Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner "System Check" - letzte Schritte?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.03.2012, 16:53   #1
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Hallo,

ich habe/hatte den Trojaner "System Check" auf dem Rechner. Nun habe ich zunächst Malwarebytes Anti-Malwere laufen lassen und dann noch den ESET-Online Scanner.

Die Funde habe ich jeweils im Log (s.u.) und entfernt.

Leider ist mein Desktop immer noch schwarz, Starmenü leer usw. Was tun?

Vielen DANk für Eure Hilfe!
Angehängte Dateien
Dateityp: txt mbam-log-2012-03-01 (13-51-35).txt (3,7 KB, 153x aufgerufen)
Dateityp: txt eset.txt (100 Bytes, 165x aufgerufen)

Alt 01.03.2012, 21:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 02.03.2012, 11:20   #3
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Vielen Dank, Arne, für die schnelle Reaktion.
Ich habe alles gemäß deinen Vorgaben ausgeführt. Beigefügt habe ich OTL.txt:vOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.03.2012 10:59:20 - Run 1
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\mn\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,15% Memory free
6,69 Gb Paging File | 5,42 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 405,66 Gb Free Space | 70,41% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32
 
Computer Name: MN-PC | User Name: mn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.08 12:47:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 12:47:36 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.06.28 06:29:17 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.29 11:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011.03.29 11:54:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011.01.19 11:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009.04.09 11:38:00 | 000,053,248 | ---- | M] () -- C:\Windows\System32\SearchRequire.dll
MOD - [2009.03.22 19:47:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009.02.06 19:37:44 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2009.02.06 19:37:42 | 000,236,544 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2008.12.01 21:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.10.13 23:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.07.27 19:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008.07.27 19:03:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.09 08:08:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.10 22:21:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.07.16 16:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
 
IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.7.7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 12:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.28 19:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.28 18:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions
[2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.08 12:32:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions
[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.08 12:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2009.02.06 19:37:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.01.08 12:47:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.09 15:07:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 15:07:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.09 15:07:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 15:07:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 15:07:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 15:07:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000..\Run: [AdobeBridge]  File not found
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D723FB-EEA3-4269-8B3D-0C0D51F27767}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe
O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {14B6EB22-8A6C-6CF8-8D2D-C183D07264DD} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.02 10:57:49 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe
[2012.03.01 12:15:40 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Malwarebytes
[2012.03.01 12:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.01 12:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012.03.01 12:14:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.01 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.01 11:52:15 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\Simply Super Software
[2012.03.01 11:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Trojan Remover
[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Simply Super Software
[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Simply Super Software
[2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.08 19:20:21 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\FAU
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe
[2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 10:53:48 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.02 10:53:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 10:53:39 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 21:33:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2012.03.01 18:47:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.01 18:47:47 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.01 18:47:47 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.01 18:47:47 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.01 12:15:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r
[2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk
[2012.02.27 17:48:26 | 000,017,408 | -H-- | M] () -- C:\Users\mn\AppData\Local\WebpageIcons.db
[2012.02.23 21:09:01 | 000,016,896 | -H-- | M] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps
[2012.02.23 21:09:01 | 000,015,872 | -H-- | M] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.01 12:15:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.01 11:51:57 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.01 11:51:57 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.01 11:51:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.01 11:51:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.01 11:43:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1r
[2012.03.01 11:43:10 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1
[2012.03.01 11:26:07 | 000,000,609 | -H-- | C] () -- C:\Users\mn\Desktop\System Check.lnk
[2012.03.01 11:26:05 | 000,000,464 | -H-- | C] () -- C:\ProgramData\XIvJR4QXlBU1q1
[2012.02.23 21:09:01 | 000,016,896 | -H-- | C] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps
[2012.02.23 21:09:01 | 000,015,872 | -H-- | C] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps
[2011.05.11 18:41:00 | 000,000,680 | -H-- | C] () -- C:\Users\mn\AppData\Local\d3d9caps.dat
[2010.03.08 19:51:38 | 000,017,408 | -H-- | C] () -- C:\Users\mn\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich
[2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager
[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator
[2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0
[2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ
[2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org
[2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software
[2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird
[2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\MT66 Software Update.job
[2012.03.01 21:53:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich
[2010.04.13 12:17:02 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Adobe
[2009.03.04 00:40:15 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\AdobeAUM
[2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager
[2009.02.06 18:50:41 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ATI
[2009.02.22 20:19:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Corel
[2009.05.22 19:53:12 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\CyberLink
[2012.02.28 17:07:14 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\dvdcss
[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator
[2009.02.06 20:44:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Google
[2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0
[2009.05.12 15:46:48 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\HP
[2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ
[2009.02.06 18:50:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Identities
[2009.02.06 18:49:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Macromedia
[2012.03.01 12:15:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Media Center Programs
[2010.04.28 16:10:21 | 000,000,000 | --SD | M] -- C:\Users\mn\AppData\Roaming\Microsoft
[2009.02.09 19:33:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Mozilla
[2009.07.06 10:02:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Nero
[2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org
[2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software
[2009.06.24 21:03:56 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Skype
[2009.08.26 07:41:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\skypePM
[2009.02.09 19:33:28 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Talkback
[2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird
[2009.02.19 18:37:47 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\vlc
[2009.03.04 14:36:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.03.25 12:12:01 | 006,625,744 | -H-- | M] (High-Logic                                                  ) -- C:\Users\mn\AppData\Roaming\FontCreator\FontCreatorSetup.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.10.03 17:08:52 | 000,183,312 | -H-- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys
[2007.11.01 20:31:44 | 000,122,880 | -H-- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.09 11:38:00 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\system32\Interop.SHDocVw.dll
[2009.04.09 11:38:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SearchRequire.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
--- --- ---
__________________

