Exploit.Java.CVE-2011-3544.jy + Weitere Viren?

xan1m0rphx · 06.03.2012, 21:43

ich werde es nocheinmal Scannen!
Ich habe i-wie die log File verschlampt -.-

xan1m0rphx · 07.03.2012, 00:00

hxxp://www.file-upload.net/download-4170668/Komplette-logs.zip.html

hier die komplette log datei!!
Danke für deine Hilfe!
Habe komplett neu gescannt, mit diesen "Codes" die sie mir bereit gestellt haben.

cosinus · 07.03.2012, 00:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 518637428
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.daemon-search.com/
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=14823d1c00000000000000ff0eca649f
IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-129560445-3818396582-2292848211-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.07 10:31:44 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\Shell - "" = AutoRun
O33 - MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\Shell\AutoRun\command - "" = M:\pushinst.exe
O33 - MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\Shell\AutoRun\command - "" = K:\start.exe /checksection
O33 - MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe -- [2004.10.21 10:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
@Alternate Data Stream - 436 bytes -> C:\Users\Manuel\Desktop\Publication1.ppp:SummaryInformation
:Files
C:\Windows\system32\MSDCSC
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

xan1m0rphx · 07.03.2012, 04:50

Hallo, danke es hat Funktioniert logs sind hier unten

.
Ist es normal das nach diesem Vorgang, das Hochfahren länger dauert?
Als ich mich in mein benutzerkonto eingeloggt habe, musste ich erstmal eine Minute warten bis alles gebootet war.
Ich hoffe das war nur eine "ausnahme".

Und es ist ratsam nach diesen Trojanern die Passwörter zu changen oder?!

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\DefaultNetworkProfile| /E : value set successfully!
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
File M:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
File K:\start.exe /checksection not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
File move failed. F:\Launch.exe scheduled to be moved on reboot.
ADS C:\Users\Manuel\Desktop\Publication1.ppp:SummaryInformation deleted successfully.
========== FILES ==========
C:\Windows\system32\MSDCSC folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manuel
->Temp folder emptied: 8521675 bytes
->Temporary Internet Files folder emptied: 2320744 bytes
->Java cache emptied: 1638733 bytes
->FireFox cache emptied: 740752567 bytes
->Flash cache emptied: 2730 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 55296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24297576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 1392726014 bytes
 
Total Files Cleaned = 2.070,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.0 log created on 03072012_043102

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Launch.exe scheduled to be moved on reboot.
C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Achja eine nebenfrage, wieso wurde Spybot search and Destroy entfernt?
hier auf diesen Board wurde wiese Programm empfohlen.. das verwirrt mich leicht.
Aber wenn das programm nicht nötig ist dann kann mir das ja nur Recht sein, schon eine Anwendung weniger.

cosinus · 07.03.2012, 10:15

Spybot wurde nicht entfernt, sondern der besch...eidene Teatimer. Den empfiehlt eigentlich keiner.

Zitat:

C:\Users\Manuel\Downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe

Was hast du da schon mit dem TDSS-Killer gemacht und warum lädst du dir das Teil ausgerechnet von Softonic?!

xan1m0rphx · 07.03.2012, 14:42

Hab den TDSSKiller von Kaspersky runtergeladen da ich damals ( vor einigen Wochen) mal gedacht habe ein Rootkit scan kann nichts schaden, allerdings bin ich mit nicht mehr sicher ob es Funde gab!

Ich wurde nie darauf hingewiesen das Softonic so "schlimm" ist habe es als neutrales programm (Downlaoder) angesehen. :S

cosinus · 07.03.2012, 15:05

Log vom TDSS-Killer liegt direkt auf C: - alles posten!

xan1m0rphx · 07.03.2012, 15:17

TDSSKiller.2.5.5.0_08.02.2012_03.01.32_log:

Code:

ATTFilter

 2012/02/08 03:01:32.0145 6868	TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2012/02/08 03:01:35.0673 6868	Perform update action was selected
2012/02/08 03:01:35.0688 6064	Deinitialize success

TDSSKiller.2.7.10.0_02.03.2012_02.02.24_log:

Code:

