Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira findet JS/Blacole.E und BDS.Sinowal.yyuc

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.01.2012, 20:43   #1
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Hi,

mein Avira hat mir folgenden Befall gemeldet, den ich dann auch in Quarantäne gesteckt habe.

C:\Users\MHO\AppData\Local\Mozilla\Firefox\Profiles\5q9g6mzh.default\Cache\1\11\0B4AFd01
[0] Archivtyp: GZ
--> object
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.E
C:\Users\MHO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\25749234-250d3246
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.yyuc
Beginne mit der Suche in 'D:\' <Data>

Beginne mit der Desinfektion:
C:\Users\MHO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\25749234-250d3246
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.yyuc
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b2b7606.qua' verschoben!
C:\Users\MHO\AppData\Local\Mozilla\Firefox\Profiles\5q9g6mzh.default\Cache\1\11\0B4AFd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.E
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53b959be.qua' verschoben!


Was habe ich mir da genau eingefangen?

Defogger, OTL und GMER habe ich durchgefürt.

Was muss ich nun als nächstes tun?
Was ist mit dem Re-enable des Defoggers? Da habe ich bisher entsprechend Eures Hinweises nichts mehr getan...

Vielen Dank für Eure Hilfe! Bin ziemlich hilfos...

SunSun
Angehängte Dateien
Dateityp: txt OTL.Txt (78,7 KB, 187x aufgerufen)
Dateityp: txt Extras.Txt (38,1 KB, 139x aufgerufen)
Dateityp: zip Gmer.zip (64,7 KB, 54x aufgerufen)

Alt 01.02.2012, 12:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 01.02.2012, 17:41   #3
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



So, habe beides erledigt.
Bei beiden wurde etwas gefunden.

Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
MHO :: MHO [Administrator]

01.02.2012 14:16:07
mbam-log-2012-02-01 (14-16-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341397
Laufzeit: 56 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Empfangenen Dateien\Meine empfangenen Dateien\StressRe.EXE (Joke.Stressreducer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=480a2d7a46543b4d8f86da670965df21
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-01 02:42:38
# local_time=2012-02-01 03:42:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 80549544 80549544 0 0
# compatibility_mode=5892 16776574 100 100 92714 165639866 0 0
# compatibility_mode=8192 67108863 100 0 4248 4248 0 0
# scanned=6715
# found=0
# cleaned=0
# scan_time=264
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=480a2d7a46543b4d8f86da670965df21
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-01 04:23:13
# local_time=2012-02-01 05:23:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 80549961 80549961 0 0
# compatibility_mode=5892 16776574 100 100 93131 165640283 0 0
# compatibility_mode=8192 67108863 100 0 4665 4665 0 0
# scanned=178534
# found=3
# cleaned=0
# scan_time=5882
C:\Program Files\VistaCodecPack\Tools\renderer32.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
         
Was habe ich mir da nur wo eingefangen?

Und nun?

Vielen Dank schon mal!

SunSun
__________________

Alt 02.02.2012, 11:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 02.02.2012, 12:41   #5
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Hier ist die neue OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.02.2012 12:17:34 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MHO\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 68,78% Memory free
5,97 Gb Paging File | 5,04 Gb Available in Paging File | 84,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 66,23 Gb Free Space | 56,95% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 104,19 Gb Free Space | 90,49% Space Free | Partition Type: NTFS
 