Alt 02.03.2012, 14:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe
O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe
[2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r
[2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2012, 16:08   #5
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Habe alles wie beschrieben durchgeführt. Hier das Log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found.
C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\images folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content\images folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{120A8821-2BEE-4C29-BCDA-62C577781992} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found.
File C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
File I:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739529f7-f475-11dd-a217-00242119886d}\ not found.
File I:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\CD_Start.exe not found.
C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\XIvJR4QXlBU1q1 moved successfully.
C:\ProgramData\~XIvJR4QXlBU1q1 moved successfully.
C:\ProgramData\~XIvJR4QXlBU1q1r moved successfully.
C:\Users\mn\Desktop\System Check.lnk moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mn
->Temp folder emptied: 1734214825 bytes
->Temporary Internet Files folder emptied: 34605194 bytes
->Java cache emptied: 36457175 bytes
->FireFox cache emptied: 89636239 bytes
->Flash cache emptied: 33760 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 771424 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163974680 bytes
RecycleBin emptied: 1823045089 bytes

Total Files Cleaned = 3.703,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_154559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Alt 02.03.2012, 17:32   #6
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Zwischenstatus: System Check is back ... Popups, Fehlermeldungen usw... ich krieg die Krise.

Alt 02.03.2012, 18:18   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



1. Jetzt NICHT mehr "wild" rumsurfen bis wir durch sind!
2. Mach bitte neue Vollscans mit Malwarebytes und ESET!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2012, 09:58   #8
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Guten Morgen.
In Ordnung. Ich werde mich daran halten.

habe beide Scans durchgeführt. Unten die Logs von Malwarebytes, ESET hat nichts mehr gefunden (kam deswegen kein Log davon?).
Angehängte Dateien
Dateityp: txt mbam-log-2012-03-02 (21-55-09).txt (3,7 KB, 129x aufgerufen)
Dateityp: txt mbam-log-2012-03-02 (20-30-52).txt (3,8 KB, 188x aufgerufen)

Alt 05.03.2012, 12:01   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2012, 14:20   #10
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Code:
ATTFilter
 