ATTFilter

 02:02:24.0312 5900	TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
02:02:24.0468 5900	============================================================
02:02:24.0468 5900	Current date / time: 2012/03/02 02:02:24.0468
02:02:24.0468 5900	SystemInfo:
02:02:24.0468 5900	
02:02:24.0468 5900	OS Version: 6.1.7600 ServicePack: 0.0
02:02:24.0468 5900	Product type: Workstation
02:02:24.0468 5900	ComputerName: UNKNOWN
02:02:24.0468 5900	UserName: Manuel
02:02:24.0468 5900	Windows directory: C:\Windows
02:02:24.0468 5900	System windows directory: C:\Windows
02:02:24.0468 5900	Running under WOW64
02:02:24.0468 5900	Processor architecture: Intel x64
02:02:24.0468 5900	Number of processors: 4
02:02:24.0468 5900	Page size: 0x1000
02:02:24.0468 5900	Boot type: Normal boot
02:02:24.0468 5900	============================================================
02:02:28.0413 5900	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:02:28.0460 5900	\Device\Harddisk0\DR0:
02:02:28.0460 5900	MBR used
02:02:28.0460 5900	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:02:28.0460 5900	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E8F9000
02:02:28.0460 5900	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E92B800, BlocksNum 0x19258000
02:02:28.0585 5900	Initialize success
02:02:28.0585 5900	============================================================
02:02:30.0987 3324	============================================================
02:02:30.0987 3324	Scan started
02:02:30.0987 3324	Mode: Manual; 
02:02:30.0987 3324	============================================================
02:02:34.0589 3324	1394ohci - ok
02:02:34.0625 3324	ACPI - ok
02:02:34.0658 3324	AcpiPmi - ok
02:02:34.0756 3324	adp94xx - ok
02:02:34.0773 3324	adpahci - ok
02:02:34.0788 3324	adpu320 - ok
02:02:34.0835 3324	AFD - ok
02:02:34.0869 3324	agp440 - ok
02:02:34.0884 3324	aliide - ok
02:02:34.0983 3324	amdide - ok
02:02:35.0004 3324	amdiox64 - ok
02:02:35.0041 3324	AmdK8 - ok
02:02:35.0096 3324	amdkmdag - ok
02:02:35.0103 3324	amdkmdap - ok
02:02:35.0129 3324	AmdPPM - ok
02:02:35.0167 3324	amdsata - ok
02:02:35.0180 3324	amdsbs - ok
02:02:35.0195 3324	amdxata - ok
02:02:35.0226 3324	AODDriver4.0 - ok
02:02:35.0289 3324	AODDriver4.01 - ok
02:02:35.0351 3324	AppID - ok
02:02:35.0507 3324	arc - ok
02:02:35.0570 3324	arcsas - ok
02:02:35.0726 3324	AsyncMac - ok
02:02:35.0726 3324	atapi - ok
02:02:35.0835 3324	AtiHDAudioService - ok
02:02:36.0006 3324	b06bdrv - ok
02:02:36.0022 3324	b57nd60a - ok
02:02:36.0116 3324	Beep - ok
02:02:36.0240 3324	blbdrive - ok
02:02:36.0334 3324	bowser - ok
02:02:36.0365 3324	BrFiltLo - ok
02:02:36.0381 3324	BrFiltUp - ok
02:02:36.0396 3324	Brserid - ok
02:02:36.0396 3324	BrSerWdm - ok
02:02:36.0428 3324	BrUsbMdm - ok
02:02:36.0443 3324	BrUsbSer - ok
02:02:36.0474 3324	BTHMODEM - ok
02:02:36.0521 3324	cdfs - ok
02:02:36.0537 3324	cdrom - ok
02:02:36.0662 3324	circlass - ok
02:02:36.0677 3324	CLFS - ok
02:02:36.0786 3324	CmBatt - ok
02:02:36.0786 3324	cmdide - ok
02:02:36.0802 3324	CNG - ok
02:02:36.0802 3324	Compbatt - ok
02:02:36.0818 3324	CompFilter64 - ok
02:02:36.0833 3324	CompositeBus - ok
02:02:36.0849 3324	crcdisk - ok
02:02:36.0896 3324	CSC - ok
02:02:36.0942 3324	DfsC - ok
02:02:36.0958 3324	discache - ok
02:02:37.0052 3324	Disk - ok
02:02:37.0098 3324	drmkaud - ok
02:02:37.0145 3324	dtsoftbus01 - ok
02:02:37.0161 3324	DXGKrnl - ok
02:02:37.0223 3324	EagleX64 - ok
02:02:37.0239 3324	ebdrv - ok
02:02:37.0301 3324	elxstor - ok
02:02:37.0301 3324	ErrDev - ok
02:02:37.0332 3324	exfat - ok
02:02:37.0395 3324	fastfat - ok
02:02:37.0410 3324	fdc - ok
02:02:37.0426 3324	FileInfo - ok
02:02:37.0442 3324	Filetrace - ok
02:02:37.0457 3324	flpydisk - ok
02:02:37.0473 3324	FltMgr - ok
02:02:37.0504 3324	FsDepends - ok
02:02:37.0504 3324	Fs_Rec - ok
02:02:37.0566 3324	fvevol - ok
02:02:37.0613 3324	gagp30kx - ok
02:02:37.0613 3324	GEARAspiWDM - ok
02:02:37.0644 3324	hamachi - ok
02:02:37.0769 3324	hcw85cir - ok
02:02:37.0800 3324	HdAudAddService - ok
02:02:37.0832 3324	HDAudBus - ok
02:02:37.0847 3324	HidBatt - ok
02:02:37.0847 3324	HidBth - ok
02:02:37.0863 3324	HidIr - ok
02:02:37.0925 3324	HidUsb - ok
02:02:37.0972 3324	HpSAMD - ok
02:02:38.0003 3324	HTTP - ok
02:02:38.0003 3324	hwpolicy - ok
02:02:38.0050 3324	i8042prt - ok
02:02:38.0081 3324	iaStorV - ok
02:02:38.0128 3324	iirsp - ok
02:02:38.0190 3324	IntcAzAudAddService - ok
02:02:38.0190 3324	intelide - ok
02:02:38.0237 3324	intelppm - ok
02:02:38.0253 3324	IpFilterDriver - ok
02:02:38.0268 3324	IPMIDRV - ok
02:02:38.0268 3324	IPNAT - ok
02:02:38.0331 3324	IRENUM - ok
02:02:38.0346 3324	isapnp - ok
02:02:38.0346 3324	iScsiPrt - ok
02:02:38.0409 3324	johci - ok
02:02:38.0440 3324	kbdclass - ok
02:02:38.0456 3324	kbdhid - ok
02:02:38.0487 3324	KL1 - ok
02:02:38.0518 3324	kl2 - ok
02:02:38.0549 3324	KLIF - ok
02:02:38.0612 3324	KLIM6 - ok
02:02:38.0643 3324	klmouflt - ok
02:02:38.0658 3324	KSecDD - ok
02:02:38.0658 3324	KSecPkg - ok
02:02:38.0690 3324	ksthunk - ok
02:02:38.0799 3324	lltdio - ok
02:02:38.0861 3324	LSI_FC - ok
02:02:38.0892 3324	LSI_SAS - ok
02:02:38.0908 3324	LSI_SAS2 - ok
02:02:38.0939 3324	LSI_SCSI - ok
02:02:38.0986 3324	luafv - ok
02:02:39.0033 3324	LVRS64 - ok
02:02:39.0064 3324	LVUVC64 - ok
02:02:39.0080 3324	megasas - ok
02:02:39.0080 3324	MegaSR - ok
02:02:39.0267 3324	MEMSWEEP2 - ok
02:02:39.0314 3324	Modem - ok
02:02:39.0329 3324	monitor - ok
02:02:39.0360 3324	mouclass - ok
02:02:39.0423 3324	mouhid - ok
02:02:39.0423 3324	mountmgr - ok
02:02:39.0438 3324	mpio - ok
02:02:39.0454 3324	mpsdrv - ok
02:02:39.0454 3324	MRxDAV - ok
02:02:39.0470 3324	mrxsmb - ok
02:02:39.0485 3324	mrxsmb10 - ok
02:02:39.0485 3324	mrxsmb20 - ok
02:02:39.0501 3324	msahci - ok
02:02:39.0501 3324	msdsm - ok
02:02:39.0516 3324	Msfs - ok
02:02:39.0532 3324	mshidkmdf - ok
02:02:39.0532 3324	msisadrv - ok
02:02:39.0594 3324	MSKSSRV - ok
02:02:39.0641 3324	MSPCLOCK - ok
02:02:39.0688 3324	MSPQM - ok
02:02:39.0688 3324	MsRPC - ok
02:02:39.0704 3324	mssmbios - ok
02:02:39.0766 3324	MSTEE - ok
02:02:39.0766 3324	MTConfig - ok
02:02:39.0797 3324	Mup - ok
02:02:39.0860 3324	NativeWifiP - ok
02:02:39.0906 3324	NDIS - ok
02:02:39.0953 3324	NdisCap - ok
02:02:40.0000 3324	NdisTapi - ok
02:02:40.0047 3324	Ndisuio - ok
02:02:40.0062 3324	NdisWan - ok
02:02:40.0062 3324	NDProxy - ok
02:02:40.0109 3324	NetBIOS - ok
02:02:40.0109 3324	NetBT - ok
02:02:40.0296 3324	netr28ux - ok
02:02:40.0328 3324	nfrd960 - ok
02:02:40.0515 3324	NPF - ok
02:02:40.0515 3324	Npfs - ok
02:02:40.0593 3324	NPPTNT2 - ok
02:02:40.0593 3324	nsiproxy - ok
02:02:40.0608 3324	Ntfs - ok
02:02:40.0608 3324	Null - ok
02:02:40.0640 3324	nvraid - ok
02:02:40.0640 3324	nvstor - ok
02:02:40.0671 3324	nv_agp - ok
02:02:40.0671 3324	ohci1394 - ok
02:02:40.0749 3324	Parport - ok
02:02:40.0749 3324	partmgr - ok
02:02:40.0764 3324	pci - ok
02:02:40.0764 3324	pciide - ok
02:02:40.0780 3324	pcmcia - ok