Computer Name: MHO | User Name: MHO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MHO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Internet Manager. RunOuc) -- D:\Program Files\UpdateDog\ouc.exe ()
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SBSDWSCService) -- D:\programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (DCamUSBDigitalCamera) -- C:\Windows\System32\drivers\MPIXVID.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.200.2.3.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=10.200.8.90:3128;http=10.200.8.90:3128;https=10.200.8.90:3128
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\mozilla firefox\components [2011.12.31 00:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\mozilla firefox\plugins [2011.07.23 13:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.17 21:39:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.07.06 22:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MHO\AppData\Roaming\mozilla\Extensions
[2010.09.03 22:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MHO\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.06 22:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MHO\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.01.05 18:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MHO\AppData\Roaming\mozilla\Firefox\Profiles\5q9g6mzh.default\extensions
[2009.03.31 12:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MHO\AppData\Roaming\mozilla\Sunbird\Profiles\t3mdkrtr.default\extensions
[2011.11.09 14:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.12.31 00:18:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 13:30:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 13:30:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 13:30:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 13:30:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 13:30:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 13:30:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [OpenCom 30] F:\SETUP.EXE File not found
O4 - HKLM..\Run: [routcnf] C:\Program Files\DeTeWe\OpenCom 36lan\routcnf.exe /capiactive File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains:   ([]msn in Arbeitsplatz)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66FF8BA3-E2AC-4165-886A-2502FFA32CA0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{777F316C-CDD0-41C2-B7AB-EECC764FBF59}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEE549C0-76FE-463B-AFB8-DECE3A0CC8F8}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8217BCD-E938-474E-8F1C-FBF6BC180102}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1509D42-9FD9-4346-9A1A-9C01B7365EBC}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {334F91F6-258F-4B44-4D90-C8D64448EAED} - Themes Setup
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.01 15:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.01 15:25:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\MHO\Desktop\esetsmartinstaller_enu.exe
[2012.02.01 14:12:13 | 000,000,000 | ---D | C] -- C:\Users\MHO\AppData\Roaming\Malwarebytes
[2012.02.01 14:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.01 14:12:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.01 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.01 14:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.01 14:09:08 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\MHO\Desktop\mbam-setup-1.60.1.1000.exe
[2012.01.31 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.31 16:44:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\MHO\Desktop\OTL.exe
[2012.01.31 14:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.27 21:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012.01.11 14:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein Büro
[2012.01.11 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\deltra Software GmbH
[2012.01.11 14:58:18 | 004,292,096 | ---- | C] (dimastr.com) -- C:\Windows\System32\redemption.dll
[2003.09.29 13:07:08 | 000,024,576 | ---- | C] (BackWeb) -- C:\Users\MHO\AppData\Local\TempIadHide3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.02 12:09:27 | 000,018,803 | ---- | M] () -- C:\Users\MHO\Documents\2012-2-2cosinus.odt
[2012.02.02 12:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.02 11:01:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 11:01:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 09:06:52 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.02 09:06:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.02 09:06:52 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.02 09:06:52 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.02 09:01:15 | 3082,817,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 17:29:03 | 000,019,243 | ---- | M] () -- C:\Users\MHO\Documents\2012-2-1eset.odt
[2012.02.01 15:25:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\MHO\Desktop\esetsmartinstaller_enu.exe
[2012.02.01 15:16:05 | 000,014,905 | ---- | M] () -- C:\Users\MHO\Documents\2012-2-1mbam_log.odt
[2012.02.01 14:12:03 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.01 14:09:34 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\MHO\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.01 14:01:07 | 000,020,690 | ---- | M] () -- C:\Users\MHO\Documents\mwb-2012-1.odt
[2012.02.01 13:46:50 | 000,026,142 | ---- | M] () -- C:\Users\MHO\Documents\cosinus-2012-1.odt
[2012.01.31 20:39:48 | 000,066,242 | ---- | M] () -- C:\Users\MHO\Documents\Gmer.zip
[2012.01.31 20:37:52 | 000,066,242 | ---- | M] () -- C:\Users\MHO\Desktop\Gmer.zip
[2012.01.31 20:07:42 | 001,110,476 | ---- | M] () -- C:\Users\MHO\Desktop\zippen.exe
[2012.01.31 19:43:31 | 000,080,625 | ---- | M] () -- C:\Users\MHO\Documents\Gmer.odt
[2012.01.31 17:34:46 | 000,302,592 | ---- | M] () -- C:\Users\MHO\Desktop\38ynnfle.exe
[2012.01.31 16:44:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MHO\Desktop\OTL.exe
[2012.01.31 16:38:22 | 000,025,557 | ---- | M] () -- C:\Users\MHO\Documents\Trojaner Board 2012-1.odt
[2012.01.31 16:19:05 | 000,000,000 | ---- | M] () -- C:\Users\MHO\defogger_reenable
[2012.01.31 14:43:24 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.31 14:22:17 | 000,012,833 | ---- | M] () -- C:\Users\MHO\Documents\AVSCAN-20120131-110101-DF874B6C.pdf
[2012.01.23 20:33:17 | 000,019,834 | ---- | M] () -- C:\Users\MHO\Documents\2012 DGQ QM Überblick.odt
[2012.01.23 20:29:02 | 000,033,342 | ---- | M] () -- C:\Users\MHO\Documents\Qualitätsmanagement Text-Version.pdf
[2012.01.23 20:24:38 | 000,060,971 | ---- | M] () -- C:\Users\MHO\Documents\Qualitätsmanagement2.pdf
[2012.01.23 20:23:01 | 000,061,223 | ---- | M] () -- C:\Users\MHO\Documents\Qualitätsmanagement (Text-Version).pdf
[2012.01.13 10:27:49 | 000,391,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.11 14:59:34 | 000,000,563 | ---- | M] () -- C:\Users\MHO\Desktop\Mein Büro.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.02 12:09:25 | 000,018,803 | ---- | C] () -- C:\Users\MHO\Documents\2012-2-2cosinus.odt
[2012.02.01 17:29:02 | 000,019,243 | ---- | C] () -- C:\Users\MHO\Documents\2012-2-1eset.odt
[2012.02.01 15:16:04 | 000,014,905 | ---- | C] () -- C:\Users\MHO\Documents\2012-2-1mbam_log.odt
[2012.02.01 14:12:03 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.01 13:59:26 | 000,020,690 | ---- | C] () -- C:\Users\MHO\Documents\mwb-2012-1.odt
[2012.02.01 13:46:44 | 000,026,142 | ---- | C] () -- C:\Users\MHO\Documents\cosinus-2012-1.odt
[2012.01.31 20:39:48 | 000,066,242 | ---- | C] () -- C:\Users\MHO\Documents\Gmer.zip
[2012.01.31 20:36:27 | 000,066,242 | ---- | C] () -- C:\Users\MHO\Desktop\Gmer.zip
[2012.01.31 20:07:39 | 001,110,476 | ---- | C] () -- C:\Users\MHO\Desktop\zippen.exe
[2012.01.31 19:43:30 | 000,080,625 | ---- | C] () -- C:\Users\MHO\Documents\Gmer.odt
[2012.01.31 17:34:41 | 000,302,592 | ---- | C] () -- C:\Users\MHO\Desktop\38ynnfle.exe
[2012.01.31 16:31:42 | 000,025,557 | ---- | C] () -- C:\Users\MHO\Documents\Trojaner Board 2012-1.odt
[2012.01.31 16:19:05 | 000,000,000 | ---- | C] () -- C:\Users\MHO\defogger_reenable
[2012.01.31 14:43:24 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.31 14:22:17 | 000,012,833 | ---- | C] () -- C:\Users\MHO\Documents\AVSCAN-20120131-110101-DF874B6C.pdf
[2012.01.23 20:33:16 | 000,019,834 | ---- | C] () -- C:\Users\MHO\Documents\2012 DGQ QM Überblick.odt
[2012.01.23 20:29:02 | 000,033,342 | ---- | C] () -- C:\Users\MHO\Documents\Qualitätsmanagement Text-Version.pdf
[2012.01.23 20:24:38 | 000,060,971 | ---- | C] () -- C:\Users\MHO\Documents\Qualitätsmanagement2.pdf
[2012.01.23 20:23:01 | 000,061,223 | ---- | C] () -- C:\Users\MHO\Documents\Qualitätsmanagement (Text-Version).pdf
[2012.01.11 14:59:34 | 000,000,563 | ---- | C] () -- C:\Users\MHO\Desktop\Mein Büro.lnk
[2011.11.05 17:42:05 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2011.10.30 17:36:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.30 17:36:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.30 17:35:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.26 13:19:03 | 000,104,593 | ---- | C] () -- C:\Windows\System32\drivers\MPIXVID.SYS
[2011.06.23 18:49:10 | 000,000,805 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.01 07:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.05.31 16:29:40 | 000,000,733 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.31 16:29:40 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.31 16:29:10 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.31 16:21:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011.05.31 16:16:54 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.09.17 08:12:28 | 000,000,680 | ---- | C] () -- C:\Users\MHO\AppData\Local\d3d9caps.dat
[2009.11.09 14:33:29 | 000,000,078 | ---- | C] () -- C:\Users\MHO\AppData\Roaming\wklnhst.dat
[2009.09.13 15:51:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.09 20:48:52 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.30 22:56:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.03.30 19:44:43 | 000,023,460 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.03.30 17:16:34 | 000,007,168 | ---- | C] () -- C:\Users\MHO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 12:00:35 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.30 12:00:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.30 12:00:35 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.30 12:00:35 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.13 12:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.13 12:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.13 12:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.13 12:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.13 12:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 12:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 12:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 12:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 12:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 11:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 09:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,391,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.02.21 15:47:37 | 000,000,302 | ---- | C] () -- C:\Users\MHO\AppData\Local\Anbieterliste - seminarmarkt.url
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2000.04.14 16:50:02 | 000,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[1998.06.11 14:08:06 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
 
