10/17 11:47:22 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\skrti011\Desktop\OTH.scr
[2011/10/17 11:24:58 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\hans.exe
[2011/10/17 11:16:52 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\skrti011\Desktop\tdsskiller.exe
[2011/10/17 10:34:10 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 10:32:22 | 000,000,150 | ---- | M] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011/10/17 10:32:02 | 000,000,130 | ---- | M] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011/10/17 09:49:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\skrti011\Desktop\herbert2.exe
[2011/10/17 09:44:26 | 001,008,092 | ---- | M] () -- C:\Users\skrti011\Desktop\martin.com
[2011/10/15 09:42:31 | 000,197,877 | ---- | M] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011/10/15 09:39:52 | 000,254,284 | ---- | M] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011/10/15 09:03:29 | 000,290,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/01 19:44:28 | 000,006,934 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/10/18 02:16:14 | 000,176,640 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\java.exe
[2011/10/17 14:32:22 | 000,035,575 | ---- | C] () -- C:\Users\skrti011\Desktop\Logfiles + Bilder.zip
[2011/10/17 13:35:52 | 000,018,744 | ---- | C] () -- C:\Users\skrti011\Desktop\Auswahloption Gmer.JPG
[2011/10/17 13:34:10 | 000,022,716 | ---- | C] () -- C:\Users\skrti011\Desktop\Fehlermeldung Start GMER.JPG
[2011/10/17 13:28:05 | 000,302,592 | ---- | C] () -- C:\Users\skrti011\Desktop\c2npy4x.exe
[2011/10/17 13:09:46 | 000,000,000 | ---- | C] () -- C:\Users\skrti011\defogger_reenable
[2011/10/17 13:06:59 | 000,050,477 | ---- | C] () -- C:\Users\skrti011\Desktop\Defogger.exe
[2011/10/17 10:34:10 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/17 10:32:00 | 000,000,130 | ---- | C] () -- C:\Users\skrti011\Desktop\hosts-perm.bat
[2011/10/17 09:57:51 | 000,000,150 | ---- | C] () -- C:\Users\skrti011\Desktop\rk-proxy.reg
[2011/10/17 09:45:59 | 001,008,092 | ---- | C] () -- C:\Users\skrti011\Desktop\martin.com
[2011/10/15 09:42:30 | 000,197,877 | ---- | C] () -- C:\Users\skrti011\Desktop\in-zeiten-des-abnehmenden-lichts.png
[2011/10/15 09:39:51 | 000,254,284 | ---- | C] () -- C:\Users\skrti011\Desktop\abgruende.png
[2011/02/17 00:03:55 | 000,256,258 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011/02/11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/12/30 10:49:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/05 21:14:08 | 000,006,934 | ---- | C] () -- C:\Users\skrti011\AppData\Roaming\.freeciv-client-rc-2.2
[2010/08/14 00:50:46 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010/08/14 00:50:45 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010/08/09 15:26:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/08/09 14:23:48 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/08/09 06:37:40 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/09 06:37:39 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/09 06:37:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/27 08:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2010/07/27 08:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2010/05/12 15:13:56 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/03/16 22:30:36 | 000,482,304 | ---- | C] () -- C:\Windows\System32\drivers\WSR_DWA.SYS
[2010/03/16 22:30:12 | 000,791,040 | ---- | C] () -- C:\Windows\System32\drivers\WSR_HWA.SYS
[2010/03/16 18:49:00 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\WSR_RCI.SYS
[2009/11/06 11:53:13 | 000,001,832 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,290,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== LOP Check ==========
 