14:16:56.0817 2464	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
14:16:56.0963 2464	============================================================
14:16:56.0963 2464	Current date / time: 2012/03/05 14:16:56.0963
14:16:56.0963 2464	SystemInfo:
14:16:56.0963 2464	
14:16:56.0963 2464	OS Version: 6.0.6001 ServicePack: 1.0
14:16:56.0963 2464	Product type: Workstation
14:16:56.0963 2464	ComputerName: MN-PC
14:16:56.0963 2464	UserName: mn
14:16:56.0963 2464	Windows directory: C:\Windows
14:16:56.0963 2464	System windows directory: C:\Windows
14:16:56.0963 2464	Processor architecture: Intel x86
14:16:56.0964 2464	Number of processors: 2
14:16:56.0964 2464	Page size: 0x1000
14:16:56.0964 2464	Boot type: Normal boot
14:16:56.0964 2464	============================================================
14:16:58.0501 2464	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:58.0530 2464	\Device\Harddisk0\DR0:
14:16:58.0530 2464	MBR used
14:16:58.0530 2464	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48054800
14:16:58.0573 2464	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805503F, BlocksNum 0x2801E82
14:16:58.0674 2464	Initialize success
14:16:58.0674 2464	============================================================
14:17:57.0586 3832	============================================================
14:17:57.0586 3832	Scan started
14:17:57.0586 3832	Mode: Manual; SigCheck; TDLFS; 
14:17:57.0586 3832	============================================================
14:17:58.0080 3832	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:17:58.0217 3832	ACPI - ok
14:17:58.0289 3832	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
14:17:58.0301 3832	adfs - ok
14:17:58.0345 3832	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:17:58.0384 3832	adp94xx - ok
14:17:58.0414 3832	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:17:58.0433 3832	adpahci - ok
14:17:58.0463 3832	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:17:58.0477 3832	adpu160m - ok
14:17:58.0516 3832	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:17:58.0550 3832	adpu320 - ok
14:17:58.0610 3832	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:17:58.0677 3832	AFD - ok
14:17:58.0710 3832	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:17:58.0722 3832	agp440 - ok
14:17:58.0780 3832	ahcix86s        (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
14:17:58.0850 3832	ahcix86s - ok
14:17:58.0864 3832	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:17:58.0878 3832	aic78xx - ok
14:17:58.0900 3832	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:17:58.0911 3832	aliide - ok
14:17:58.0926 3832	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:17:58.0938 3832	amdagp - ok
14:17:58.0987 3832	amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
14:17:58.0995 3832	amdide - ok
14:17:59.0010 3832	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:17:59.0104 3832	AmdK7 - ok
14:17:59.0125 3832	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:17:59.0168 3832	AmdK8 - ok
14:17:59.0227 3832	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:17:59.0235 3832	arc - ok
14:17:59.0262 3832	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:17:59.0275 3832	arcsas - ok
14:17:59.0322 3832	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:59.0374 3832	AsyncMac - ok
14:17:59.0408 3832	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
14:17:59.0419 3832	atapi - ok
14:17:59.0592 3832	atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
14:17:59.0891 3832	atikmdag - ok
14:17:59.0916 3832	AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:17:59.0925 3832	AtiPcie - ok
14:18:00.0015 3832	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:18:00.0024 3832	avgio - ok
14:18:00.0071 3832	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
14:18:00.0091 3832	avgntflt - ok
14:18:00.0132 3832	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
14:18:00.0141 3832	avipbb - ok
14:18:00.0188 3832	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:18:00.0257 3832	Beep - ok
14:18:00.0313 3832	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:18:00.0358 3832	blbdrive - ok
14:18:00.0416 3832	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:18:00.0474 3832	bowser - ok
14:18:00.0507 3832	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:18:00.0614 3832	BrFiltLo - ok
14:18:00.0630 3832	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:18:00.0690 3832	BrFiltUp - ok
14:18:00.0735 3832	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:18:00.0907 3832	Brserid - ok
14:18:00.0973 3832	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:18:01.0072 3832	BrSerWdm - ok
14:18:01.0140 3832	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:18:01.0231 3832	BrUsbMdm - ok
14:18:01.0272 3832	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:18:01.0355 3832	BrUsbSer - ok
14:18:01.0394 3832	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:18:01.0477 3832	BTHMODEM - ok
14:18:01.0529 3832	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:18:01.0577 3832	cdfs - ok
14:18:01.0598 3832	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:18:01.0633 3832	cdrom - ok
14:18:01.0659 3832	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:18:01.0708 3832	circlass - ok
14:18:01.0759 3832	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:18:01.0777 3832	CLFS - ok
14:18:01.0860 3832	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:18:01.0890 3832	cmdide - ok
14:18:01.0910 3832	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:18:01.0935 3832	Compbatt - ok
14:18:01.0957 3832	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:18:01.0970 3832	crcdisk - ok
14:18:01.0991 3832	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:18:02.0035 3832	Crusoe - ok
14:18:02.0136 3832	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:18:02.0171 3832	DfsC - ok
14:18:02.0218 3832	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:18:02.0224 3832	disk - ok
14:18:02.0271 3832	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:18:02.0298 3832	drmkaud - ok
14:18:02.0341 3832	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:18:02.0426 3832	DXGKrnl - ok
14:18:02.0468 3832	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:18:02.0524 3832	E1G60 - ok
14:18:02.0547 3832	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:18:02.0561 3832	Ecache - ok
14:18:02.0678 3832	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:18:02.0700 3832	elxstor - ok