========== LOP Check ==========
 
[2009.10.30 09:45:06 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Buhl Data Service
[2009.10.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Buhl Data Service GmbH
[2009.10.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\deltra Software GmbH
[2010.01.24 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\KompoZer
[2011.04.06 09:05:27 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\LetsTrade
[2009.03.30 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\OpenOffice.org
[2010.02.24 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Ordner HP Share-to-Web
[2011.05.31 18:22:29 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\PC-FAX TX
[2010.10.13 08:32:37 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\PhotoScape
[2011.09.19 08:48:25 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Program Files
[2011.06.23 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\ScanSoft
[2010.07.19 16:59:32 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\T-Mobile
[2010.07.19 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\T-Mobile Internet Manager
[2009.11.09 14:33:57 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Template
[2010.09.03 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Thunderbird
[2011.01.15 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\TOSHIBA
[2009.09.13 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\VistaCodecs
[2011.09.18 09:52:14 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\XSManager
[2011.06.23 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Zeon
[2009.11.30 16:42:02 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Zylom
[2012.02.02 00:15:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.08 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Adobe
[2009.07.14 08:51:28 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Avira
[2011.05.31 17:13:22 | 000,000,000 | R--D | M] -- C:\Users\MHO\AppData\Roaming\Brother
[2009.10.30 09:45:06 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Buhl Data Service
[2009.10.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Buhl Data Service GmbH
[2009.10.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\deltra Software GmbH
[2009.03.30 14:34:49 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Google
[2009.11.30 16:42:02 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Identities
[2009.03.30 13:13:57 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\InstallShield
[2010.01.24 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\KompoZer
[2011.04.06 09:05:27 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\LetsTrade
[2010.05.10 11:42:13 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Macromedia
[2012.02.01 14:12:13 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Malwarebytes
[2012.01.31 14:48:29 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Media Player Classic
[2011.09.13 08:37:22 | 000,000,000 | --SD | M] -- C:\Users\MHO\AppData\Roaming\Microsoft
[2009.03.31 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Mozilla
[2009.03.30 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\OpenOffice.org
[2009.03.30 22:48:08 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\OpenOffice.org2
[2010.02.24 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Ordner HP Share-to-Web
[2011.05.31 18:22:29 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\PC-FAX TX
[2010.10.13 08:32:37 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\PhotoScape
[2011.09.19 08:48:25 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Program Files
[2011.06.23 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\ScanSoft
[2010.07.19 16:59:32 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\T-Mobile
[2010.07.19 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\T-Mobile Internet Manager
[2009.03.30 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Talkback
[2009.11.09 14:33:57 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Template
[2010.09.03 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Thunderbird
[2011.01.15 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\TOSHIBA
[2009.09.13 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\VistaCodecs
[2011.09.18 09:52:14 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\XSManager
[2010.09.07 15:25:23 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Yahoo!
[2011.06.23 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Zeon
[2009.11.30 16:42:02 | 000,000,000 | ---D | M] -- C:\Users\MHO\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2009.10.30 09:32:50 | 000,010,134 | R--- | M] () -- C:\Users\MHO\AppData\Roaming\Microsoft\Installer\{49D59D86-7A0D-4217-979A-3D43F1F45CC8}\ARPPRODUCTICON.exe
[2009.06.30 10:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MHO\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.06.23 15:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MHO\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2005.10.11 20:07:38 | 015,939,530 | ---- | M] (Roxio) -- C:\ecdc_v5.3.5.10_basic_ger.exe
[2005.01.11 15:17:56 | 012,738,704 | ---- | M] (InstallShield Software Corporation) -- C:\ElsterFormular2003.exe
[2005.04.10 14:04:42 | 013,186,624 | ---- | M] (InstallShield Software Corporation) -- C:\ElsterFormular2004.exe
[2006.08.08 10:38:34 | 000,224,256 | ---- | M] () -- C:\fentun.exe
[2005.10.10 10:51:58 | 005,037,072 | ---- | M] (Safer Networking Limited                                    ) -- C:\spybotsd14.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 12:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


SunSun


Alt 04.02.2012, 15:12   #6
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Hallo Cosinus/Arne

was kannst du aus dem Logfile erkennen?
Hab ich nun ein Problem, oder ist alles nicht so schlimm?

Vielen Dank für Deine Hilfe

SunSun

Alt 05.02.2012, 18:46   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.200.2.3.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=10.200.8.90:3128;http=10.200.8.90:3128;https=10.200.8.90:3128
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [OpenCom 30] F:\SETUP.EXE File not found
O4 - HKLM..\Run: [routcnf] C:\Program Files\DeTeWe\OpenCom 36lan\routcnf.exe /capiactive File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.02.2012, 19:22   #8
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Hallo Cosinus oder Arne,

danke, dass du dich mir weiterhin annimmst
Kannst Du mir in ganz kurzen Worten erklären, was du mit mir bzw. meinem Laptop eigentlich treibst? Nur damit ich wenigstens ein bisschen was verstehe...

Ich habe den Fix sofort erledigt, hier ist der Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OpenCom 30 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\routcnf deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39e76182-e1e5-11e0-acf3-001e339ff4cd}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39e76190-e1e5-11e0-acf3-001e339ff4cd}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b1ded5-e2a6-11e0-9418-001e339ff4cd}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66b1def2-e2a6-11e0-9418-001e339ff4cd}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82057604-73fb-11e0-bcb6-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82057604-73fb-11e0-bcb6-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82057604-73fb-11e0-bcb6-001e339ff4cd}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd5215e9-934d-11df-b8c9-001e339ff4cd}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd5215fe-934d-11df-b8c9-001e339ff4cd}\ not found.
File E:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Besitzer
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: EXCEL
 
User: MHO
->Temp folder emptied: 21651190 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Java cache emptied: 190742734 bytes
->FireFox cache emptied: 226815055 bytes
->Flash cache emptied: 1060 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16530691 bytes
RecycleBin emptied: 1110476 bytes
 
Total Files Cleaned = 436,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_190142

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Sind wir jetzt schon durch?
Ich fühle mich immer noch wie das Mäuschen vor der Schlange...