02:02:40.0780 3324	pcw - ok
02:02:40.0796 3324	PEAUTH - ok
02:02:40.0952 3324	PptpMiniport - ok
02:02:40.0967 3324	Processor - ok
02:02:41.0108 3324	Psched - ok
02:02:41.0108 3324	ql2300 - ok
02:02:41.0123 3324	ql40xx - ok
02:02:41.0139 3324	QWAVEdrv - ok
02:02:41.0139 3324	RasAcd - ok
02:02:41.0201 3324	RasAgileVpn - ok
02:02:41.0217 3324	Rasl2tp - ok
02:02:41.0248 3324	RasPppoe - ok
02:02:41.0279 3324	RasSstp - ok
02:02:41.0279 3324	rdbss - ok
02:02:41.0295 3324	rdpbus - ok
02:02:41.0295 3324	RDPCDD - ok
02:02:41.0310 3324	RDPDR - ok
02:02:41.0342 3324	RDPENCDD - ok
02:02:41.0357 3324	RDPREFMP - ok
02:02:41.0373 3324	RDPWD - ok
02:02:41.0404 3324	rdyboost - ok
02:02:41.0498 3324	rspndr - ok
02:02:41.0576 3324	RTL8167 - ok
02:02:41.0576 3324	s3cap - ok
02:02:41.0591 3324	sbp2port - ok
02:02:41.0607 3324	scfilter - ok
02:02:41.0669 3324	ScreamBAudioSvc - ok
02:02:41.0716 3324	Serenum - ok
02:02:41.0732 3324	Serial - ok
02:02:41.0778 3324	sermouse - ok
02:02:41.0810 3324	sffdisk - ok
02:02:41.0810 3324	sffp_mmc - ok
02:02:41.0825 3324	sffp_sd - ok
02:02:41.0825 3324	sfloppy - ok
02:02:41.0872 3324	SiSRaid2 - ok
02:02:41.0888 3324	SiSRaid4 - ok
02:02:41.0919 3324	Smb - ok
02:02:41.0997 3324	spldr - ok
02:02:42.0215 3324	srv - ok
02:02:42.0231 3324	srv2 - ok
02:02:42.0231 3324	srvnet - ok
02:02:42.0324 3324	stexstor - ok
02:02:42.0356 3324	storflt - ok
02:02:42.0371 3324	storvsc - ok
02:02:42.0371 3324	swenum - ok
02:02:42.0527 3324	tap0801 - ok
02:02:42.0558 3324	tap0901 - ok
02:02:42.0574 3324	tapoas - ok
02:02:42.0621 3324	Tcpip - ok
02:02:42.0683 3324	TCPIP6 - ok
02:02:42.0683 3324	tcpipreg - ok
02:02:42.0730 3324	TDPIPE - ok
02:02:42.0746 3324	TDTCP - ok
02:02:42.0777 3324	tdx - ok
02:02:42.0792 3324	TermDD - ok
02:02:42.0855 3324	truecrypt - ok
02:02:42.0870 3324	tssecsrv - ok
02:02:42.0902 3324	tunnel - ok
02:02:42.0902 3324	uagp35 - ok
02:02:42.0917 3324	udfs - ok
02:02:42.0980 3324	uliagpkx - ok
02:02:42.0980 3324	umbus - ok
02:02:42.0995 3324	UmPass - ok
02:02:43.0120 3324	usbaudio - ok
02:02:43.0136 3324	usbccgp - ok
02:02:43.0151 3324	usbcir - ok
02:02:43.0167 3324	usbehci - ok
02:02:43.0167 3324	usbhub - ok
02:02:43.0182 3324	usbohci - ok
02:02:43.0182 3324	usbprint - ok
02:02:43.0198 3324	USBSTOR - ok
02:02:43.0198 3324	usbuhci - ok
02:02:43.0214 3324	usbvideo - ok
02:02:43.0276 3324	VBoxDrv - ok
02:02:43.0323 3324	VBoxNetAdp - ok
02:02:43.0338 3324	VBoxNetFlt - ok
02:02:43.0401 3324	VBoxUSBMon - ok
02:02:43.0416 3324	vdrvroot - ok
02:02:43.0463 3324	vga - ok
02:02:43.0479 3324	VgaSave - ok
02:02:43.0479 3324	vhdmp - ok
02:02:43.0494 3324	viaide - ok
02:02:43.0494 3324	vmbus - ok
02:02:43.0510 3324	VMBusHID - ok
02:02:43.0557 3324	volmgr - ok
02:02:43.0557 3324	volmgrx - ok
02:02:43.0572 3324	volsnap - ok
02:02:43.0604 3324	vsmraid - ok
02:02:43.0619 3324	vwifibus - ok
02:02:43.0650 3324	vwififlt - ok
02:02:43.0666 3324	WacomPen - ok
02:02:43.0760 3324	WANARP - ok
02:02:43.0822 3324	Wanarpv6 - ok
02:02:43.0838 3324	Wd - ok
02:02:43.0838 3324	Wdf01000 - ok
02:02:43.0884 3324	WfpLwf - ok
02:02:43.0900 3324	WIMMount - ok
02:02:44.0072 3324	WmiAcpi - ok
02:02:44.0181 3324	ws2ifsl - ok
02:02:44.0196 3324	WudfPf - ok
02:02:44.0274 3324	WUDFRd - ok
02:02:44.0462 3324	MBR (0x1B8)     (1854f68cee30696626621e5b0647ee3d) \Device\Harddisk0\DR0
02:02:44.0883 3324	\Device\Harddisk0\DR0 - ok
02:02:44.0898 3324	Boot (0x1200)   (89d1a493e0b8364a5128c29ecbbcc2f6) \Device\Harddisk0\DR0\Partition0
02:02:44.0898 3324	\Device\Harddisk0\DR0\Partition0 - ok
02:02:44.0945 3324	Boot (0x1200)   (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
02:02:44.0945 3324	\Device\Harddisk0\DR0\Partition1 - ok
02:02:44.0976 3324	Boot (0x1200)   (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
02:02:44.0976 3324	\Device\Harddisk0\DR0\Partition2 - ok
02:02:44.0976 3324	============================================================
02:02:44.0976 3324	Scan finished
02:02:44.0976 3324	============================================================
02:02:45.0008 6084	Detected object count: 0
02:02:45.0008 6084	Actual detected object count: 0
02:02:53.0666 5912	============================================================
02:02:53.0666 5912	Scan started
02:02:53.0666 5912	Mode: Manual; SigCheck; TDLFS; 
02:02:53.0666 5912	============================================================
02:02:53.0946 5912	1394ohci - ok
02:02:53.0946 5912	ACPI - ok
02:02:53.0962 5912	AcpiPmi - ok
02:02:53.0962 5912	adp94xx - ok
02:02:53.0978 5912	adpahci - ok
02:02:53.0978 5912	adpu320 - ok
02:02:54.0009 5912	AFD - ok
02:02:54.0009 5912	agp440 - ok
02:02:54.0024 5912	aliide - ok
02:02:54.0040 5912	amdide - ok
02:02:54.0040 5912	amdiox64 - ok
02:02:54.0056 5912	AmdK8 - ok
02:02:54.0056 5912	amdkmdag - ok
02:02:54.0071 5912	amdkmdap - ok
02:02:54.0071 5912	AmdPPM - ok
02:02:54.0087 5912	amdsata - ok
02:02:54.0087 5912	amdsbs - ok
02:02:54.0102 5912	amdxata - ok
02:02:54.0102 5912	AODDriver4.0 - ok
02:02:54.0118 5912	AODDriver4.01 - ok
02:02:54.0118 5912	AppID - ok
02:02:54.0149 5912	arc - ok
02:02:54.0165 5912	arcsas - ok
02:02:54.0180 5912	AsyncMac - ok
02:02:54.0196 5912	atapi - ok
02:02:54.0196 5912	AtiHDAudioService - ok
02:02:54.0227 5912	b06bdrv - ok
02:02:54.0227 5912	b57nd60a - ok
02:02:54.0243 5912	Beep - ok
02:02:54.0258 5912	blbdrive - ok
02:02:54.0274 5912	bowser - ok
02:02:54.0290 5912	BrFiltLo - ok
02:02:54.0290 5912	BrFiltUp - ok
02:02:54.0305 5912	Brserid - ok
02:02:54.0321 5912	BrSerWdm - ok
02:02:54.0336 5912	BrUsbMdm - ok
02:02:54.0352 5912	BrUsbSer - ok
02:02:54.0383 5912	BTHMODEM - ok
02:02:54.0399 5912	cdfs - ok
02:02:54.0414 5912	cdrom - ok
02:02:54.0430 5912	circlass - ok
02:02:54.0430 5912	CLFS - ok
02:02:54.0461 5912	CmBatt - ok
02:02:54.0477 5912	cmdide - ok
02:02:54.0477 5912	CNG - ok
02:02:54.0492 5912	Compbatt - ok
02:02:54.0508 5912	CompFilter64 - ok
02:02:54.0508 5912	CompositeBus - ok
02:02:54.0524 5912	crcdisk - ok
02:02:54.0539 5912	CSC - ok
02:02:54.0555 5912	DfsC - ok
02:02:54.0570 5912	discache - ok
02:02:54.0570 5912	Disk - ok
02:02:54.0602 5912	drmkaud - ok
02:02:54.0602 5912	dtsoftbus01 - ok
02:02:54.0617 5912	DXGKrnl - ok
02:02:54.0617 5912	EagleX64 - ok
02:02:54.0633 5912	ebdrv - ok
02:02:54.0648 5912	elxstor - ok
02:02:54.0664 5912	ErrDev - ok
02:02:54.0680 5912	exfat - ok
02:02:54.0695 5912	fastfat - ok
02:02:54.0695 5912	fdc - ok
02:02:54.0711 5912	FileInfo - ok
02:02:54.0726 5912	Filetrace - ok
02:02:54.0742 5912	flpydisk - ok
02:02:54.0742 5912	FltMgr - ok
02:02:54.0758 5912	FsDepends - ok
02:02:54.0773 5912	Fs_Rec - ok
02:02:54.0773 5912	fvevol - ok
02:02:54.0789 5912	gagp30kx - ok
02:02:54.0789 5912	GEARAspiWDM - ok
02:02:54.0804 5912	hamachi - ok
02:02:54.0804 5912	hcw85cir - ok
02:02:54.0820 5912	HdAudAddService - ok
02:02:54.0820 5912	HDAudBus - ok
02:02:54.0836 5912	HidBatt - ok
02:02:54.0836 5912	HidBth - ok
02:02:54.0851 5912	HidIr - ok