14:18:02.0776 3832	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:18:02.0835 3832	ErrDev - ok
14:18:02.0881 3832	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:18:02.0934 3832	exfat - ok
14:18:02.0945 3832	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:18:03.0015 3832	fastfat - ok
14:18:03.0044 3832	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:18:03.0089 3832	fdc - ok
14:18:03.0118 3832	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:18:03.0130 3832	FileInfo - ok
14:18:03.0151 3832	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:18:03.0196 3832	Filetrace - ok
14:18:03.0223 3832	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:18:03.0262 3832	flpydisk - ok
14:18:03.0292 3832	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:18:03.0307 3832	FltMgr - ok
14:18:03.0325 3832	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:18:03.0358 3832	Fs_Rec - ok
14:18:03.0376 3832	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:18:03.0383 3832	gagp30kx - ok
14:18:03.0450 3832	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:18:03.0503 3832	HdAudAddService - ok
14:18:03.0541 3832	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:18:03.0593 3832	HDAudBus - ok
14:18:03.0626 3832	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:18:03.0704 3832	HidBth - ok
14:18:03.0745 3832	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:18:03.0792 3832	HidIr - ok
14:18:03.0840 3832	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:18:03.0877 3832	HidUsb - ok
14:18:03.0902 3832	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:18:03.0911 3832	HpCISSs - ok
14:18:03.0952 3832	HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
14:18:03.0961 3832	HPFXBULK - ok
14:18:04.0019 3832	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:18:04.0118 3832	HTTP - ok
14:18:04.0161 3832	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:18:04.0181 3832	i2omp - ok
14:18:04.0214 3832	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:18:04.0240 3832	i8042prt - ok
14:18:04.0269 3832	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:18:04.0286 3832	iaStorV - ok
14:18:04.0306 3832	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:18:04.0318 3832	iirsp - ok
14:18:04.0424 3832	IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
14:18:04.0580 3832	IntcAzAudAddService - ok
14:18:04.0611 3832	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:18:04.0623 3832	intelide - ok
14:18:04.0635 3832	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:18:04.0677 3832	intelppm - ok
14:18:04.0713 3832	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:18:04.0756 3832	IpFilterDriver - ok
14:18:04.0769 3832	IpInIp - ok
14:18:04.0797 3832	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:18:04.0831 3832	IPMIDRV - ok
14:18:04.0862 3832	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:18:04.0900 3832	IPNAT - ok
14:18:04.0920 3832	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:18:04.0974 3832	IRENUM - ok
14:18:04.0998 3832	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:18:05.0021 3832	isapnp - ok
14:18:05.0075 3832	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:18:05.0089 3832	iScsiPrt - ok
14:18:05.0110 3832	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:18:05.0121 3832	iteatapi - ok
14:18:05.0167 3832	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:18:05.0179 3832	iteraid - ok
14:18:05.0226 3832	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:18:05.0242 3832	kbdclass - ok
14:18:05.0259 3832	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:18:05.0304 3832	kbdhid - ok
14:18:05.0341 3832	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:18:05.0371 3832	KSecDD - ok
14:18:05.0405 3832	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:18:05.0438 3832	lltdio - ok
14:18:05.0518 3832	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:18:05.0531 3832	LSI_FC - ok
14:18:05.0585 3832	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:18:05.0609 3832	LSI_SAS - ok
14:18:05.0627 3832	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:18:05.0641 3832	LSI_SCSI - ok
14:18:05.0667 3832	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:18:05.0717 3832	luafv - ok
14:18:05.0765 3832	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:18:05.0774 3832	MBAMProtector - ok
14:18:05.0824 3832	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:18:05.0835 3832	megasas - ok
14:18:05.0880 3832	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:18:05.0903 3832	MegaSR - ok
14:18:05.0933 3832	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:18:05.0985 3832	Modem - ok
14:18:06.0028 3832	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:18:06.0077 3832	monitor - ok
14:18:06.0104 3832	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:18:06.0115 3832	mouclass - ok
14:18:06.0124 3832	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:18:06.0185 3832	mouhid - ok
14:18:06.0207 3832	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:18:06.0219 3832	MountMgr - ok
14:18:06.0243 3832	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:18:06.0255 3832	mpio - ok
14:18:06.0274 3832	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:18:06.0309 3832	mpsdrv - ok
14:18:06.0363 3832	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:18:06.0374 3832	Mraid35x - ok
14:18:06.0384 3832	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:18:06.0456 3832	MRxDAV - ok
14:18:06.0508 3832	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:18:06.0554 3832	mrxsmb - ok
14:18:06.0603 3832	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:18:06.0635 3832	mrxsmb10 - ok
14:18:06.0644 3832	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:18:06.0682 3832	mrxsmb20 - ok
14:18:06.0709 3832	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:18:06.0727 3832	msahci - ok
14:18:06.0765 3832	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:18:06.0777 3832	msdsm - ok
14:18:06.0813 3832	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:18:06.0859 3832	Msfs - ok
14:18:06.0907 3832	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:18:06.0918 3832	msisadrv - ok
14:18:06.0950 3832	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:18:06.0998 3832	MSKSSRV - ok
14:18:07.0026 3832	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:18:07.0059 3832	MSPCLOCK - ok
14:18:07.0106 3832	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:18:07.0155 3832	MSPQM - ok
14:18:07.0211 3832	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:18:07.0226 3832	MsRPC - ok