Vielen Dank

SunSun

Alt 05.02.2012, 19:34   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.02.2012, 19:55   #10
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Da bin ich wieder

Hier der Report vom TDSS Killer

Code:
ATTFilter
19:46:26.0006 3812	TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
19:46:26.0271 3812	============================================================
19:46:26.0271 3812	Current date / time: 2012/02/05 19:46:26.0271
19:46:26.0271 3812	SystemInfo:
19:46:26.0271 3812	
19:46:26.0271 3812	OS Version: 6.0.6002 ServicePack: 2.0
19:46:26.0271 3812	Product type: Workstation
19:46:26.0271 3812	ComputerName: MHO
19:46:26.0271 3812	UserName: MHO
19:46:26.0271 3812	Windows directory: C:\Windows
19:46:26.0271 3812	System windows directory: C:\Windows
19:46:26.0271 3812	Processor architecture: Intel x86
19:46:26.0271 3812	Number of processors: 1
19:46:26.0271 3812	Page size: 0x1000
19:46:26.0271 3812	Boot type: Normal boot
19:46:26.0271 3812	============================================================
19:46:26.0692 3812	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:46:26.0692 3812	\Device\Harddisk0\DR0:
19:46:26.0692 3812	MBR used
19:46:26.0692 3812	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
19:46:26.0692 3812	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
19:46:26.0817 3812	Initialize success
19:46:26.0817 3812	============================================================
19:47:11.0495 3676	============================================================
19:47:11.0495 3676	Scan started
19:47:11.0495 3676	Mode: Manual; SigCheck; TDLFS; 
19:47:11.0495 3676	============================================================
19:47:11.0995 3676	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:47:12.0088 3676	ACPI - ok
19:47:12.0229 3676	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:47:12.0260 3676	adp94xx - ok
19:47:12.0385 3676	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:47:12.0400 3676	adpahci - ok
19:47:12.0509 3676	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:47:12.0525 3676	adpu160m - ok
19:47:12.0587 3676	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:47:12.0603 3676	adpu320 - ok
19:47:12.0712 3676	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:47:12.0743 3676	AFD - ok
19:47:12.0899 3676	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
19:47:13.0040 3676	AgereSoftModem - ok
19:47:13.0165 3676	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:47:13.0180 3676	agp440 - ok
19:47:13.0243 3676	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:47:13.0258 3676	aic78xx - ok
19:47:13.0336 3676	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:47:13.0352 3676	aliide - ok
19:47:13.0461 3676	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:47:13.0477 3676	amdagp - ok
19:47:13.0523 3676	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:47:13.0539 3676	amdide - ok
19:47:13.0633 3676	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:47:13.0711 3676	AmdK7 - ok
19:47:13.0820 3676	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:47:13.0851 3676	AmdK8 - ok
19:47:14.0007 3676	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:47:14.0023 3676	arc - ok
19:47:14.0085 3676	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:47:14.0101 3676	arcsas - ok
19:47:14.0194 3676	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:47:14.0225 3676	AsyncMac - ok
19:47:14.0288 3676	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:47:14.0303 3676	atapi - ok
19:47:14.0413 3676	athr            (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
19:47:14.0459 3676	athr - ok
19:47:14.0600 3676	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:47:14.0615 3676	avgio - ok
19:47:14.0709 3676	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:47:14.0725 3676	avgntflt - ok
19:47:14.0818 3676	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:47:14.0818 3676	avipbb - ok
19:47:14.0927 3676	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:47:14.0943 3676	Beep - ok
19:47:15.0083 3676	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:47:15.0099 3676	blbdrive - ok
19:47:15.0193 3676	BMLoad          (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
19:47:15.0208 3676	BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:47:15.0208 3676	BMLoad - detected UnsignedFile.Multi.Generic (1)
19:47:15.0302 3676	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:47:15.0333 3676	bowser - ok
19:47:15.0458 3676	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:47:15.0473 3676	BrFiltLo - ok
19:47:15.0551 3676	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:47:15.0567 3676	BrFiltUp - ok
19:47:15.0629 3676	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:47:15.0770 3676	Brserid - ok
19:47:15.0879 3676	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:47:15.0910 3676	BrSerWdm - ok
19:47:15.0973 3676	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:47:16.0066 3676	BrUsbMdm - ok
19:47:16.0129 3676	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:47:16.0175 3676	BrUsbSer - ok
19:47:16.0285 3676	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:47:16.0331 3676	BTHMODEM - ok
19:47:16.0425 3676	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:47:16.0456 3676	cdfs - ok
19:47:16.0519 3676	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:47:16.0534 3676	cdrom - ok
19:47:16.0581 3676	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:47:16.0597 3676	circlass - ok
19:47:16.0690 3676	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:47:16.0706 3676	CLFS - ok
19:47:16.0815 3676	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:47:16.0831 3676	CmBatt - ok
19:47:16.0893 3676	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:47:16.0893 3676	cmdide - ok
19:47:17.0002 3676	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
19:47:17.0033 3676	cmnsusbser - ok
19:47:17.0111 3676	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:47:17.0127 3676	Compbatt - ok
19:47:17.0221 3676	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:47:17.0221 3676	crcdisk - ok
19:47:17.0283 3676	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:47:17.0314 3676	Crusoe - ok
19:47:17.0455 3676	DCamUSBDigitalCamera (b573984f1ae1a0c6c158b73a30285a2d) C:\Windows\system32\Drivers\mpixvid.sys
19:47:17.0455 3676	DCamUSBDigitalCamera ( UnsignedFile.Multi.Generic ) - warning
19:47:17.0455 3676	DCamUSBDigitalCamera - detected UnsignedFile.Multi.Generic (1)
19:47:17.0548 3676	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:47:17.0579 3676	DfsC - ok
19:47:17.0735 3676	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:47:17.0751 3676	disk - ok
19:47:17.0876 3676	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:47:17.0891 3676	drmkaud - ok
19:47:17.0954 3676	dtwmnic5 - ok
19:47:18.0016 3676	DXGKrnl         (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
19:47:18.0079 3676	DXGKrnl - ok
19:47:18.0188 3676	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:47:18.0203 3676	E1G60 - ok
19:47:18.0297 3676	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:47:18.0313 3676	Ecache - ok
19:47:18.0406 3676	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:47:18.0422 3676	elxstor - ok
19:47:18.0531 3676	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:47:18.0547 3676	ErrDev - ok
19:47:18.0656 3676	ew_hwusbdev     (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:47:18.0687 3676	ew_hwusbdev - ok
19:47:18.0781 3676	ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
19:47:18.0812 3676	ew_usbenumfilter - ok
19:47:18.0937 3676	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:47:18.0983 3676	exfat - ok
19:47:19.0093 3676	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:47:19.0108 3676	fastfat - ok
19:47:19.0233 3676	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:47:19.0249 3676	fdc - ok
19:47:19.0311 3676	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:47:19.0311 3676	FileInfo - ok
19:47:19.0342 3676	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:47:19.0373 3676	Filetrace - ok
19:47:19.0451 3676	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:47:19.0483 3676	flpydisk - ok
19:47:19.0561 3676	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:47:19.0576 3676	FltMgr - ok
19:47:19.0670 3676	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:47:19.0685 3676	Fs_Rec - ok
19:47:19.0748 3676	FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
19:47:19.0763 3676	FwLnk - ok
19:47:19.0841 3676	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:47:19.0841 3676	gagp30kx - ok
19:47:19.0935 3676	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:47:19.0982 3676	HdAudAddService - ok
19:47:20.0075 3676	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:47:20.0138 3676	HDAudBus - ok
19:47:20.0247 3676	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:47:20.0294 3676	HidBth - ok
19:47:20.0356 3676	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:47:20.0403 3676	HidIr - ok
19:47:20.0512 3676	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:47:20.0528 3676	HidUsb - ok
19:47:20.0606 3676	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:47:20.0621 3676	HpCISSs - ok
19:47:20.0715 3676	HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
19:47:20.0746 3676	HTTP - ok
19:47:20.0871 3676	huawei_cdcacm   (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
19:47:20.0902 3676	huawei_cdcacm - ok
19:47:21.0011 3676	huawei_cdcecm   (1ef9e48ab82ea785c7348b22e9b02dc4) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