02:02:54.0867 5912	HidUsb - ok
02:02:54.0882 5912	HpSAMD - ok
02:02:54.0882 5912	HTTP - ok
02:02:54.0898 5912	hwpolicy - ok
02:02:54.0898 5912	i8042prt - ok
02:02:54.0914 5912	iaStorV - ok
02:02:54.0929 5912	iirsp - ok
02:02:54.0945 5912	IntcAzAudAddService - ok
02:02:54.0945 5912	intelide - ok
02:02:54.0960 5912	intelppm - ok
02:02:54.0960 5912	IpFilterDriver - ok
02:02:54.0976 5912	IPMIDRV - ok
02:02:54.0992 5912	IPNAT - ok
02:02:54.0992 5912	IRENUM - ok
02:02:55.0007 5912	isapnp - ok
02:02:55.0007 5912	iScsiPrt - ok
02:02:55.0023 5912	johci - ok
02:02:55.0023 5912	kbdclass - ok
02:02:55.0038 5912	kbdhid - ok
02:02:55.0054 5912	KL1 - ok
02:02:55.0054 5912	kl2 - ok
02:02:55.0070 5912	KLIF - ok
02:02:55.0070 5912	KLIM6 - ok
02:02:55.0085 5912	klmouflt - ok
02:02:55.0085 5912	KSecDD - ok
02:02:55.0101 5912	KSecPkg - ok
02:02:55.0101 5912	ksthunk - ok
02:02:55.0132 5912	lltdio - ok
02:02:55.0148 5912	LSI_FC - ok
02:02:55.0148 5912	LSI_SAS - ok
02:02:55.0163 5912	LSI_SAS2 - ok
02:02:55.0163 5912	LSI_SCSI - ok
02:02:55.0179 5912	luafv - ok
02:02:55.0179 5912	LVRS64 - ok
02:02:55.0194 5912	LVUVC64 - ok
02:02:55.0210 5912	megasas - ok
02:02:55.0210 5912	MegaSR - ok
02:02:55.0226 5912	MEMSWEEP2 - ok
02:02:55.0226 5912	Modem - ok
02:02:55.0241 5912	monitor - ok
02:02:55.0257 5912	mouclass - ok
02:02:55.0257 5912	mouhid - ok
02:02:55.0272 5912	mountmgr - ok
02:02:55.0272 5912	mpio - ok
02:02:55.0288 5912	mpsdrv - ok
02:02:55.0288 5912	MRxDAV - ok
02:02:55.0304 5912	mrxsmb - ok
02:02:55.0304 5912	mrxsmb10 - ok
02:02:55.0319 5912	mrxsmb20 - ok
02:02:55.0319 5912	msahci - ok
02:02:55.0335 5912	msdsm - ok
02:02:55.0350 5912	Msfs - ok
02:02:55.0350 5912	mshidkmdf - ok
02:02:55.0366 5912	msisadrv - ok
02:02:55.0382 5912	MSKSSRV - ok
02:02:55.0382 5912	MSPCLOCK - ok
02:02:55.0397 5912	MSPQM - ok
02:02:55.0397 5912	MsRPC - ok
02:02:55.0413 5912	mssmbios - ok
02:02:55.0428 5912	MSTEE - ok
02:02:55.0428 5912	MTConfig - ok
02:02:55.0444 5912	Mup - ok
02:02:55.0460 5912	NativeWifiP - ok
02:02:55.0460 5912	NDIS - ok
02:02:55.0475 5912	NdisCap - ok
02:02:55.0475 5912	NdisTapi - ok
02:02:55.0491 5912	Ndisuio - ok
02:02:55.0491 5912	NdisWan - ok
02:02:55.0506 5912	NDProxy - ok
02:02:55.0506 5912	NetBIOS - ok
02:02:55.0506 5912	NetBT - ok
02:02:55.0538 5912	netr28ux - ok
02:02:55.0553 5912	nfrd960 - ok
02:02:55.0569 5912	NPF - ok
02:02:55.0584 5912	Npfs - ok
02:02:55.0600 5912	NPPTNT2 - ok
02:02:55.0600 5912	nsiproxy - ok
02:02:55.0616 5912	Ntfs - ok
02:02:55.0631 5912	Null - ok
02:02:55.0631 5912	nvraid - ok
02:02:55.0647 5912	nvstor - ok
02:02:55.0647 5912	nv_agp - ok
02:02:55.0662 5912	ohci1394 - ok
02:02:55.0678 5912	Parport - ok
02:02:55.0678 5912	partmgr - ok
02:02:55.0694 5912	pci - ok
02:02:55.0709 5912	pciide - ok
02:02:55.0709 5912	pcmcia - ok
02:02:55.0725 5912	pcw - ok
02:02:55.0725 5912	PEAUTH - ok
02:02:55.0787 5912	PptpMiniport - ok
02:02:55.0803 5912	Processor - ok
02:02:55.0818 5912	Psched - ok
02:02:55.0834 5912	ql2300 - ok
02:02:55.0834 5912	ql40xx - ok
02:02:55.0850 5912	QWAVEdrv - ok
02:02:55.0865 5912	RasAcd - ok
02:02:55.0865 5912	RasAgileVpn - ok
02:02:55.0881 5912	Rasl2tp - ok
02:02:55.0896 5912	RasPppoe - ok
02:02:55.0896 5912	RasSstp - ok
02:02:55.0896 5912	rdbss - ok
02:02:55.0912 5912	rdpbus - ok
02:02:55.0912 5912	RDPCDD - ok
02:02:55.0928 5912	RDPDR - ok
02:02:55.0943 5912	RDPENCDD - ok
02:02:55.0943 5912	RDPREFMP - ok
02:02:55.0959 5912	RDPWD - ok
02:02:55.0959 5912	rdyboost - ok
02:02:55.0990 5912	rspndr - ok
02:02:56.0006 5912	RTL8167 - ok
02:02:56.0006 5912	s3cap - ok
02:02:56.0021 5912	sbp2port - ok
02:02:56.0037 5912	scfilter - ok
02:02:56.0052 5912	ScreamBAudioSvc - ok
02:02:56.0084 5912	Serenum - ok
02:02:56.0084 5912	Serial - ok
02:02:56.0099 5912	sermouse - ok
02:02:56.0115 5912	sffdisk - ok
02:02:56.0130 5912	sffp_mmc - ok
02:02:56.0130 5912	sffp_sd - ok
02:02:56.0146 5912	sfloppy - ok
02:02:56.0162 5912	SiSRaid2 - ok
02:02:56.0162 5912	SiSRaid4 - ok
02:02:56.0177 5912	Smb - ok
02:02:56.0193 5912	spldr - ok
02:02:56.0224 5912	srv - ok
02:02:56.0224 5912	srv2 - ok
02:02:56.0240 5912	srvnet - ok
02:02:56.0255 5912	stexstor - ok
02:02:56.0271 5912	storflt - ok
02:02:56.0271 5912	storvsc - ok
02:02:56.0286 5912	swenum - ok
02:02:56.0302 5912	tap0801 - ok
02:02:56.0318 5912	tap0901 - ok
02:02:56.0333 5912	tapoas - ok
02:02:56.0333 5912	Tcpip - ok
02:02:56.0349 5912	TCPIP6 - ok
02:02:56.0364 5912	tcpipreg - ok
02:02:56.0364 5912	TDPIPE - ok
02:02:56.0380 5912	TDTCP - ok
02:02:56.0380 5912	tdx - ok
02:02:56.0396 5912	TermDD - ok
02:02:56.0427 5912	truecrypt - ok
02:02:56.0442 5912	tssecsrv - ok
02:02:56.0458 5912	tunnel - ok
02:02:56.0458 5912	uagp35 - ok
02:02:56.0474 5912	udfs - ok
02:02:56.0489 5912	uliagpkx - ok
02:02:56.0489 5912	umbus - ok
02:02:56.0505 5912	UmPass - ok
02:02:56.0520 5912	usbaudio - ok
02:02:56.0520 5912	usbccgp - ok
02:02:56.0536 5912	usbcir - ok
02:02:56.0536 5912	usbehci - ok
02:02:56.0552 5912	usbhub - ok
02:02:56.0552 5912	usbohci - ok
02:02:56.0567 5912	usbprint - ok
02:02:56.0583 5912	USBSTOR - ok
02:02:56.0583 5912	usbuhci - ok
02:02:56.0598 5912	usbvideo - ok
02:02:56.0598 5912	VBoxDrv - ok
02:02:56.0614 5912	VBoxNetAdp - ok
02:02:56.0614 5912	VBoxNetFlt - ok
02:02:56.0630 5912	VBoxUSBMon - ok
02:02:56.0630 5912	vdrvroot - ok
02:02:56.0645 5912	vga - ok
02:02:56.0661 5912	VgaSave - ok
02:02:56.0661 5912	vhdmp - ok
02:02:56.0676 5912	viaide - ok
02:02:56.0676 5912	vmbus - ok
02:02:56.0692 5912	VMBusHID - ok
02:02:56.0692 5912	volmgr - ok
02:02:56.0708 5912	volmgrx - ok
02:02:56.0708 5912	volsnap - ok
02:02:56.0723 5912	vsmraid - ok
02:02:56.0723 5912	vwifibus - ok
02:02:56.0739 5912	vwififlt - ok
02:02:56.0754 5912	WacomPen - ok
02:02:56.0754 5912	WANARP - ok
02:02:56.0770 5912	Wanarpv6 - ok
02:02:56.0786 5912	Wd - ok
02:02:56.0801 5912	Wdf01000 - ok
02:02:56.0832 5912	WfpLwf - ok
02:02:56.0832 5912	WIMMount - ok
02:02:56.0879 5912	WmiAcpi - ok
02:02:56.0910 5912	ws2ifsl - ok
02:02:56.0926 5912	WudfPf - ok
02:02:56.0942 5912	WUDFRd - ok
02:02:57.0020 5912	MBR (0x1B8)     (1854f68cee30696626621e5b0647ee3d) \Device\Harddisk0\DR0
02:02:57.0800 5912	\Device\Harddisk0\DR0 - ok
02:02:57.0846 5912	Boot (0x1200)   (89d1a493e0b8364a5128c29ecbbcc2f6) \Device\Harddisk0\DR0\Partition0
02:02:57.0846 5912	\Device\Harddisk0\DR0\Partition0 - ok
02:02:57.0893 5912	Boot (0x1200)   (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
02:02:57.0893 5912	\Device\Harddisk0\DR0\Partition1 - ok
02:02:57.0956 5912	Boot (0x1200)   (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
02:02:57.0956 5912	\Device\Harddisk0\DR0\Partition2 - ok
02:02:57.0956 5912	============================================================
02:02:57.0956 5912	Scan finished
02:02:57.0956 5912	============================================================
02:02:57.0956 3008	Detected object count: 0
02:02:57.0956 3008	Actual detected object count: 0
02:04:29.0421 3732	Deinitialize success