[2010/10/30 16:51:55 | 000,000,000 | -HSD | M] -- C:\Users\skrti011\AppData\Roaming\.#
[2010/11/05 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\.freeciv
[2011/10/18 03:18:43 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\04700
[2010/10/31 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Ashampoo
[2010/11/05 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\BitTorrent
[2011/10/18 03:18:43 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011/08/16 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Juniper Networks
[2011/01/30 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Lexware
[2011/10/11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\SoftGrid Client
[2010/10/30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\TP
[2011/10/03 11:41:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/10/30 16:51:55 | 000,000,000 | -HSD | M] -- C:\Users\skrti011\AppData\Roaming\.#
[2010/11/05 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\.freeciv
[2011/10/18 03:18:43 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\04700
[2011/09/11 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Adobe
[2010/12/20 09:59:55 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Apple Computer
[2010/10/31 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Ashampoo
[2011/05/11 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Avira
[2010/11/05 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\BitTorrent
[2011/02/05 21:26:05 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\CyberLink
[2011/09/03 00:10:51 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\dvdcss
[2011/10/18 03:18:43 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011/05/14 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\HP
[2010/10/30 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Identities
[2011/01/30 14:02:57 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\InstallShield
[2011/08/16 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Juniper Networks
[2011/01/30 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Lexware
[2010/10/30 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Macromedia
[2011/10/17 10:34:28 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Malwarebytes
[2009/07/14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Media Center Programs
[2011/10/16 19:04:37 | 000,000,000 | --SD | M] -- C:\Users\skrti011\AppData\Roaming\Microsoft
[2010/10/30 17:27:26 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Mozilla
[2011/04/05 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\Skype
[2011/04/05 08:24:41 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\skypePM
[2011/10/11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\SoftGrid Client
[2010/10/30 17:43:34 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\TP
[2011/09/02 21:37:55 | 000,000,000 | ---D | M] -- C:\Users\skrti011\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011/10/18 02:16:14 | 000,176,640 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\java.exe
[2011/06/23 08:23:52 | 000,298,056 | ---- | M] (Juniper Networks) -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe
[2011/06/23 08:23:54 | 000,050,112 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
[2011/06/22 09:13:10 | 000,148,848 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011/06/22 09:13:30 | 000,280,512 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011/06/22 09:13:10 | 000,570,736 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011/06/22 09:12:38 | 000,345,912 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011/06/22 09:05:32 | 000,233,872 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011/06/22 09:13:32 | 000,056,432 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011/08/16 21:02:33 | 000,168,304 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
[2011/08/16 21:02:32 | 000,298,352 | ---- | M] () -- C:\Users\skrti011\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\skrti011\AppData\Local\Temp\RarSFX4\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.06.01 11:10:45 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.06.01 11:10:45 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

< End of report >
         
Gruß
Tim

Alt 19.10.2011, 18:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://medion.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57616
FF - prefs.js..network.proxy.type: 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\Shell\AutoRun\command - "" = E:\web.exe html\INDEX.HTM
[2011/10/16 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\04700
[2011/10/16 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Roaming\E0104
[2011/10/16 19:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\cE01300MgKfO01300
[2011/10/11 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\skrti011\AppData\Local\{9D38B318-B402-40B0-8E22-5A80034D019C}
[2010/10/30 16:51:55 | 000,000,000 | -HSD | M] -- C:\Users\skrti011\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.10.2011, 19:12   #9
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

also der Fix verlief ganz gut, bis mich die Meldung "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt Ihre Daten." etwas überraschte. Allerdings war der Fix schneller und hat mich zum Neustart aufgefordert.

Ergebnis: die Firusmeldung von Avira "BOO/TDss.D" ist weg und ich komme auch mit Firefox wieder online.

Hier noch das fix.txt:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Wikipedia (de)" removed from browser.search.selectedEngine
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: smartwebprinting@hp.com:4.51 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 57616 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{675d2ed8-e479-11df-b508-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{675d2ed8-e479-11df-b508-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{675d2ed8-e479-11df-b508-806e6f6e6963}\ not found.
File E:\web.exe html\INDEX.HTM not found.
C:\Users\skrti011\AppData\Roaming\04700 folder moved successfully.
C:\Users\skrti011\AppData\Roaming\E0104 folder moved successfully.
Folder C:\ProgramData\cE01300MgKfO01300\ not found.
C:\Users\skrti011\AppData\Local\{9D38B318-B402-40B0-8E22-5A80034D019C} folder moved successfully.
C:\Users\skrti011\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: skrti011
->Temp folder emptied: 111244775 bytes
->Temporary Internet Files folder emptied: 42678091 bytes
->Java cache emptied: 1063665 bytes
->FireFox cache emptied: 37574770 bytes
->Flash cache emptied: 60458 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63269211 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 244.00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10192011_200242

Files\Folders moved on Reboot...
C:\Users\skrti011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\skrti011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9F4GGXM\ac3[5].htm moved successfully.

Registry entries deleted on Reboot...
         
So far: vielen Dank
Gruß
Tim

Alt 19.10.2011, 19:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.10.2011, 20:14   #11
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

leider lässt sich das Tool nicht starten. Hab´s jetzt mehrfach versucht. Zwei mal kam mittlerweile auch ein Blue-Screen und er hat selbst nen Neustart durchgeführt. Mittlerweile (nach dem 3. Neustart) ist auch die Viruswarnung über "BOO/TDss.D" von Avira wieder da.

Was muss ich tun, um den TDSSKiller starten zu können? Als Admin hat´s auch net gefunzt...

Gruß
Tim

Alt 19.10.2011, 20:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Führe im normalen Windowsmodus MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab) und wenn es geht GMER nochmals aus und poste die neuen Logs.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.10.2011, 18:51   #13
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Hi Arne,

hab nur die eine 32bit-Version. Lad mir grad die iso und werde so vorgehen wie von dir beschrieben. Allerdings sprichst du von
Zitat:
MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab)
hast mir jedoch vorher das Tool tdsskiller "aufgegeben".

Bitte gib mir nochmal kurz Feedback, was ich im Anschluss an die Aktivitäten und den Neustart machen soll.