19:47:21.0043 3676	huawei_cdcecm - ok
19:47:21.0105 3676	huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:47:21.0121 3676	huawei_enumerator - ok
19:47:21.0214 3676	huawei_ext_ctrl (69a103138b77ac0950ec3846e2e6f655) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
19:47:21.0245 3676	huawei_ext_ctrl - ok
19:47:21.0370 3676	hwdatacard      (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:47:21.0417 3676	hwdatacard - ok
19:47:21.0542 3676	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:47:21.0542 3676	i2omp - ok
19:47:21.0651 3676	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:47:21.0682 3676	i8042prt - ok
19:47:21.0760 3676	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
19:47:21.0776 3676	iaStor - ok
19:47:21.0854 3676	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:47:21.0869 3676	iaStorV - ok
19:47:22.0025 3676	igfx            (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:47:22.0213 3676	igfx - ok
19:47:22.0291 3676	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:47:22.0306 3676	iirsp - ok
19:47:22.0431 3676	IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
19:47:22.0493 3676	IntcAzAudAddService - ok
19:47:22.0603 3676	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:47:22.0618 3676	intelide - ok
19:47:22.0665 3676	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:47:22.0696 3676	intelppm - ok
19:47:22.0790 3676	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:22.0821 3676	IpFilterDriver - ok
19:47:22.0868 3676	IpInIp - ok
19:47:22.0899 3676	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:47:22.0930 3676	IPMIDRV - ok
19:47:23.0008 3676	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:47:23.0039 3676	IPNAT - ok
19:47:23.0102 3676	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:47:23.0117 3676	IRENUM - ok
19:47:23.0164 3676	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:47:23.0180 3676	isapnp - ok
19:47:23.0273 3676	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:47:23.0273 3676	iScsiPrt - ok
19:47:23.0351 3676	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:47:23.0351 3676	iteatapi - ok
19:47:23.0414 3676	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:47:23.0429 3676	iteraid - ok
19:47:23.0507 3676	jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
19:47:23.0539 3676	jswpslwf - ok
19:47:23.0617 3676	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:23.0617 3676	kbdclass - ok
19:47:23.0710 3676	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:47:23.0726 3676	kbdhid - ok
19:47:23.0819 3676	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:47:23.0851 3676	KSecDD - ok
19:47:23.0960 3676	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:47:23.0991 3676	lltdio - ok
19:47:24.0053 3676	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:47:24.0069 3676	LSI_FC - ok
19:47:24.0100 3676	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:47:24.0116 3676	LSI_SAS - ok
19:47:24.0225 3676	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:47:24.0225 3676	LSI_SCSI - ok
19:47:24.0287 3676	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:47:24.0319 3676	luafv - ok
19:47:24.0334 3676	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:47:24.0350 3676	megasas - ok
19:47:24.0443 3676	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:47:24.0459 3676	MegaSR - ok
19:47:24.0568 3676	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:47:24.0584 3676	Modem - ok
19:47:24.0646 3676	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:47:24.0677 3676	monitor - ok
19:47:24.0755 3676	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:47:24.0771 3676	mouclass - ok
19:47:24.0818 3676	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:47:24.0849 3676	mouhid - ok
19:47:24.0865 3676	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:47:24.0880 3676	MountMgr - ok
19:47:24.0958 3676	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:47:24.0974 3676	mpio - ok
19:47:25.0021 3676	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:47:25.0036 3676	mpsdrv - ok
19:47:25.0114 3676	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:47:25.0130 3676	Mraid35x - ok
19:47:25.0208 3676	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:47:25.0239 3676	MRxDAV - ok
19:47:25.0317 3676	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:25.0348 3676	mrxsmb - ok
19:47:25.0442 3676	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:25.0457 3676	mrxsmb10 - ok
19:47:25.0535 3676	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:25.0551 3676	mrxsmb20 - ok
19:47:25.0613 3676	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:47:25.0629 3676	msahci - ok
19:47:25.0707 3676	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:47:25.0707 3676	msdsm - ok
19:47:25.0769 3676	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:47:25.0801 3676	Msfs - ok
19:47:25.0894 3676	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:47:25.0894 3676	msisadrv - ok
19:47:25.0972 3676	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:47:26.0003 3676	MSKSSRV - ok
19:47:26.0066 3676	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:26.0097 3676	MSPCLOCK - ok
19:47:26.0144 3676	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:47:26.0159 3676	MSPQM - ok
19:47:26.0222 3676	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:47:26.0237 3676	MsRPC - ok
19:47:26.0315 3676	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:47:26.0331 3676	mssmbios - ok
19:47:26.0378 3676	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:47:26.0409 3676	MSTEE - ok
19:47:26.0503 3676	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:47:26.0503 3676	Mup - ok
19:47:26.0596 3676	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:47:26.0612 3676	NativeWifiP - ok
19:47:26.0705 3676	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:47:26.0721 3676	NDIS - ok
19:47:26.0799 3676	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:26.0830 3676	NdisTapi - ok
19:47:26.0893 3676	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:26.0924 3676	Ndisuio - ok
19:47:27.0002 3676	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:27.0017 3676	NdisWan - ok
19:47:27.0095 3676	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:47:27.0111 3676	NDProxy - ok
19:47:27.0173 3676	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:47:27.0189 3676	NetBIOS - ok
19:47:27.0298 3676	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:47:27.0329 3676	netbt - ok
19:47:27.0407 3676	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:47:27.0407 3676	nfrd960 - ok
19:47:27.0501 3676	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:47:27.0532 3676	Npfs - ok
19:47:27.0579 3676	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:47:27.0610 3676	nsiproxy - ok
19:47:27.0719 3676	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:47:27.0766 3676	Ntfs - ok
19:47:27.0891 3676	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:47:27.0938 3676	ntrigdigi - ok
19:47:27.0985 3676	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:47:28.0016 3676	Null - ok
19:47:28.0047 3676	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:47:28.0047 3676	nvraid - ok
19:47:28.0125 3676	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:47:28.0141 3676	nvstor - ok
19:47:28.0203 3676	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:47:28.0219 3676	nv_agp - ok
19:47:28.0234 3676	NwlnkFlt - ok
19:47:28.0250 3676	NwlnkFwd - ok
19:47:28.0343 3676	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:47:28.0375 3676	ohci1394 - ok
19:47:28.0484 3676	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:47:28.0531 3676	Parport - ok
19:47:28.0624 3676	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:47:28.0624 3676	partmgr - ok
19:47:28.0687 3676	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:47:28.0733 3676	Parvdm - ok
19:47:28.0811 3676	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:47:28.0827 3676	pci - ok
19:47:28.0874 3676	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
19:47:28.0889 3676	pciide - ok
19:47:28.0967 3676	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:47:28.0983 3676	pcmcia - ok
19:47:29.0108 3676	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:47:29.0170 3676	PEAUTH - ok
19:47:29.0311 3676	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:47:29.0342 3676	PptpMiniport - ok
19:47:29.0404 3676	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:47:29.0420 3676	Processor - ok
19:47:29.0545 3676	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:47:29.0560 3676	PSched - ok
19:47:29.0623 3676	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:47:29.0638 3676	PxHelp20 - ok
19:47:29.0732 3676	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:47:29.0779 3676	ql2300 - ok
19:47:29.0903 3676	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:47:29.0919 3676	ql40xx - ok
19:47:29.0981 3676	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:47:30.0013 3676	QWAVEdrv - ok
19:47:30.0075 3676	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:47:30.0106 3676	RasAcd - ok
19:47:30.0153 3676	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:30.0184 3676	Rasl2tp - ok
19:47:30.0278 3676	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:30.0293 3676	RasPppoe - ok
19:47:30.0340 3676	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:47:30.0356 3676	RasSstp - ok
19:47:30.0434 3676	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:47:30.0465 3676	rdbss - ok