TDSSKiller.2.7.10.0_08.02.2012_03.02.32_log:

Code:

ATTFilter

  03:02:33.0159 5092	TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
03:02:33.0986 5092	============================================================
03:02:33.0986 5092	Current date / time: 2012/02/08 03:02:33.0986
03:02:33.0986 5092	SystemInfo:
03:02:33.0986 5092	
03:02:33.0986 5092	OS Version: 6.1.7600 ServicePack: 0.0
03:02:33.0986 5092	Product type: Workstation
03:02:33.0986 5092	ComputerName: UNKNOWN
03:02:33.0986 5092	UserName: Manuel
03:02:33.0986 5092	Windows directory: C:\Windows
03:02:33.0986 5092	System windows directory: C:\Windows
03:02:33.0986 5092	Running under WOW64
03:02:33.0986 5092	Processor architecture: Intel x64
03:02:33.0986 5092	Number of processors: 4
03:02:33.0986 5092	Page size: 0x1000
03:02:33.0986 5092	Boot type: Normal boot
03:02:33.0986 5092	============================================================
03:02:41.0369 5092	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:02:41.0415 5092	\Device\Harddisk0\DR0:
03:02:41.0447 5092	MBR used
03:02:41.0447 5092	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:02:41.0447 5092	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E8F9000
03:02:41.0447 5092	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E92B800, BlocksNum 0x19258000
03:02:41.0681 5092	Initialize success
03:02:41.0681 5092	============================================================
03:02:43.0321 6328	============================================================
03:02:43.0321 6328	Scan started
03:02:43.0321 6328	Mode: Manual; 
03:02:43.0321 6328	============================================================
03:02:44.0850 6328	1394ohci - ok
03:02:44.0850 6328	ACPI - ok
03:02:44.0866 6328	AcpiPmi - ok
03:02:45.0413 6328	adp94xx - ok
03:02:45.0491 6328	adpahci - ok
03:02:45.0553 6328	adpu320 - ok
03:02:46.0056 6328	AFD - ok
03:02:46.0134 6328	agp440 - ok
03:02:46.0305 6328	aliide - ok
03:02:46.0570 6328	amdide - ok
03:02:46.0617 6328	amdiox64 - ok
03:02:46.0804 6328	AmdK8 - ok
03:02:46.0929 6328	amdkmdag - ok
03:02:46.0945 6328	amdkmdap - ok
03:02:47.0008 6328	AmdPPM - ok
03:02:47.0273 6328	amdsata - ok
03:02:47.0492 6328	amdsbs - ok
03:02:47.0632 6328	amdxata - ok
03:02:47.0726 6328	AODDriver4.0 - ok
03:02:47.0851 6328	AppID - ok
03:02:48.0024 6328	arc - ok
03:02:48.0040 6328	arcsas - ok
03:02:48.0165 6328	AsyncMac - ok
03:02:48.0180 6328	atapi - ok
03:02:48.0445 6328	AtiHDAudioService - ok
03:02:49.0397 6328	b06bdrv - ok
03:02:49.0475 6328	b57nd60a - ok
03:02:49.0678 6328	Beep - ok
03:02:49.0740 6328	blbdrive - ok
03:02:49.0756 6328	bowser - ok
03:02:49.0787 6328	BrFiltLo - ok
03:02:49.0787 6328	BrFiltUp - ok
03:02:49.0803 6328	Brserid - ok
03:02:49.0818 6328	BrSerWdm - ok
03:02:49.0834 6328	BrUsbMdm - ok
03:02:49.0834 6328	BrUsbSer - ok
03:02:49.0849 6328	BTHMODEM - ok
03:02:49.0865 6328	cdfs - ok
03:02:49.0881 6328	cdrom - ok
03:02:49.0943 6328	circlass - ok
03:02:49.0943 6328	CLFS - ok
03:02:49.0959 6328	CmBatt - ok
03:02:49.0974 6328	cmdide - ok
03:02:49.0990 6328	CNG - ok
03:02:49.0990 6328	Compbatt - ok
03:02:50.0005 6328	CompFilter64 - ok
03:02:50.0068 6328	CompositeBus - ok
03:02:50.0068 6328	crcdisk - ok
03:02:50.0099 6328	CSC - ok
03:02:50.0115 6328	DfsC - ok
03:02:50.0130 6328	discache - ok
03:02:50.0208 6328	Disk - ok
03:02:50.0239 6328	drmkaud - ok
03:02:50.0255 6328	dtsoftbus01 - ok
03:02:50.0271 6328	DXGKrnl - ok
03:02:50.0302 6328	EagleX64 - ok
03:02:50.0317 6328	ebdrv - ok
03:02:50.0349 6328	elxstor - ok
03:02:50.0364 6328	ErrDev - ok
03:02:50.0427 6328	exfat - ok
03:02:50.0427 6328	fastfat - ok
03:02:50.0442 6328	fdc - ok
03:02:50.0473 6328	FileInfo - ok
03:02:50.0473 6328	Filetrace - ok
03:02:50.0489 6328	flpydisk - ok
03:02:50.0505 6328	FltMgr - ok
03:02:50.0520 6328	FsDepends - ok
03:02:50.0536 6328	Fs_Rec - ok
03:02:50.0536 6328	fvevol - ok
03:02:50.0551 6328	gagp30kx - ok
03:02:50.0567 6328	GEARAspiWDM - ok
03:02:50.0567 6328	hcw85cir - ok
03:02:50.0614 6328	HdAudAddService - ok
03:02:50.0629 6328	HDAudBus - ok
03:02:50.0629 6328	HidBatt - ok
03:02:50.0645 6328	HidBth - ok
03:02:50.0661 6328	HidIr - ok
03:02:50.0692 6328	HidUsb - ok
03:02:50.0723 6328	HpSAMD - ok
03:02:50.0739 6328	HTTP - ok
03:02:50.0754 6328	hwpolicy - ok
03:02:50.0770 6328	i8042prt - ok
03:02:50.0770 6328	iaStorV - ok
03:02:50.0785 6328	iirsp - ok
03:02:50.0801 6328	intelide - ok
03:02:50.0832 6328	intelppm - ok
03:02:50.0848 6328	IpFilterDriver - ok
03:02:50.0863 6328	IPMIDRV - ok
03:02:50.0863 6328	IPNAT - ok
03:02:50.0895 6328	IRENUM - ok
03:02:50.0910 6328	isapnp - ok
03:02:50.0926 6328	iScsiPrt - ok
03:02:50.0926 6328	kbdclass - ok
03:02:50.0941 6328	kbdhid - ok
03:02:50.0988 6328	KL1 - ok
03:02:50.0988 6328	kl2 - ok
03:02:51.0004 6328	KLIF - ok
03:02:51.0019 6328	KLIM6 - ok
03:02:51.0019 6328	klmouflt - ok
03:02:51.0035 6328	KSecDD - ok
03:02:51.0035 6328	KSecPkg - ok
03:02:51.0051 6328	ksthunk - ok
03:02:51.0113 6328	lltdio - ok
03:02:51.0144 6328	LSI_FC - ok
03:02:51.0160 6328	LSI_SAS - ok
03:02:51.0175 6328	LSI_SAS2 - ok
03:02:51.0191 6328	LSI_SCSI - ok
03:02:51.0191 6328	luafv - ok
03:02:51.0207 6328	LVRS64 - ok
03:02:51.0238 6328	LVUVC64 - ok
03:02:51.0253 6328	megasas - ok
03:02:51.0269 6328	MegaSR - ok
03:02:51.0363 6328	MEMSWEEP2 - ok
03:02:51.0378 6328	Modem - ok
03:02:51.0394 6328	monitor - ok
03:02:51.0409 6328	mouclass - ok
03:02:51.0425 6328	mouhid - ok
03:02:51.0425 6328	mountmgr - ok
03:02:51.0441 6328	mpio - ok
03:02:51.0441 6328	mpsdrv - ok
03:02:51.0456 6328	MRxDAV - ok
03:02:51.0472 6328	mrxsmb - ok
03:02:51.0487 6328	mrxsmb10 - ok
03:02:51.0487 6328	mrxsmb20 - ok
03:02:51.0503 6328	msahci - ok
03:02:51.0503 6328	msdsm - ok
03:02:51.0519 6328	Msfs - ok
03:02:51.0534 6328	mshidkmdf - ok
03:02:51.0550 6328	msisadrv - ok
03:02:51.0581 6328	MSKSSRV - ok
03:02:51.0597 6328	MSPCLOCK - ok
03:02:51.0643 6328	MSPQM - ok
03:02:51.0659 6328	MsRPC - ok
03:02:51.0675 6328	mssmbios - ok
03:02:51.0675 6328	MSTEE - ok
03:02:51.0690 6328	MTConfig - ok
03:02:51.0706 6328	Mup - ok
03:02:51.0737 6328	NativeWifiP - ok
03:02:51.0753 6328	NDIS - ok
03:02:51.0753 6328	NdisCap - ok
03:02:51.0768 6328	NdisTapi - ok
03:02:51.0784 6328	Ndisuio - ok
03:02:51.0784 6328	NdisWan - ok
03:02:51.0799 6328	NDProxy - ok
03:02:51.0815 6328	NetBIOS - ok
03:02:51.0831 6328	NetBT - ok
03:02:51.0877 6328	netr28ux - ok
03:02:51.0909 6328	nfrd960 - ok
03:02:51.0955 6328	Npfs - ok
03:02:52.0002 6328	NPPTNT2 - ok
03:02:52.0018 6328	nsiproxy - ok
03:02:52.0033 6328	Ntfs - ok
03:02:52.0049 6328	Null - ok
03:02:52.0065 6328	nvraid - ok
03:02:52.0065 6328	nvstor - ok
03:02:52.0080 6328	nv_agp - ok
03:02:52.0096 6328	ohci1394 - ok
03:02:52.0127 6328	Parport - ok
03:02:52.0143 6328	partmgr - ok
03:02:52.0158 6328	pci - ok
03:02:52.0158 6328	pciide - ok
03:02:52.0174 6328	pcmcia - ok
03:02:52.0174 6328	pcw - ok
03:02:52.0189 6328	PEAUTH - ok
03:02:52.0283 6328	PptpMiniport - ok
03:02:52.0283 6328	Processor - ok
03:02:52.0314 6328	Psched - ok
03:02:52.0314 6328	ql2300 - ok
03:02:52.0330 6328	ql40xx - ok
03:02:52.0345 6328	QWAVEdrv - ok
03:02:52.0345 6328	RasAcd - ok
03:02:52.0361 6328	RasAgileVpn - ok
03:02:52.0377 6328	Rasl2tp - ok
03:02:52.0439 6328	RasPppoe - ok
03:02:52.0470 6328	RasSstp - ok
03:02:52.0470 6328	rdbss - ok
03:02:52.0486 6328	rdpbus - ok
03:02:52.0501 6328	RDPCDD - ok
03:02:52.0517 6328	RDPDR - ok
03:02:52.0533 6328	RDPENCDD - ok
03:02:52.0533 6328	RDPREFMP - ok
03:02:52.0548 6328	RDPWD - ok
03:02:52.0579 6328	rdyboost - ok
03:02:52.0611 6328	rspndr - ok
03:02:52.0642 6328	RTL8167 - ok
03:02:52.0657 6328	s3cap - ok
03:02:52.0673 6328	sbp2port - ok
03:02:52.0689 6328	scfilter - ok
03:02:52.0735 6328	secdrv - ok
03:02:52.0767 6328	Serenum - ok
03:02:52.0782 6328	Serial - ok
03:02:52.0798 6328	sermouse - ok
03:02:52.0829 6328	sffdisk - ok
03:02:52.0829 6328	sffp_mmc - ok
03:02:52.0845 6328	sffp_sd - ok
03:02:52.0860 6328	sfloppy - ok
03:02:52.0923 6328	SiSRaid2 - ok
03:02:52.0923 6328	SiSRaid4 - ok
03:02:52.0954 6328	Smb - ok
03:02:52.0969 6328	spldr - ok
03:02:52.0985 6328	srv - ok
03:02:53.0001 6328	srv2 - ok
03:02:53.0001 6328	srvnet - ok
03:02:53.0047 6328	stexstor - ok
03:02:53.0079 6328	storflt - ok
03:02:53.0094 6328	storvsc - ok
03:02:53.0094 6328	swenum - ok
03:02:53.0203 6328	tap0801 - ok
03:02:53.0250 6328	tap0901 - ok
03:02:53.0266 6328	tapoas - ok
03:02:53.0281 6328	Tcpip - ok
03:02:53.0297 6328	TCPIP6 - ok
03:02:53.0313 6328	tcpipreg - ok
03:02:53.0328 6328	TDPIPE - ok
03:02:53.0328 6328	TDTCP - ok
03:02:53.0344 6328	tdx - ok
03:02:53.0453 6328	TermDD - ok
03:02:53.0500 6328	truecrypt - ok
03:02:53.0515 6328	tssecsrv - ok
03:02:53.0562 6328	tunnel - ok
03:02:53.0578 6328	uagp35 - ok
03:02:53.0578 6328	udfs - ok
03:02:53.0609 6328	uliagpkx - ok
03:02:53.0625 6328	umbus - ok
03:02:53.0656 6328	UmPass - ok
03:02:53.0827 6328	usbaudio - ok
03:02:53.0843 6328	usbccgp - ok
03:02:53.0843 6328	usbcir - ok
03:02:53.0859 6328	usbehci - ok
03:02:53.0874 6328	usbhub - ok
03:02:53.0874 6328	usbohci - ok
03:02:53.0890 6328	usbprint - ok
03:02:53.0905 6328	USBSTOR - ok
03:02:53.0905 6328	usbuhci - ok
03:02:53.0921 6328	usbvideo - ok
03:02:53.0968 6328	vdrvroot - ok
03:02:53.0999 6328	vga - ok
03:02:54.0015 6328	VgaSave - ok
03:02:54.0030 6328	vhdmp - ok
03:02:54.0030 6328	viaide - ok
03:02:54.0046 6328	vmbus - ok
03:02:54.0046 6328	VMBusHID - ok
03:02:54.0061 6328	volmgr - ok
03:02:54.0077 6328	volmgrx - ok
03:02:54.0077 6328	volsnap - ok
03:02:54.0108 6328	vsmraid - ok
03:02:54.0124 6328	vwifibus - ok
03:02:54.0139 6328	vwififlt - ok
03:02:54.0186 6328	WacomPen - ok
03:02:54.0327 6328	WANARP - ok
03:02:54.0420 6328	Wanarpv6 - ok
03:02:54.0436 6328	Wd - ok
03:02:54.0451 6328	Wdf01000 - ok
03:02:54.0529 6328	WfpLwf - ok
03:02:54.0529 6328	WIMMount - ok
03:02:54.0732 6328	WmiAcpi - ok
03:02:54.0779 6328	ws2ifsl - ok
03:02:54.0795 6328	WudfPf - ok
03:02:54.0888 6328	WUDFRd - ok
03:02:54.0935 6328	MBR (0x1B8)     (ddc4773eef68ef7fac87cf9235395cab) \Device\Harddisk0\DR0
03:02:56.0074 6328	\Device\Harddisk0\DR0 - ok
03:02:56.0105 6328	Boot (0x1200)   (0b7917c20fe128bc0e3b3ee7d2b9c084) \Device\Harddisk0\DR0\Partition0