14:18:07.0264 3832	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:18:07.0286 3832	mssmbios - ok
14:18:07.0308 3832	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:18:07.0360 3832	MSTEE - ok
14:18:07.0369 3832	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:18:07.0381 3832	Mup - ok
14:18:07.0424 3832	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:18:07.0469 3832	NativeWifiP - ok
14:18:07.0516 3832	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:18:07.0557 3832	NDIS - ok
14:18:07.0566 3832	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:18:07.0603 3832	NdisTapi - ok
14:18:07.0621 3832	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:18:07.0646 3832	Ndisuio - ok
14:18:07.0678 3832	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:18:07.0714 3832	NdisWan - ok
14:18:07.0726 3832	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:18:07.0760 3832	NDProxy - ok
14:18:07.0830 3832	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:18:07.0872 3832	NetBIOS - ok
14:18:07.0922 3832	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:18:07.0968 3832	netbt - ok
14:18:08.0032 3832	netr28u         (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
14:18:08.0116 3832	netr28u - ok
14:18:08.0162 3832	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:18:08.0180 3832	nfrd960 - ok
14:18:08.0233 3832	nmwcd           (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
14:18:08.0299 3832	nmwcd - ok
14:18:08.0329 3832	nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
14:18:08.0367 3832	nmwcdc - ok
14:18:08.0391 3832	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:18:08.0457 3832	Npfs - ok
14:18:08.0482 3832	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:18:08.0532 3832	nsiproxy - ok
14:18:08.0595 3832	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:18:08.0689 3832	Ntfs - ok
14:18:08.0722 3832	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:18:08.0802 3832	ntrigdigi - ok
14:18:08.0830 3832	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:18:08.0878 3832	Null - ok
14:18:08.0906 3832	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:18:08.0942 3832	nvraid - ok
14:18:08.0966 3832	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:18:08.0978 3832	nvstor - ok
14:18:09.0000 3832	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:18:09.0014 3832	nv_agp - ok
14:18:09.0022 3832	NwlnkFlt - ok
14:18:09.0035 3832	NwlnkFwd - ok
14:18:09.0096 3832	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:18:09.0139 3832	ohci1394 - ok
14:18:09.0183 3832	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:18:09.0260 3832	Parport - ok
14:18:09.0294 3832	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:18:09.0306 3832	partmgr - ok
14:18:09.0346 3832	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:18:09.0422 3832	Parvdm - ok
14:18:09.0464 3832	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:18:09.0477 3832	pci - ok
14:18:09.0502 3832	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:18:09.0513 3832	pciide - ok
14:18:09.0550 3832	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:18:09.0564 3832	pcmcia - ok
14:18:09.0617 3832	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:18:09.0733 3832	PEAUTH - ok
14:18:09.0779 3832	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:18:09.0801 3832	PptpMiniport - ok
14:18:09.0834 3832	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:18:09.0872 3832	Processor - ok
14:18:09.0924 3832	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:18:09.0962 3832	PSched - ok
14:18:09.0995 3832	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
14:18:10.0005 3832	PxHelp20 - ok
14:18:10.0072 3832	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:18:10.0156 3832	ql2300 - ok
14:18:10.0186 3832	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:18:10.0198 3832	ql40xx - ok
14:18:10.0243 3832	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:18:10.0274 3832	QWAVEdrv - ok
14:18:10.0292 3832	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:18:10.0326 3832	RasAcd - ok
14:18:10.0363 3832	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:18:10.0399 3832	Rasl2tp - ok
14:18:10.0423 3832	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:18:10.0457 3832	RasPppoe - ok
14:18:10.0466 3832	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:18:10.0503 3832	RasSstp - ok
14:18:10.0529 3832	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:18:10.0584 3832	rdbss - ok
14:18:10.0594 3832	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:18:10.0649 3832	RDPCDD - ok
14:18:10.0675 3832	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:18:10.0714 3832	rdpdr - ok
14:18:10.0725 3832	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:18:10.0789 3832	RDPENCDD - ok
14:18:10.0866 3832	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:18:10.0904 3832	RDPWD - ok
14:18:10.0959 3832	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:18:10.0994 3832	rspndr - ok
14:18:11.0021 3832	RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
14:18:11.0034 3832	RTHDMIAzAudService - ok
14:18:11.0073 3832	RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:18:11.0120 3832	RTL8169 - ok
14:18:11.0149 3832	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:18:11.0174 3832	sbp2port - ok
14:18:11.0202 3832	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:18:11.0295 3832	secdrv - ok
14:18:11.0327 3832	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:18:11.0361 3832	Serenum - ok
14:18:11.0390 3832	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:18:11.0434 3832	Serial - ok
14:18:11.0451 3832	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:18:11.0508 3832	sermouse - ok
14:18:11.0565 3832	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:18:11.0589 3832	sffdisk - ok
14:18:11.0616 3832	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:18:11.0656 3832	sffp_mmc - ok
14:18:11.0678 3832	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:18:11.0751 3832	sffp_sd - ok
14:18:11.0789 3832	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:18:11.0860 3832	sfloppy - ok
14:18:11.0918 3832	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:18:11.0930 3832	sisagp - ok
14:18:11.0971 3832	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:18:12.0000 3832	SiSRaid2 - ok
14:18:12.0021 3832	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:18:12.0034 3832	SiSRaid4 - ok