19:47:30.0527 3676	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:30.0543 3676	RDPCDD - ok
19:47:30.0637 3676	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:47:30.0668 3676	rdpdr - ok
19:47:30.0761 3676	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:47:30.0777 3676	RDPENCDD - ok
19:47:30.0871 3676	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:47:30.0886 3676	RDPWD - ok
19:47:31.0011 3676	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:47:31.0027 3676	ROOTMODEM - ok
19:47:31.0089 3676	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:47:31.0120 3676	rspndr - ok
19:47:31.0214 3676	RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:47:31.0245 3676	RTL8169 - ok
19:47:31.0385 3676	RTLWUSB         (691db86b09e13ca5d3e8881141738cc5) C:\Windows\system32\DRIVERS\wg111v2.sys
19:47:31.0417 3676	RTLWUSB - ok
19:47:31.0510 3676	RTSTOR          (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
19:47:31.0526 3676	RTSTOR - ok
19:47:31.0573 3676	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:47:31.0588 3676	sbp2port - ok
19:47:31.0713 3676	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:47:31.0760 3676	secdrv - ok
19:47:31.0822 3676	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:47:31.0853 3676	Serenum - ok
19:47:31.0947 3676	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:47:31.0978 3676	Serial - ok
19:47:32.0041 3676	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:47:32.0056 3676	sermouse - ok
19:47:32.0150 3676	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:47:32.0165 3676	sffdisk - ok
19:47:32.0243 3676	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:47:32.0259 3676	sffp_mmc - ok
19:47:32.0321 3676	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:47:32.0353 3676	sffp_sd - ok
19:47:32.0415 3676	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:47:32.0462 3676	sfloppy - ok
19:47:32.0555 3676	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:47:32.0571 3676	sisagp - ok
19:47:32.0633 3676	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:47:32.0633 3676	SiSRaid2 - ok
19:47:32.0727 3676	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:47:32.0743 3676	SiSRaid4 - ok
19:47:32.0821 3676	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:47:32.0852 3676	Smb - ok
19:47:32.0930 3676	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:47:32.0930 3676	spldr - ok
19:47:33.0023 3676	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:47:33.0055 3676	srv - ok
19:47:33.0179 3676	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:47:33.0195 3676	srv2 - ok
19:47:33.0257 3676	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:47:33.0273 3676	srvnet - ok
19:47:33.0351 3676	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:47:33.0367 3676	ssmdrv - ok
19:47:33.0445 3676	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:47:33.0460 3676	swenum - ok
19:47:33.0538 3676	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:47:33.0554 3676	Symc8xx - ok
19:47:33.0585 3676	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:47:33.0601 3676	Sym_hi - ok
19:47:33.0663 3676	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:47:33.0679 3676	Sym_u3 - ok
19:47:33.0788 3676	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:47:33.0803 3676	SynTP - ok
19:47:33.0928 3676	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:47:33.0975 3676	Tcpip - ok
19:47:34.0131 3676	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:47:34.0178 3676	Tcpip6 - ok
19:47:34.0287 3676	tcpipBM         (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
19:47:34.0287 3676	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:47:34.0287 3676	tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:47:34.0381 3676	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:47:34.0412 3676	tcpipreg - ok
19:47:34.0490 3676	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:47:34.0521 3676	tdcmdpst - ok
19:47:34.0615 3676	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:47:34.0646 3676	TDPIPE - ok
19:47:34.0708 3676	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:47:34.0724 3676	TDTCP - ok
19:47:34.0817 3676	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:47:34.0833 3676	tdx - ok
19:47:34.0927 3676	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:47:34.0942 3676	TermDD - ok
19:47:35.0051 3676	tos_sps32       (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
19:47:35.0067 3676	tos_sps32 - ok
19:47:35.0176 3676	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:35.0207 3676	tssecsrv - ok
19:47:35.0317 3676	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:47:35.0332 3676	tunmp - ok
19:47:35.0441 3676	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:47:35.0473 3676	tunnel - ok
19:47:35.0566 3676	TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:47:35.0566 3676	TVALZ - ok
19:47:35.0675 3676	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:47:35.0691 3676	uagp35 - ok
19:47:35.0800 3676	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:47:35.0816 3676	udfs - ok
19:47:35.0925 3676	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:47:35.0941 3676	uliagpkx - ok
19:47:36.0034 3676	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:47:36.0050 3676	uliahci - ok
19:47:36.0159 3676	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:47:36.0175 3676	UlSata - ok
19:47:36.0237 3676	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:47:36.0253 3676	ulsata2 - ok
19:47:36.0331 3676	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:47:36.0346 3676	umbus - ok
19:47:36.0424 3676	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:47:36.0440 3676	usbccgp - ok
19:47:36.0518 3676	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:47:36.0565 3676	usbcir - ok
19:47:36.0674 3676	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:47:36.0689 3676	usbehci - ok
19:47:36.0767 3676	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:47:36.0783 3676	usbhub - ok
19:47:36.0845 3676	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:47:36.0892 3676	usbohci - ok
19:47:37.0001 3676	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:47:37.0017 3676	usbprint - ok
19:47:37.0079 3676	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:47:37.0095 3676	usbscan - ok
19:47:37.0189 3676	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:37.0204 3676	USBSTOR - ok
19:47:37.0267 3676	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:47:37.0298 3676	usbuhci - ok
19:47:37.0391 3676	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:47:37.0423 3676	usbvideo - ok
19:47:37.0547 3676	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:37.0579 3676	vga - ok
19:47:37.0625 3676	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:47:37.0641 3676	VgaSave - ok
19:47:37.0735 3676	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:47:37.0735 3676	viaagp - ok
19:47:37.0797 3676	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:47:37.0828 3676	ViaC7 - ok
19:47:37.0906 3676	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:47:37.0922 3676	viaide - ok
19:47:38.0000 3676	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:47:38.0000 3676	volmgr - ok
19:47:38.0093 3676	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:47:38.0109 3676	volmgrx - ok
19:47:38.0187 3676	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:47:38.0203 3676	volsnap - ok
19:47:38.0281 3676	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:47:38.0296 3676	vsmraid - ok
19:47:38.0374 3676	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:47:38.0405 3676	WacomPen - ok
19:47:38.0483 3676	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:38.0499 3676	Wanarp - ok
19:47:38.0515 3676	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:38.0530 3676	Wanarpv6 - ok
19:47:38.0608 3676	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:47:38.0624 3676	Wd - ok
19:47:38.0702 3676	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:47:38.0733 3676	Wdf01000 - ok
19:47:38.0905 3676	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:47:38.0936 3676	WmiAcpi - ok
19:47:38.0998 3676	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:47:39.0029 3676	ws2ifsl - ok
19:47:39.0154 3676	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:39.0185 3676	WUDFRd - ok
19:47:39.0279 3676	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:47:39.0451 3676	\Device\Harddisk0\DR0 - ok
19:47:39.0451 3676	Boot (0x1200)   (2f63655aa58f3ca20117b7b1f05c967d) \Device\Harddisk0\DR0\Partition0
19:47:39.0451 3676	\Device\Harddisk0\DR0\Partition0 - ok
19:47:39.0482 3676	Boot (0x1200)   (6b8d1ffe37b130c198b82788ee570857) \Device\Harddisk0\DR0\Partition1
19:47:39.0482 3676	\Device\Harddisk0\DR0\Partition1 - ok
19:47:39.0482 3676	============================================================
19:47:39.0482 3676	Scan finished
19:47:39.0482 3676	============================================================
19:47:39.0497 3628	Detected object count: 3
19:47:39.0497 3628	Actual detected object count: 3
19:48:33.0411 3628	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:33.0411 3628	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:48:33.0411 3628	DCamUSBDigitalCamera ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:33.0411 3628	DCamUSBDigitalCamera ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:48:33.0411 3628	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
19:48:33.0411 3628	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Ist das soweit ok?