03:02:56.0105 6328	\Device\Harddisk0\DR0\Partition0 - ok
03:02:56.0121 6328	Boot (0x1200)   (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
03:02:56.0121 6328	\Device\Harddisk0\DR0\Partition1 - ok
03:02:56.0152 6328	Boot (0x1200)   (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
03:02:56.0152 6328	\Device\Harddisk0\DR0\Partition2 - ok
03:02:56.0152 6328	============================================================
03:02:56.0152 6328	Scan finished
03:02:56.0152 6328	============================================================
03:02:56.0167 6128	Detected object count: 0
03:02:56.0167 6128	Actual detected object count: 0
03:03:05.0187 5080	============================================================
03:03:05.0187 5080	Scan started
03:03:05.0187 5080	Mode: Manual; SigCheck; TDLFS; 
03:03:05.0187 5080	============================================================
03:03:06.0248 5080	1394ohci - ok
03:03:06.0264 5080	ACPI - ok
03:03:06.0279 5080	AcpiPmi - ok
03:03:06.0279 5080	adp94xx - ok
03:03:06.0295 5080	adpahci - ok
03:03:06.0310 5080	adpu320 - ok
03:03:06.0326 5080	AFD - ok
03:03:06.0326 5080	agp440 - ok
03:03:06.0342 5080	aliide - ok
03:03:06.0373 5080	amdide - ok
03:03:06.0388 5080	amdiox64 - ok
03:03:06.0388 5080	AmdK8 - ok
03:03:06.0404 5080	amdkmdag - ok
03:03:06.0420 5080	amdkmdap - ok
03:03:06.0420 5080	AmdPPM - ok
03:03:06.0435 5080	amdsata - ok
03:03:06.0435 5080	amdsbs - ok
03:03:06.0451 5080	amdxata - ok
03:03:06.0466 5080	AODDriver4.0 - ok
03:03:06.0466 5080	AppID - ok
03:03:06.0498 5080	arc - ok
03:03:06.0513 5080	arcsas - ok
03:03:06.0513 5080	AsyncMac - ok
03:03:06.0529 5080	atapi - ok
03:03:06.0544 5080	AtiHDAudioService - ok
03:03:06.0560 5080	b06bdrv - ok
03:03:06.0576 5080	b57nd60a - ok
03:03:06.0591 5080	Beep - ok
03:03:06.0607 5080	blbdrive - ok
03:03:06.0622 5080	bowser - ok
03:03:06.0638 5080	BrFiltLo - ok
03:03:06.0638 5080	BrFiltUp - ok
03:03:06.0654 5080	Brserid - ok
03:03:06.0669 5080	BrSerWdm - ok
03:03:06.0685 5080	BrUsbMdm - ok
03:03:06.0685 5080	BrUsbSer - ok
03:03:06.0700 5080	BTHMODEM - ok
03:03:06.0716 5080	cdfs - ok
03:03:06.0716 5080	cdrom - ok
03:03:06.0732 5080	circlass - ok
03:03:06.0747 5080	CLFS - ok
03:03:06.0763 5080	CmBatt - ok
03:03:06.0778 5080	cmdide - ok
03:03:06.0778 5080	CNG - ok
03:03:06.0794 5080	Compbatt - ok
03:03:06.0810 5080	CompFilter64 - ok
03:03:06.0810 5080	CompositeBus - ok
03:03:06.0825 5080	crcdisk - ok
03:03:06.0841 5080	CSC - ok
03:03:06.0872 5080	DfsC - ok
03:03:06.0888 5080	discache - ok
03:03:06.0903 5080	Disk - ok
03:03:06.0919 5080	drmkaud - ok
03:03:06.0934 5080	dtsoftbus01 - ok
03:03:06.0950 5080	DXGKrnl - ok
03:03:06.0950 5080	EagleX64 - ok
03:03:06.0966 5080	ebdrv - ok
03:03:06.0997 5080	elxstor - ok
03:03:06.0997 5080	ErrDev - ok
03:03:07.0028 5080	exfat - ok
03:03:07.0028 5080	fastfat - ok
03:03:07.0044 5080	fdc - ok
03:03:07.0059 5080	FileInfo - ok
03:03:07.0075 5080	Filetrace - ok
03:03:07.0090 5080	flpydisk - ok
03:03:07.0090 5080	FltMgr - ok
03:03:07.0106 5080	FsDepends - ok
03:03:07.0122 5080	Fs_Rec - ok
03:03:07.0137 5080	fvevol - ok
03:03:07.0137 5080	gagp30kx - ok
03:03:07.0153 5080	GEARAspiWDM - ok
03:03:07.0168 5080	hcw85cir - ok
03:03:07.0168 5080	HdAudAddService - ok
03:03:07.0184 5080	HDAudBus - ok
03:03:07.0200 5080	HidBatt - ok
03:03:07.0200 5080	HidBth - ok
03:03:07.0215 5080	HidIr - ok
03:03:07.0231 5080	HidUsb - ok
03:03:07.0246 5080	HpSAMD - ok
03:03:07.0262 5080	HTTP - ok
03:03:07.0262 5080	hwpolicy - ok
03:03:07.0278 5080	i8042prt - ok
03:03:07.0278 5080	iaStorV - ok
03:03:07.0293 5080	iirsp - ok
03:03:07.0309 5080	intelide - ok
03:03:07.0324 5080	intelppm - ok
03:03:07.0340 5080	IpFilterDriver - ok
03:03:07.0356 5080	IPMIDRV - ok
03:03:07.0356 5080	IPNAT - ok
03:03:07.0371 5080	IRENUM - ok
03:03:07.0387 5080	isapnp - ok
03:03:07.0387 5080	iScsiPrt - ok
03:03:07.0402 5080	kbdclass - ok
03:03:07.0402 5080	kbdhid - ok
03:03:07.0465 5080	KL1 - ok
03:03:07.0480 5080	kl2 - ok
03:03:07.0480 5080	KLIF - ok
03:03:07.0496 5080	KLIM6 - ok
03:03:07.0512 5080	klmouflt - ok
03:03:07.0512 5080	KSecDD - ok
03:03:07.0527 5080	KSecPkg - ok
03:03:07.0527 5080	ksthunk - ok
03:03:07.0558 5080	lltdio - ok
03:03:07.0590 5080	LSI_FC - ok
03:03:07.0590 5080	LSI_SAS - ok
03:03:07.0605 5080	LSI_SAS2 - ok
03:03:07.0621 5080	LSI_SCSI - ok
03:03:07.0621 5080	luafv - ok
03:03:07.0636 5080	LVRS64 - ok
03:03:07.0636 5080	LVUVC64 - ok
03:03:07.0652 5080	megasas - ok
03:03:07.0668 5080	MegaSR - ok
03:03:07.0668 5080	MEMSWEEP2 - ok
03:03:07.0683 5080	Modem - ok
03:03:07.0699 5080	monitor - ok
03:03:07.0714 5080	mouclass - ok
03:03:07.0714 5080	mouhid - ok
03:03:07.0730 5080	mountmgr - ok
03:03:07.0746 5080	mpio - ok
03:03:07.0746 5080	mpsdrv - ok
03:03:07.0761 5080	MRxDAV - ok
03:03:07.0777 5080	mrxsmb - ok
03:03:07.0777 5080	mrxsmb10 - ok
03:03:07.0792 5080	mrxsmb20 - ok
03:03:07.0808 5080	msahci - ok
03:03:07.0808 5080	msdsm - ok
03:03:07.0839 5080	Msfs - ok
03:03:07.0839 5080	mshidkmdf - ok
03:03:07.0886 5080	msisadrv - ok
03:03:07.0902 5080	MSKSSRV - ok
03:03:07.0902 5080	MSPCLOCK - ok
03:03:07.0917 5080	MSPQM - ok
03:03:07.0933 5080	MsRPC - ok
03:03:07.0948 5080	mssmbios - ok
03:03:07.0948 5080	MSTEE - ok
03:03:07.0964 5080	MTConfig - ok
03:03:07.0964 5080	Mup - ok
03:03:07.0980 5080	NativeWifiP - ok
03:03:07.0995 5080	NDIS - ok
03:03:08.0011 5080	NdisCap - ok
03:03:08.0011 5080	NdisTapi - ok
03:03:08.0026 5080	Ndisuio - ok
03:03:08.0026 5080	NdisWan - ok
03:03:08.0042 5080	NDProxy - ok
03:03:08.0058 5080	NetBIOS - ok
03:03:08.0058 5080	NetBT - ok
03:03:08.0089 5080	netr28ux - ok
03:03:08.0104 5080	nfrd960 - ok
03:03:08.0104 5080	Npfs - ok
03:03:08.0120 5080	NPPTNT2 - ok
03:03:08.0136 5080	nsiproxy - ok
03:03:08.0151 5080	Ntfs - ok
03:03:08.0167 5080	Null - ok
03:03:08.0182 5080	nvraid - ok
03:03:08.0182 5080	nvstor - ok
03:03:08.0198 5080	nv_agp - ok
03:03:08.0198 5080	ohci1394 - ok
03:03:08.0229 5080	Parport - ok
03:03:08.0229 5080	partmgr - ok
03:03:08.0245 5080	pci - ok
03:03:08.0260 5080	pciide - ok
03:03:08.0276 5080	pcmcia - ok
03:03:08.0276 5080	pcw - ok
03:03:08.0292 5080	PEAUTH - ok
03:03:08.0370 5080	PptpMiniport - ok
03:03:08.0370 5080	Processor - ok
03:03:08.0385 5080	Psched - ok
03:03:08.0401 5080	ql2300 - ok
03:03:08.0416 5080	ql40xx - ok
03:03:08.0416 5080	QWAVEdrv - ok
03:03:08.0432 5080	RasAcd - ok
03:03:08.0448 5080	RasAgileVpn - ok
03:03:08.0463 5080	Rasl2tp - ok
03:03:08.0479 5080	RasPppoe - ok
03:03:08.0479 5080	RasSstp - ok
03:03:08.0494 5080	rdbss - ok
03:03:08.0510 5080	rdpbus - ok
03:03:08.0510 5080	RDPCDD - ok
03:03:08.0526 5080	RDPDR - ok
03:03:08.0541 5080	RDPENCDD - ok
03:03:08.0557 5080	RDPREFMP - ok
03:03:08.0557 5080	RDPWD - ok
03:03:08.0572 5080	rdyboost - ok
03:03:08.0604 5080	rspndr - ok
03:03:08.0619 5080	RTL8167 - ok
03:03:08.0619 5080	s3cap - ok
03:03:08.0635 5080	sbp2port - ok
03:03:08.0650 5080	scfilter - ok
03:03:08.0682 5080	secdrv - ok
03:03:08.0697 5080	Serenum - ok
03:03:08.0713 5080	Serial - ok
03:03:08.0728 5080	sermouse - ok
03:03:08.0760 5080	sffdisk - ok
03:03:08.0760 5080	sffp_mmc - ok
03:03:08.0775 5080	sffp_sd - ok
03:03:08.0775 5080	sfloppy - ok
03:03:08.0806 5080	SiSRaid2 - ok
03:03:08.0806 5080	SiSRaid4 - ok
03:03:08.0822 5080	Smb - ok
03:03:08.0838 5080	spldr - ok
03:03:08.0869 5080	srv - ok
03:03:08.0869 5080	srv2 - ok
03:03:08.0884 5080	srvnet - ok
03:03:08.0900 5080	stexstor - ok
03:03:08.0916 5080	storflt - ok
03:03:08.0931 5080	storvsc - ok
03:03:08.0931 5080	swenum - ok
03:03:08.0962 5080	tap0801 - ok
03:03:08.0978 5080	tap0901 - ok
03:03:08.0994 5080	tapoas - ok
03:03:09.0009 5080	Tcpip - ok
03:03:09.0009 5080	TCPIP6 - ok
03:03:09.0025 5080	tcpipreg - ok
03:03:09.0040 5080	TDPIPE - ok
03:03:09.0056 5080	TDTCP - ok
03:03:09.0056 5080	tdx - ok
03:03:09.0072 5080	TermDD - ok
03:03:09.0103 5080	truecrypt - ok
03:03:09.0118 5080	tssecsrv - ok
03:03:09.0134 5080	tunnel - ok
03:03:09.0134 5080	uagp35 - ok
03:03:09.0150 5080	udfs - ok
03:03:09.0181 5080	uliagpkx - ok
03:03:09.0181 5080	umbus - ok
03:03:09.0196 5080	UmPass - ok
03:03:09.0212 5080	usbaudio - ok
03:03:09.0228 5080	usbccgp - ok
03:03:09.0228 5080	usbcir - ok
03:03:09.0243 5080	usbehci - ok
03:03:09.0243 5080	usbhub - ok
03:03:09.0259 5080	usbohci - ok
03:03:09.0259 5080	usbprint - ok
03:03:09.0274 5080	USBSTOR - ok
03:03:09.0290 5080	usbuhci - ok
03:03:09.0290 5080	usbvideo - ok
03:03:09.0306 5080	vdrvroot - ok
03:03:09.0321 5080	vga - ok
03:03:09.0337 5080	VgaSave - ok
03:03:09.0337 5080	vhdmp - ok
03:03:09.0352 5080	viaide - ok
03:03:09.0368 5080	vmbus - ok
03:03:09.0368 5080	VMBusHID - ok
03:03:09.0384 5080	volmgr - ok
03:03:09.0384 5080	volmgrx - ok
03:03:09.0399 5080	volsnap - ok
03:03:09.0399 5080	vsmraid - ok
03:03:09.0415 5080	vwifibus - ok
03:03:09.0430 5080	vwififlt - ok
03:03:09.0446 5080	WacomPen - ok
03:03:09.0462 5080	WANARP - ok
03:03:09.0477 5080	Wanarpv6 - ok
03:03:09.0508 5080	Wd - ok
03:03:09.0508 5080	Wdf01000 - ok
03:03:09.0555 5080	WfpLwf - ok
03:03:09.0555 5080	WIMMount - ok
03:03:09.0602 5080	WmiAcpi - ok
03:03:09.0633 5080	ws2ifsl - ok
03:03:09.0664 5080	WudfPf - ok
03:03:09.0664 5080	WUDFRd - ok
03:03:09.0727 5080	MBR (0x1B8)     (ddc4773eef68ef7fac87cf9235395cab) \Device\Harddisk0\DR0
03:03:10.0226 5080	\Device\Harddisk0\DR0 - ok
03:03:10.0273 5080	Boot (0x1200)   (0b7917c20fe128bc0e3b3ee7d2b9c084) \Device\Harddisk0\DR0\Partition0
03:03:10.0273 5080	\Device\Harddisk0\DR0\Partition0 - ok
03:03:10.0335 5080	Boot (0x1200)   (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
03:03:10.0335 5080	\Device\Harddisk0\DR0\Partition1 - ok
03:03:10.0429 5080	Boot (0x1200)   (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
03:03:10.0429 5080	\Device\Harddisk0\DR0\Partition2 - ok
03:03:10.0429 5080	============================================================
03:03:10.0429 5080	Scan finished
03:03:10.0429 5080	============================================================
03:03:10.0617 4464	Detected object count: 0
03:03:10.0617 4464	Actual detected object count: 0
03:03:14.0552 6256	Deinitialize success