14:18:12.0061 3832	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:18:12.0111 3832	Smb - ok
14:18:12.0181 3832	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:18:12.0192 3832	spldr - ok
14:18:12.0249 3832	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:18:12.0303 3832	srv - ok
14:18:12.0355 3832	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:18:12.0435 3832	srv2 - ok
14:18:12.0488 3832	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:18:12.0529 3832	srvnet - ok
14:18:12.0628 3832	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:18:12.0636 3832	ssmdrv - ok
14:18:12.0713 3832	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:18:12.0724 3832	swenum - ok
14:18:12.0744 3832	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:18:12.0756 3832	Symc8xx - ok
14:18:12.0777 3832	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:18:12.0788 3832	Sym_hi - ok
14:18:12.0816 3832	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:18:12.0827 3832	Sym_u3 - ok
14:18:12.0923 3832	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
14:18:12.0975 3832	Tcpip - ok
14:18:13.0044 3832	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
14:18:13.0082 3832	Tcpip6 - ok
14:18:13.0129 3832	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:18:13.0177 3832	tcpipreg - ok
14:18:13.0200 3832	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:18:13.0234 3832	TDPIPE - ok
14:18:13.0272 3832	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:18:13.0306 3832	TDTCP - ok
14:18:13.0338 3832	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:18:13.0383 3832	tdx - ok
14:18:13.0409 3832	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:18:13.0427 3832	TermDD - ok
14:18:13.0487 3832	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:18:13.0528 3832	tssecsrv - ok
14:18:13.0568 3832	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:18:13.0596 3832	tunmp - ok
14:18:13.0636 3832	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
14:18:13.0662 3832	tunnel - ok
14:18:13.0688 3832	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:18:13.0700 3832	uagp35 - ok
14:18:13.0747 3832	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:18:13.0786 3832	udfs - ok
14:18:13.0841 3832	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:18:13.0853 3832	uliagpkx - ok
14:18:13.0911 3832	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:18:13.0930 3832	uliahci - ok
14:18:13.0976 3832	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:18:13.0990 3832	UlSata - ok
14:18:14.0034 3832	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:18:14.0071 3832	ulsata2 - ok
14:18:14.0086 3832	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:18:14.0120 3832	umbus - ok
14:18:14.0164 3832	upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:18:14.0196 3832	upperdev - ok
14:18:14.0239 3832	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:18:14.0278 3832	usbccgp - ok
14:18:14.0306 3832	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:18:14.0388 3832	usbcir - ok
14:18:14.0413 3832	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:18:14.0461 3832	usbehci - ok
14:18:14.0497 3832	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:18:14.0560 3832	usbhub - ok
14:18:14.0591 3832	usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
14:18:14.0643 3832	usbohci - ok
14:18:14.0680 3832	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:18:14.0714 3832	usbprint - ok
14:18:14.0753 3832	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:18:14.0787 3832	usbscan - ok
14:18:14.0834 3832	usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
14:18:14.0876 3832	usbser - ok
14:18:14.0911 3832	UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:18:14.0936 3832	UsbserFilt - ok
14:18:14.0994 3832	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:18:15.0059 3832	USBSTOR - ok
14:18:15.0087 3832	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:18:15.0112 3832	usbuhci - ok
14:18:15.0126 3832	uxddrv - ok
14:18:15.0161 3832	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:18:15.0206 3832	vga - ok
14:18:15.0227 3832	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:18:15.0277 3832	VgaSave - ok
14:18:15.0332 3832	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:18:15.0345 3832	viaagp - ok
14:18:15.0383 3832	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:18:15.0433 3832	ViaC7 - ok
14:18:15.0457 3832	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:18:15.0468 3832	viaide - ok
14:18:15.0489 3832	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:18:15.0501 3832	volmgr - ok
14:18:15.0556 3832	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:18:15.0608 3832	volmgrx - ok
14:18:15.0633 3832	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:18:15.0650 3832	volsnap - ok
14:18:15.0700 3832	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:18:15.0714 3832	vsmraid - ok
14:18:15.0756 3832	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:18:15.0818 3832	WacomPen - ok
14:18:15.0836 3832	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:15.0881 3832	Wanarp - ok
14:18:15.0886 3832	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:15.0912 3832	Wanarpv6 - ok
14:18:15.0967 3832	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:18:15.0991 3832	Wd - ok
14:18:16.0079 3832	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:18:16.0106 3832	Wdf01000 - ok
14:18:16.0192 3832	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:18:16.0219 3832	WmiAcpi - ok
14:18:16.0276 3832	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:18:16.0310 3832	WpdUsb - ok
14:18:16.0331 3832	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:18:16.0369 3832	ws2ifsl - ok
14:18:16.0413 3832	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:16.0446 3832	WUDFRd - ok
14:18:16.0479 3832	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:18:16.0699 3832	\Device\Harddisk0\DR0 - ok
14:18:16.0713 3832	Boot (0x1200)   (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0
14:18:16.0714 3832	\Device\Harddisk0\DR0\Partition0 - ok
14:18:16.0740 3832	Boot (0x1200)   (13e2595abc27cbebe285eb718885414d) \Device\Harddisk0\DR0\Partition1
14:18:16.0740 3832	\Device\Harddisk0\DR0\Partition1 - ok
14:18:16.0741 3832	============================================================
14:18:16.0741 3832	Scan finished
14:18:16.0741 3832	============================================================
14:18:16.0758 3592	Detected object count: 0
14:18:16.0758 3592	Actual detected object count: 0
         