Danke dir und viele Grüße
Tim

Alt 20.10.2011, 19:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Zitat:
hast mir jedoch vorher das Tool tdsskiller "aufgegeben".
Achso, sry, der Baustein wurde für eine andere Reihenfolge optimiert
Mach bitte mit aswMBR das neue Log:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.10.2011, 20:02   #15
skrti
 
Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Standard

Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D



Kein Ding, solange nachfragen erlaubt ist

Also der Scan mit aswMBR ergab Folgendes:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-20 20:32:28
-----------------------------
20:32:28.852    OS Version: Windows 6.1.7601 Service Pack 1
20:32:28.852    Number of processors: 4 586 0x2505
20:32:28.852    ComputerName: SKRTI011-PC  UserName: skrti011
20:32:47.666    Initialize success
20:36:15.841    AVAST engine defs: 11102002
20:47:59.466    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:47:59.482    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
20:47:59.840    Disk 0 MBR read successfully
20:47:59.840    Disk 0 MBR scan
20:47:59.872    Disk 0 Windows 7 default MBR code
20:47:59.872    Disk 0 scanning sectors +1250260992
20:47:59.950    Disk 0 scanning C:\Windows\system32\drivers
20:48:09.980    Service scanning
20:48:11.026    Modules scanning
20:48:20.089    Disk 0 trace - called modules:
20:48:20.105    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
20:48:20.105    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f7f030]
20:48:20.120    3 CLASSPNP.SYS[8c1aa59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863dd028]
20:48:21.150    AVAST engine scan C:\Windows
20:48:23.396    AVAST engine scan C:\Windows\system32
20:50:05.920    AVAST engine scan C:\Windows\system32\drivers
20:50:16.404    AVAST engine scan C:\Users\skrti011
20:50:35.765    File: C:\Users\skrti011\AppData\Roaming\java.exe  **INFECTED** Win32:Downloader-KXI [Trj]
20:53:01.376    AVAST engine scan C:\ProgramData
20:56:15.846    Scan finished successfully
20:57:36.062    Disk 0 MBR has been saved successfully to "C:\Users\skrti011\Desktop\MBR.dat"
20:57:36.077    The log file has been saved successfully to "C:\Users\skrti011\Desktop\aswMBR.txt"
         
Gruß
Tim

Antwort

Themen zu Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D
adobe, antivir, autorun, avira, bho, bonjour, boo/tdss.d, browser, c:\windows\system32\rundll32.exe, defender, fehlermeldung, firefox, home, hängt, internet, kaspersky, launch, logfile, masterbootsektor hd0, nvlddmkm.sys, nvpciflt.sys, programm, rarsfx0, realtek, registry, rundll, scan, security, security sphere 2012, software, sphere, starten, usb, usb 3.0, version=1.0, webcheck, windows



Ähnliche Themen: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D


  1. Verschlüsselungstrojaner endgültig beseitigt oder noch ein to-Do?
    Log-Analyse und Auswertung - 11.06.2012 (3)
  2. Security Sphere 2012 - gelöscht? Analysedaten zur Überprüfung
    Log-Analyse und Auswertung - 13.12.2011 (7)
  3. Win 7 Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  4. XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 04.12.2011 (2)
  5. Nach Löschen von Security Sphere 2012 Probleme Firefox zu öffnen!
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (25)
  6. AV Security 2012 entfernen
    Anleitungen, FAQs & Links - 15.11.2011 (2)
  7. Infektion Security Sphere 2012 / Bereits entfernt ?
    Log-Analyse und Auswertung - 14.11.2011 (3)
  8. Security Sphere 2012 - Immer noch Fehler nach Entfernung!
    Log-Analyse und Auswertung - 12.11.2011 (25)
  9. Security Sphere 2012 entfernen
    Anleitungen, FAQs & Links - 29.09.2011 (2)
  10. [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (50)
  11. Win 7 Security 2012 zwar entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 24.06.2011 (9)
  12. xp security 2012
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (1)
  13. Win 7 Antispyware 2012, Vista Antivirus 2012, XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 07.06.2011 (2)
  14. Trojaner- und Wurmbefall beseitigt oder noch vorhanden?
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (21)
  15. Malware Defense/Security Alert --->Alles beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (8)
  16. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  17. Trojan Dropper.VB beseitigt jedoch immer noch Probleme....
    Log-Analyse und Auswertung - 07.09.2006 (3)

Zum Thema Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D - Hallo liebes Trojaner-Board-Team, ich bin ganz neu hier und mein erster Beitrag ist auch gleich ein Problem... Zunächst hatte ich auf einmal ein Tool namens "Security Sphere 2012" bei mir - Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D...
Archiv
Du betrachtest: Zunächst Security Sphere 2012 --> beseitigt nun (noch) BOO/TDss.D auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.