TDSSKiller.2.7.10.0_27.02.2012_23.11.34_log:

Code:

ATTFilter

 23:11:34.0118 1824	TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
23:11:40.0914 1824	Perform update action was selected
23:11:40.0925 5672	Deinitialize success

cosinus · 07.03.2012, 15:43

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

xan1m0rphx · 07.03.2012, 16:24

ComboFix durchrattern lassen!
Maus und tastertur nicht angerührt

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-07.03 - Manuel 07.03.2012  16:07:49.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4606.3248 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manuel\AppData\Local\assembly\tmp
c:\users\Manuel\AppData\Roaming\InstallDir
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\lARkr8tK0VXpuGMp8L.dat
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\lARkr8tK0VXpuGMp8L.xtr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))
.
.
2012-03-07 15:17 . 2012-03-07 15:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-07 05:30 . 2012-03-07 05:31	--------	d-----w-	c:\program files (x86)\Wireshark
2012-03-07 05:27 . 2012-03-07 05:27	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-03-07 05:27 . 2012-03-07 05:27	--------	d-----w-	c:\program files (x86)\Java
2012-03-07 05:05 . 2012-03-07 05:05	--------	d-----w-	c:\users\Manuel\AppData\Local\Secunia PSI
2012-03-07 05:05 . 2012-03-07 05:05	--------	d-----w-	c:\program files (x86)\Secunia
2012-03-07 04:57 . 2012-03-07 04:57	--------	d-----w-	c:\users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2012-03-07 04:57 . 2012-03-07 04:59	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-03-07 04:57 . 2012-03-07 04:57	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-03-07 03:31 . 2012-03-07 03:31	--------	d-----w-	C:\_OTL
2012-03-06 20:07 . 2012-03-06 20:07	--------	d-----w-	c:\program files (x86)\Screaming Bee
2012-03-06 14:34 . 2012-03-07 03:47	--------	d-----r-	C:\Javascript
2012-03-04 14:19 . 2012-03-04 14:19	--------	d-----w-	c:\users\Manuel\AppData\Local\Vitalwerks
2012-03-04 14:10 . 2012-03-04 14:10	--------	d-----w-	c:\program files (x86)\No-IP
2012-03-04 13:21 . 2012-03-04 13:21	--------	d-----w-	c:\program files (x86)\VirtualDJ
2012-03-04 12:38 . 2012-03-04 12:38	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 12:38 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-04 02:02 . 2012-03-04 02:02	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-03-03 18:37 . 2012-03-03 18:37	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Malwarebytes
2012-03-03 18:37 . 2012-03-03 18:37	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-03 11:21 . 2012-03-03 11:21	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-03-03 11:20 . 2012-03-03 11:20	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-03-03 03:54 . 2012-03-03 03:56	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Tunngle
2012-03-03 03:54 . 2012-03-03 03:54	--------	d-----w-	c:\programdata\Tunngle
2012-03-03 03:54 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2012-03-03 03:54 . 2012-03-03 03:56	--------	d-----w-	c:\program files (x86)\Tunngle
2012-03-03 02:52 . 2012-03-03 02:52	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-03-02 17:45 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2012-03-02 17:45 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2012-03-02 17:16 . 2012-03-02 17:16	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-03-02 17:15 . 2012-03-02 17:15	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-03-02 17:15 . 2012-03-06 17:37	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Winamp
2012-03-02 17:15 . 2012-03-02 17:16	--------	d-----w-	c:\program files (x86)\Winamp
2012-03-02 17:14 . 2012-03-02 17:15	--------	d-----w-	c:\program files\Virtual Audio Cable
2012-03-02 17:14 . 2012-03-02 17:14	66728	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2012-03-02 17:09 . 2009-09-10 06:28	311808	----a-w-	c:\windows\system32\msv1_0.dll
2012-03-02 17:09 . 2009-09-10 05:52	257024	----a-w-	c:\windows\SysWow64\msv1_0.dll
2012-03-02 16:30 . 2009-10-10 03:17	14336	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2012-03-02 16:30 . 2012-03-02 16:30	--------	d-----w-	c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-02 16:18 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-03-02 15:48 . 2012-03-04 02:22	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-03-02 15:10 . 2010-03-04 04:40	184832	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2012-03-02 15:10 . 2010-03-04 04:32	243712	----a-w-	c:\windows\system32\drivers\ks.sys
2012-03-02 15:08 . 2009-09-03 07:36	1975296	----a-w-	c:\windows\system32\CertEnroll.dll
2012-03-02 15:08 . 2009-09-03 07:04	1320960	----a-w-	c:\windows\SysWow64\CertEnroll.dll
2012-03-02 15:06 . 2012-01-14 04:02	3143168	----a-w-	c:\windows\system32\win32k.sys
2012-03-02 15:05 . 2010-07-29 06:30	82944	----a-w-	c:\windows\SysWow64\iccvid.dll
2012-03-02 15:04 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2012-03-02 14:53 . 2011-12-16 08:42	634368	----a-w-	c:\windows\system32\msvcrt.dll
2012-03-02 14:53 . 2011-12-16 07:59	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-03-02 14:51 . 2011-06-23 05:29	5507968	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-02 14:51 . 2011-06-23 04:38	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-02 14:51 . 2011-06-23 04:38	3902336	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-02 14:47 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-03-02 14:47 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-03-02 14:45 . 2009-12-29 08:03	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-02 14:45 . 2009-12-29 06:55	172032	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-02 14:45 . 2010-01-09 07:19	139264	----a-w-	c:\windows\system32\cabview.dll
2012-03-02 14:45 . 2010-01-09 06:52	132608	----a-w-	c:\windows\SysWow64\cabview.dll
2012-03-02 14:32 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DDF34F3-52EA-4A34-9495-2FF642A099B0}\mpengine.dll
2012-03-02 03:13 . 2009-06-18 11:55	18816	------w-	c:\windows\SysWow64\SAVRKBootTasks.sys
2012-03-02 01:32 . 2012-03-07 03:31	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-03-02 01:32 . 2012-03-03 04:39	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-03-02 01:21 . 2012-03-02 01:22	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Spamihilator
2012-03-02 01:20 . 2006-06-19 12:01	69632	----a-w-	c:\windows\SysWow64\ztvcabinet.dll
2012-03-02 01:20 . 2006-05-25 14:52	162304	----a-w-	c:\windows\SysWow64\ztvunrar36.dll
2012-03-02 01:20 . 2005-08-26 00:50	77312	----a-w-	c:\windows\SysWow64\ztvunace26.dll
2012-03-02 01:20 . 2003-02-02 19:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-03-02 01:20 . 2002-03-06 00:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-03-02 01:20 . 2012-03-02 11:24	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-03-02 01:20 . 2012-03-02 01:20	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Simply Super Software
2012-03-02 01:20 . 2012-03-02 01:20	--------	d-----w-	c:\programdata\Simply Super Software
2012-03-01 23:32 . 2012-03-02 00:53	--------	d-sh--r-	c:\users\Manuel\AppData\Roaming\MicroUpdate
2012-03-01 21:29 . 2012-03-01 21:29	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-03-01 21:28 . 2012-03-06 14:06	--------	d-----w-	c:\users\Manuel\AppData\Local\LogMeIn Hamachi
2012-03-01 16:11 . 2012-03-01 16:11	--------	d-----w-	c:\users\Manuel\AppData\Local\Downloaded Installations
2012-03-01 00:06 . 2012-03-01 00:06	--------	d-----w-	c:\program files (x86)\Midway Home Entertainment
2012-02-29 20:39 . 2012-02-29 22:09	--------	d-----w-	c:\users\Manuel\AppData\Roaming\DarknessII
2012-02-29 20:11 . 2012-03-04 19:09	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-02-29 19:14 . 2012-02-29 19:18	--------	d-----w-	c:\program files\Common Files\Adobe
2012-02-29 19:12 . 2012-02-29 19:12	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2012-02-29 19:09 . 2012-03-07 05:38	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-02-29 03:04 . 2012-02-29 03:04	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Serif
2012-02-29 02:59 . 2012-02-29 02:59	--------	d-----w-	c:\program files (x86)\Serif
2012-02-27 02:30 . 2012-03-01 20:05	--------	d-----w-	c:\users\Manuel\VirtualBox VMs
2012-02-27 02:16 . 2012-03-06 23:01	--------	d-----w-	c:\users\Manuel\.VirtualBox
2012-02-27 02:15 . 2011-12-19 12:45	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-02-27 02:14 . 2011-12-19 12:45	130864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-27 02:14 . 2012-02-27 02:14	--------	d-----w-	c:\program files\Oracle
2012-02-27 01:11 . 2012-02-27 01:11	--------	d-----w-	c:\program files (x86)\WinSCP
2012-02-26 20:19 . 2001-08-12 13:38	--------	d-----w-	c:\windows\system32\software.lc
2012-02-26 20:19 . 2001-07-13 10:59	32768	----a-w-	c:\windows\system32\UUDECODE.EXE
2012-02-26 20:19 . 1998-12-08 15:28	24576	----a-w-	c:\windows\system32\UUENCODE.EXE
2012-02-26 14:42 . 2012-02-26 14:42	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Canneverbe Limited
2012-02-26 14:42 . 2012-02-26 14:42	--------	d-----w-	c:\programdata\Canneverbe Limited
2012-02-26 14:42 . 2012-02-26 14:42	--------	d-----w-	c:\program files (x86)\CDBurnerXP
2012-02-24 21:42 . 2012-02-24 21:42	60	----a-w-	c:\users\Manuel\update.bat
2012-02-24 20:38 . 2012-02-25 00:49	--------	d-----w-	c:\program files (x86)\Valve
2012-02-24 08:38 . 2012-02-24 08:38	--------	d-----w-	c:\programdata\ATI
2012-02-24 08:21 . 2012-02-24 08:21	--------	d-----w-	C:\AMD
2012-02-24 08:16 . 2012-02-24 08:16	--------	d-----w-	c:\programdata\EA Core
2012-02-24 08:16 . 2012-02-24 10:04	--------	d-----w-	c:\programdata\EA Logs
2012-02-24 08:15 . 2012-02-24 08:15	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2012-02-24 08:13 . 2012-02-24 08:13	--------	d-----w-	c:\programdata\NVIDIA
2012-02-24 06:51 . 2012-03-02 01:11	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2012-02-24 01:27 . 2012-02-24 01:27	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Thunderbird
2012-02-24 01:27 . 2012-02-24 01:27	--------	d-----w-	c:\users\Manuel\AppData\Local\Thunderbird
2012-02-24 01:26 . 2012-02-24 01:26	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-02-23 22:41 . 2012-03-07 15:04	--------	d-----w-	c:\users\Manuel\AppData\Roaming\UseNeXT
2012-02-23 22:41 . 2012-02-23 22:41	--------	d-----w-	c:\program files (x86)\UseNeXT
2012-02-23 15:40 . 2012-02-23 15:40	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-02-23 04:42 . 2012-02-23 04:42	--------	d-----w-	c:\users\Manuel\AppData\Local\Apps
2012-02-23 04:42 . 2012-02-29 20:53	--------	d-----w-	c:\users\Manuel\AppData\Local\Deployment
2012-02-23 02:28 . 2012-02-24 10:30	--------	d-----w-	c:\users\Manuel\AppData\Roaming\FileZilla
2012-02-23 02:27 . 2012-02-23 02:28	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-02-22 22:05 . 2012-02-22 22:05	--------	d-----w-	c:\program files (x86)\Intelore
2012-02-22 21:00 . 2012-02-22 21:00	--------	d-----w-	c:\program files (x86)\OpenVPN
2012-02-22 02:32 . 2012-02-22 03:12	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-21 23:32 . 2012-02-21 23:32	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-21 23:32 . 2012-03-02 01:10	--------	d-----w-	c:\program files (x86)\DAEMON Tools Toolbar
2012-02-21 23:32 . 2012-02-21 23:33	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-02-21 20:25 . 2012-03-04 17:48	--------	d-----w-	c:\programdata\boost_interprocess
2012-02-21 20:10 . 2012-03-05 00:58	--------	d-----w-	c:\users\Manuel\AppData\Roaming\Screaming Bee
2012-02-21 20:10 . 2012-02-21 20:11	--------	d-----w-	c:\programdata\Screaming Bee
2012-02-21 20:08 . 2012-02-21 20:08	--------	d-----w-	c:\users\Manuel\AppData\Local\Windows Live
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 05:39 . 2012-01-28 16:12	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 05:27 . 2012-01-31 17:43	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-28 15:39 . 2012-01-31 19:32	282864	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-02-28 15:39 . 2012-01-31 19:28	282864	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-02-28 15:38 . 2012-01-31 19:28	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-02-24 09:52 . 2012-01-31 19:28	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-01-29 04:10 . 2012-01-28 15:29	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-28 16:56 . 2012-01-28 16:56	53248	----a-r-	c:\users\Manuel\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-18 05:44 . 2012-01-18 05:44	540960	----a-w-	c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 05:44 . 2012-01-18 05:44	545056	----a-w-	c:\windows\SysWow64\LVUI2.dll
2012-01-18 05:44 . 2012-01-18 05:44	561440	----a-w-	c:\windows\system32\LVUIRC64.dll
2012-01-18 05:44 . 2012-01-18 05:44	4865568	----a-w-	c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 05:44 . 2012-01-18 05:44	769312	----a-w-	c:\windows\system32\LVUI64.dll
2012-01-18 05:44 . 2012-01-18 05:44	351136	----a-w-	c:\windows\system32\drivers\lvrs64.sys
2012-01-18 05:44 . 2012-01-18 05:44	307488	----a-w-	c:\windows\SysWow64\lvcodec2.dll
2012-01-18 05:44 . 2012-01-18 05:44	263456	----a-w-	c:\windows\system32\lvco13311044.dll
2012-01-18 05:44 . 2012-01-18 05:44	176416	----a-w-	c:\windows\system32\lvcod64.dll
2012-01-18 05:44 . 2012-01-18 05:44	25632	----a-w-	c:\windows\system32\drivers\lvbflt64.sys
2012-01-18 05:44 . 2012-01-18 05:44	336408	----a-w-	c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44	336408	----a-w-	c:\windows\system32\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44	10920984	----a-w-	c:\windows\SysWow64\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44	10920984	----a-w-	c:\windows\system32\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44	104472	----a-w-	c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 05:44 . 2012-01-18 05:44	104472	----a-w-	c:\windows\system32\LogiDPPApp.exe
2011-12-19 12:45 . 2011-12-19 12:45	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 12:43 . 2011-12-19 12:43	320816	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 12:43 . 2011-12-19 12:43	165680	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-15 17:29 . 2011-12-15 17:29	31232	----a-w-	c:\windows\system32\drivers\tap0901.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84B.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 ArchiCrypt Sichere Loeschzonen;ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice;c:\program files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [2010-05-04 312032]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SASDIFSV
*Deregistered* - ArchiCryptInjector
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 10806816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Manuel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Manuel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\34nask8m.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 14823d1c00000000000000ffd3fc8b8d
FF - user.js: extensions.BabylonToolbar_i.hardId - 14823d1c00000000000000ffd3fc8b8d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15400
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\server\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
   5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
   e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7b,8a,a4,41,66,fa,cc,01
.
[HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\SecuROM\License information*]
"datasecu"=hex:61,3b,44,e9,3b,02,14,c3,02,f9,33,8d,06,9f,a0,44,04,ac,ea,91,f1,
   91,26,2f,95,50,95,34,ea,71,02,0e,a1,2c,52,4e,75,b3,cf,48,fa,25,3c,81,64,d1,\
"rkeysecu"=hex:f4,2d,bc,4e,07,00,56,80,ae,94,46,f3,cf,01,cc,35
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-07  16:20:49
ComboFix-quarantined-files.txt  2012-03-07 15:20
.
Vor Suchlauf: 11 Verzeichnis(se), 24.830.599.168 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.446.562.304 Bytes frei
.
- - End Of File - - 888849A5728AB6FC01524D307880250D