Geändert von wrimpus (05.03.2012 um 15:02 Uhr)

Alt 05.03.2012, 14:58   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Warum postest du die Log smal so, mal so?
Bitte immer in CODE-Tags!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2012, 15:03   #12
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



hab ich mich auch gefragt - beim ersten Mal ging's automatisch ...
Hab's jetzt geändert. Bin ich dann jetzt entgültig "clean"?

Alt 05.03.2012, 15:06   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2012, 15:33   #14
wrimpus
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-04.02 - mn 05.03.2012  15:24:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3325.2085 [GMT 1:00]
ausgeführt von:: c:\users\mn\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\mn\AppData\Local\assembly\tmp
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-05 bis 2012-03-05  ))))))))))))))))))))))))))))))
.
.
2012-03-05 14:29 . 2012-03-05 14:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-05 13:51 . 2012-03-05 13:51	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\offreg.dll	ERROR(0x00000005)
2012-03-02 21:00 . 2012-03-02 21:00	--------	d-----w-	c:\program files\ESET
2012-03-02 14:45 . 2012-03-02 14:45	--------	d-----w-	C:\_OTL
2012-03-02 10:01 . 2012-02-08 06:03	6552120	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\mpengine.dll	ERROR(0x00000005)
2012-03-01 11:15 . 2012-03-01 11:15	--------	d-----w-	c:\users\mn\AppData\Roaming\Malwarebytes
2012-03-01 11:14 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-01 11:14 . 2012-03-01 11:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-01 10:51 . 2006-05-25 14:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2012-03-01 10:51 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2012-03-01 10:51 . 2006-06-19 12:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2012-03-01 10:51 . 2002-03-06 00:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2012-03-01 10:51 . 2003-02-02 19:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2012-03-01 10:51 . 2012-03-05 13:41	--------	d-----w-	c:\program files\Trojan Remover
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2008-11-24 09:42	6552120	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2012-01-29 04:10 . 2009-11-11 20:23	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-08 11:47 . 2011-05-08 15:02	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-02 16:05	1833504	----a-w-	c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]
.
2012-03-02 c:\windows\Tasks\MT66 Software Update.job
- c:\program files\Common Files\MT66 Software Update\UpdateClient.exe [2011-12-05 17:44]
.
2012-03-05 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mn\AppData\Roaming\Mozilla\Firefox\Profiles\43puv1li.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-05 15:29
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-05  15:30:46
ComboFix-quarantined-files.txt  2012-03-05 14:30
.
Vor Suchlauf: 12 Verzeichnis(se), 437.604.986.880 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 437.525.524.480 Bytes frei
.
- - End Of File - - 4216B0FF2F7DF52F4DD5FB7A7E70E5F9
         