SunSun

Alt 05.02.2012, 20:19   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.02.2012, 20:59   #12
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



So, Combofix ist auch durch

Beim Starten meines FF danach, kam die Meldung, er sei nicht mein Standardbrowser... Das hat mich etwas irritiert...

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-05.02 - MHO 05.02.2012  20:42:59.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2939.2020 [GMT 1:00]
ausgeführt von:: c:\users\MHO\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\Windows\dsdd.dat
c:\programdata\windows\nudr.dat
C:\Thumbs.db
c:\users\MHO\flvplayer.exe
c:\users\MHO\System
c:\users\MHO\System\win_qs.jqx
c:\users\MHO\WINDOWS
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 19:49 . 2012-02-05 19:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-05 18:01 . 2012-02-05 18:01	--------	d-----w-	C:\_OTL
2012-02-03 22:59 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30724656-58BC-482F-9998-A77511982E39}\mpengine.dll
2012-02-01 14:27 . 2012-02-01 14:27	--------	d-----w-	c:\program files\ESET
2012-02-01 13:12 . 2012-02-01 13:12	--------	d-----w-	c:\users\MHO\AppData\Roaming\Malwarebytes
2012-02-01 13:12 . 2012-02-01 13:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-01 13:12 . 2012-02-01 13:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-01 13:12 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-31 09:53 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-31 09:53 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-31 09:53 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-31 09:53 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-31 09:53 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-31 09:53 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-13 09:17 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-13 09:17 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 13:58 . 2012-01-11 13:58	--------	d-----w-	c:\program files\Common Files\deltra Software GmbH
2012-01-11 13:58 . 2010-09-06 14:17	4292096	----a-w-	c:\windows\system32\redemption.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2010-03-29 07:22	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-15 09:08 . 2011-08-08 10:44	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 13:05 . 2011-03-27 15:16	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"starter4g"="c:\windows\starter4g.exe" [2010-02-25 160528]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"TOSCDSPD"=TOSCDSPD.EXE
"AVMUSBFernanschluss"="c:\users\MHO\AppData\Local\Apps\2.0\0NPZ7EB8.6MQ\WKKX5X3Z.PNT\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"cfFncEnabler.exe"=cfFncEnabler.exe
"Corel Print Office 2000"="c:\windows\COREL\StpLnch.exe" /box="Corel Print Office 2000"
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"BrStsMon00"=c:\program files\Browny02\Brother\BrStMonW.exe /AUTORUN
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"NDSTray.exe"=NDSTray.exe
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"RtHDVCpl"=RtHDVCpl.exe
"Skytel"=Skytel.exe
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPO"=c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
"zzzHPSETUP"=F:\Setup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03480449
*Deregistered* - 03480449
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MHO\AppData\Roaming\Mozilla\Firefox\Profiles\5q9g6mzh.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-05 20:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-05  20:52:06
ComboFix-quarantined-files.txt  2012-02-05 19:52
.
Vor Suchlauf: 18 Verzeichnis(se), 69.194.244.096 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 72.872.124.416 Bytes frei
.
- - End Of File - - 500691F8D2A069BF052C44BBCEABD8D2
         