--- --- ---

cosinus · 07.03.2012, 16:31

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

xan1m0rphx · 07.03.2012, 16:46

ASWMbr logfiles:

Code:

ATTFilter

 aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 16:41:06
-----------------------------
16:41:06.971    OS Version: Windows x64 6.1.7600 
16:41:06.971    Number of processors: 4 586 0x202
16:41:06.973    ComputerName: UNKNOWN  UserName: Manuel
16:41:08.642    Initialize success
16:42:12.903    AVAST engine defs: 12030700
16:43:22.651    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:43:22.657    Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 11
16:43:22.675    Disk 0 MBR read successfully
16:43:22.679    Disk 0 MBR scan
16:43:22.686    Disk 0 unknown MBR code
16:43:22.698    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS               100 MB offset 2048
16:43:22.710    Disk 0 Partition 2 00     07    HPFS/NTFS            250354 MB offset 206848
16:43:22.738    Disk 0 Partition 3 00     07    HPFS/NTFS F™öcO*?\   206000 MB offset 512931840
16:43:22.749    Disk 0 Partition - 00     0F Extended LBA             20482 MB offset 934819840
16:43:22.769    Disk 0 scanning C:\Windows\system32\drivers
16:43:22.775    Service scanning
16:43:54.702    Modules scanning
16:43:54.712    Disk 0 trace - called modules:
16:43:54.746    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:43:54.763    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050f5060]
16:43:54.777    3 CLASSPNP.SYS[fffff88001dd143f] -> nt!IofCallDriver -> [0xfffffa80049afbf0]
16:43:54.793    5 ACPI.sys[fffff880017a8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004987680]
16:43:56.647    AVAST engine scan C:\Windows
16:43:56.682    AVAST engine scan C:\Windows\system32
16:43:56.703    AVAST engine scan C:\Windows\system32\drivers
16:43:56.719    AVAST engine scan C:\Users\Manuel
16:43:56.736    AVAST engine scan C:\ProgramData
16:43:56.754    Scan finished successfully
16:45:23.140    Disk 0 MBR has been saved successfully to "C:\Users\Manuel\Desktop\MBR.dat"
16:45:23.153    The log file has been saved successfully to "C:\Users\Manuel\Desktop\aswMBR.txt"

xan1m0rphx · 07.03.2012, 19:18

Eine frage nebenbei habe eben mal meinen Netzwerkmonitor beobachtet, in kaspersky.

Und hab folgenden Eintrag gefunden:
JRE-6U31-WINDOWS-I586.exe

Siehe anhang, hat das etwas zu bedeuten?

cosinus · 07.03.2012, 23:00

Zitat:

Siehe anhang, hat das etwas zu bedeuten?

Ist das Forum ein Ersatz-Google oder was hat das zu bedeuten?!
Einmal diesen Dateinamen bei Google und schon weiß jeder was das ist!

xan1m0rphx · 08.03.2012, 15:53

Ist es jetzt so schlimm das ich nachgefragt habe was das für eine .exe ist? o.O
Entschuldige das sie vill. einen schlechten tag hatten aber ich vertraue ihnen, deshalb fragte ich nacht dann Unterlasse ich dies nun.

Wie sieht es aus wegen den awmbr logs?
Und wie sehen die weiteren Schritte aus, sollte ich meine passwörter ändern?

07.03.2012, 15:05	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Exploit.Java.CVE-2011-3544.jy + Weitere Viren? Log vom TDSS-Killer liegt direkt auf C: - alles posten! __________________ Logfiles bitte immer in CODE-Tags posten

Exploit.Java.CVE-2011-3544.jy + Weitere Viren?

Log-Analyse und Auswertung: Exploit.Java.CVE-2011-3544.jy + Weitere Viren?