--- --- ---

Alt 05.03.2012, 16:05   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner "System Check" - letzte Schritte? - Standard

Trojaner "System Check" - letzte Schritte?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner "System Check" - letzte Schritte?
check, desktop, entfern, eset-online, funde, hilfe!, laufe, laufen, leer, log, malwarebytes, scan, schritte, schwarz, system, system check, troja, trojaner, was tun, zunächst



Ähnliche Themen: Trojaner "System Check" - letzte Schritte?


  1. Trojaner " win32 skintrim kz" mit ESET Check gefunden
    Log-Analyse und Auswertung - 06.09.2013 (3)
  2. Avira hat Trojaner "TR/Rogue.KD.853855.1" gefunden und in Quarantäne verschoben --> Sind weitere Schritte notwendig?
    Log-Analyse und Auswertung - 25.02.2013 (11)
  3. Trojaner "System Check" deinstalliert - System sauber?
    Log-Analyse und Auswertung - 11.04.2012 (23)
  4. 'System Check' Virus, die nächsten Schritte?
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (29)
  5. "System Check" - Virus, wie werde ich ihn wieder los
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (23)
  6. "System Check" auch hier
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  7. "System Check" Scareware
    Plagegeister aller Art und deren Bekämpfung - 31.03.2012 (17)
  8. "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?
    Log-Analyse und Auswertung - 27.03.2012 (34)
  9. "System Check" eingefangen und lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (15)
  10. System Check - "Windows - Delayed Write Failed", schwarzer Bildschirm, Datenverlust?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  11. Befall mit "System Check"
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (21)
  12. Problem mit "System Check" Critical error
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (9)
  13. ComboFix-Logfile nach "System Check"-Malware
    Log-Analyse und Auswertung - 03.03.2012 (5)
  14. Infiziert mit "System Check" - System wieder in Ordnung?
    Log-Analyse und Auswertung - 01.03.2012 (24)
  15. Virus "System-Check" hat mich erwischt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  16. Onlinebanking-Trojaner: "Bitte Warten, prüfen wir die letzte Sitzung"
    Plagegeister aller Art und deren Bekämpfung - 19.09.2011 (1)
  17. "UFO-Hacker" nutzt letzte Rechtsmittel gegen Auslieferung an die USA
    Nachrichten - 04.12.2009 (0)

Zum Thema Trojaner "System Check" - letzte Schritte? - Hallo, ich habe/hatte den Trojaner "System Check" auf dem Rechner. Nun habe ich zunächst Malwarebytes Anti-Malwere laufen lassen und dann noch den ESET-Online Scanner. Die Funde habe ich jeweils im - Trojaner "System Check" - letzte Schritte?...
Archiv
Du betrachtest: Trojaner "System Check" - letzte Schritte? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.