--- --- ---


Ich hoffe, dir gefällt der Verlauf

SunSun

Alt 05.02.2012, 21:50   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.02.2012, 23:26   #14
SunSun
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



So, Aufgaben ausgeführt

Gmer ist tatsächlich 2 mal abgestürzt. Ich habe ihn dann nicht mehr wiederholt

Hier ist der

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:54:39 on 05.02.2012

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\MHO\AppData\Local\Temp\catchme.sys  (File not found)
"DeTeWe OpenCom 36lan" (dtwmnic5) - ? - C:\Windows\System32\DRIVERS\dtwmnic5.sys  (File not found)
"Digital Camera" (DCamUSBDigitalCamera) - ? - C:\Windows\System32\Drivers\mpixvid.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - D:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"starter4g" - "4G Systems GmbH & Co. KG" - C:\Windows\starter4g.exe
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Program Files\Browny02\BrYNSvc.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Internet Manager. OUC" (Internet Manager. RunOuc) - ? - D:\Program Files\UpdateDog\ouc.exe  (File found, but it contains no detailed information)
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - D:\programme\Spybot - Search & Destroy\SDWinSec.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe  (File found, but it contains no detailed information)
"XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\Windows\service4g.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---



Der aswmbr hat etwas gefunden, was ich allerdings schon lange gespeichert hatte, soll ich das entfernen?

Code:
ATTFilter
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-05 22:57:18
-----------------------------
22:57:18.081    OS Version: Windows 6.0.6002 Service Pack 2
22:57:18.081    Number of processors: 1 586 0xF0D
22:57:18.081    ComputerName: MHO  UserName: MHO
22:57:18.970    Initialize success
23:00:10.310    AVAST engine defs: 12020503
23:00:48.952    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:00:48.952    Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
23:00:49.326    Disk 0 MBR read successfully
23:00:49.326    Disk 0 MBR scan
23:00:49.326    Disk 0 Windows VISTA default MBR code
23:00:49.342    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
23:00:49.342    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119078 MB offset 3074048
23:00:49.373    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       117895 MB offset 246945792
23:00:49.388    Disk 0 scanning sectors +488395120
23:00:49.451    Disk 0 scanning C:\Windows\system32\drivers
23:01:00.745    Service scanning
23:01:01.915    Modules scanning
23:01:23.381    Disk 0 trace - called modules:
23:01:23.412    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:01:23.412    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864d0ac8]
23:01:23.412    3 CLASSPNP.SYS[8a1118b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8541c028]
23:01:24.145    AVAST engine scan C:\Windows
23:01:27.577    AVAST engine scan C:\Windows\system32
23:04:11.954    AVAST engine scan C:\Windows\system32\drivers
23:04:26.634    AVAST engine scan C:\Users\MHO
23:08:14.878    File: C:\Users\MHO\Documents\Privat\Witze\Buon_Natale.exe  **INFECTED** Win32:Malware-gen
23:08:15.798    File: C:\Users\MHO\Documents\Privat\Witze\Intelligenztest.exe  **INFECTED** Win32:Malware-gen
23:09:53.501    AVAST engine scan C:\ProgramData
23:10:46.276    Scan finished successfully
23:11:37.990    Disk 0 MBR has been saved successfully to "C:\Users\MHO\Desktop\MBR.dat"
23:11:38.005    The log file has been saved successfully to "C:\Users\MHO\Desktop\aswMBR.txt"
         
So, ich hoffe, wir sind bald durch

Vielen Dank bis hierher schon mal!

SunSun

Alt 05.02.2012, 23:47   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Standard

Avira findet JS/Blacole.E und BDS.Sinowal.yyuc



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Antwort

Themen zu Avira findet JS/Blacole.E und BDS.Sinowal.yyuc
appdata, archiv, avira, befall, cache, datei, eingefangen, enthält, firefox, folge, folgende, fund, gefangen, gefährliche, gmer, hilfe!, hinweis, mozilla, namen, nichts, quarantäne, suche, verschoben, virus



Ähnliche Themen: Avira findet JS/Blacole.E und BDS.Sinowal.yyuc


  1. Avira findet PUA/DownloadGuide.Gen
    Log-Analyse und Auswertung - 25.08.2015 (7)
  2. Avira findet TR/Swrort.A.10259 in chrome.exe | Avira: This is a known false alarm which was fixed with VDF version 7.11.163.82
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  3. Windows 7: TrojanHunter findet Zbot, Sinowal, AgentZ auf Rechner. Wie löschen??
    Log-Analyse und Auswertung - 12.08.2013 (10)
  4. Avira findet TR/Spy.ZBot.ale
    Log-Analyse und Auswertung - 10.07.2013 (11)
  5. Avira meldet JS/Blacole.KH.3 und KH.2 - Server wurde per Ftp infiziert
    Log-Analyse und Auswertung - 10.02.2013 (1)
  6. avira findet 24 viren
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (26)
  7. Win32:Sinowal-IK und IS:Blacole-AF
    Log-Analyse und Auswertung - 15.08.2012 (1)
  8. Emisoft findet Trojan.JS.Blacole!E2
    Log-Analyse und Auswertung - 05.08.2012 (2)
  9. Avira findet folgendes...
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (15)
  10. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  11. BDS/Sinowal.knfal von Avira Antivirus Premium 2012 gefunden
    Log-Analyse und Auswertung - 30.12.2011 (9)
  12. Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (1)
  13. Avira findet Cryptxgen.3
    Log-Analyse und Auswertung - 08.06.2011 (11)
  14. avira findet TR/dropper.gen
    Log-Analyse und Auswertung - 20.08.2010 (1)
  15. Avira findet dr/messen.fy
    Log-Analyse und Auswertung - 03.08.2010 (11)
  16. BOO/Sinowal.A mit Avira gefunden - wie kriege ich ihn raus ?
    Plagegeister aller Art und deren Bekämpfung - 01.10.2009 (23)
  17. Spy Eraser findet Adware.CWS, Malware - Avira findet HEUR/HTML.Malware
    Log-Analyse und Auswertung - 20.10.2008 (1)

Zum Thema Avira findet JS/Blacole.E und BDS.Sinowal.yyuc - Hi, mein Avira hat mir folgenden Befall gemeldet, den ich dann auch in Quarantäne gesteckt habe. C:\Users\MHO\AppData\Local\Mozilla\Firefox\Profiles\5q9g6mzh.default\Cache\1\11\0B4AFd01 [0] Archivtyp: GZ --> object [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.E C:\Users\MHO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\25749234-250d3246 [FUND] - Avira findet JS/Blacole.E und BDS.Sinowal.yyuc...
Archiv
Du betrachtest: Avira findet JS/Blacole.E und BDS.Sinowal.yyuc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.