Rogue.MalwareDefense, Rootkit und Freund

Rattle07 · 30.01.2010, 14:01

PS: Dazu fällt mir ein, dass ich einen TDSS-Killer von der Kaspersky Website schon benutzt habe (gibt es davon mehrere Versionen? Ansonsten habei ich den nämlich tatsächlich schon benutzt, allerdings ohne start.bat!
Dennoch würde es mich interessieren, ob es eine Möglichkeit gibt, eine Recovery CD zu erstellen.

Chris4You · 01.02.2010, 08:50

Hi,
Boot-CD erstellen:
Am einfachsten geht dies über http://www.ubcd4win.com/, runterladen installieren und dann mit einer XP-CD (Installations-CD bzw. Recovery-CD [das gibt dann allerdings eine Warnung!])die Boot-CD erstellen (natürlich auf einem sauberen System!).
Vorteil dabei ist, dass die "Universal Boot CD für Windows" gleich Virenscanner und Tools an Board hat, mit denen man dann gleich loslegen kann.
Rootkits liegen nach dem Booten von CD "ungeschützt" auf der Platte (da sie ja nicht gestartet wurden) und können dann sehr einfach gesucht u.
gelöscht werden. Ein Remoteregistry-Editor steht ebenfalls zur Verfügung.

Schnellanweisung für XP:
Im Groben sieht das so aus;
UBCD runterladen, installieren, XP-CD auf die Festplatte kopieren (Speicherplatz beachten, es muss daraus dann nochmal eine ISO-Datei erstellt werden).
Erstelle auf Deinem Rechner ein Verzeichnis (C:\XPCD), kopiere dann den gesamten Inhalt der CD da rein (vorher im Explorer einschalten, dass alle versteckten Dateien etc. angezeigt und Systemdateien nicht ausgeblendet werden (damit auch alles kopiert werden kann)).
Ist die gesamte XP-CD kopiert, starte UBCD4WinBuilder.exe (Normalerweise im Verzeichnis C:\ubcd4win zu finden), Copyright etc. abnicken, "Search for Windows installation Files" -> No, im darauffolgenden Fenster "Source" ->C:\XPCD, Outputpath wie Du willst oder einfach so lassen, dann entweder für das spätere Brennen eine ISO-Datei erstellen lassen (dann einen Filenamen bei "Create ISO-Image" eingeben!), oder gleich eine leere DVD rein und direkt brennen lassen. "Custom" leer lassen. Dann Build auswählen... Nochmal MS-Copyright abnicken und es geht los.
Und nach ca. 0,5-1h haben wir eine Bootfertige Not-CD mit allem was man so braucht ;o)...

chris

Rattle07 · 01.02.2010, 08:58

Ha, Danke für die ausführliche Erklärung! Da ich aber keine Windows- oder Repair-CD mit dem Laptop geliefert bekommen habe, kann ich auch das selbst erstellte Image (mit dem Programm meines Laptops) zum Erstellen der Boot-CD benutzen oder kann er die Datein da nicht auslesen? Oder könnte ich alternativ - sofern ich ein sauberes System hätte - auch das Programm sie Systemdateien auslesen lassen und somit eine CD erstellen?

Zweite Frage: Noch mal zum TDSS Killer - ich hatte schon mal "einen" bei mir benutzt. Meine Frage war, ob es nur einen oder mehrere Versionen gibt - denn wenn ersteres zutrifft, kann vermutlich ohne bedenken noch mal den gewünschten Scan (inkl. Start.bat) machen.

Chris4You · 01.02.2010, 10:37

Hi,

wenn es ein Verzeichnis "i386" auf dem Rechner gibt, sollte es eigentlch funktionieren (die meisten Hersteller kopieren da die gesamten Inst.Dateien rein)...

Ausprobieren...
Sonst gibt es noch einige Möglichkeiten, hier im Forum Knoppix:
http://www.trojaner-board.de/75619-anleitung-erstellen-einer-knoppix-live-cd.html

Dr. Web-Live-CD
Lade Dir das Abbild (http://freedrweb.com/livecd) runter (jeweils die neuste Version, z. Z. ftp://ftp.drweb.com/pub/drweb/livecd/20091231042002/) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: http://www.freedrweb.com/livecd/how_it_works/

Es gibt neue Version vom TDDS-Killer, ggf. neu laufen lassen...

chris

Rattle07 · 01.02.2010, 14:23

Danke, werde demnächst mal probieren, eine Boot CD zu erstellen! Eine Knoppix CD habe ich glaube ich sogar schon mal erstellt.

Ich habe jetzt den TDSS Killer laufen lassen, hier das Ergebnis:

14:19:48:000 4064 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:19:48:000 4064 ================================================================================
14:19:48:000 4064 SystemInfo:

14:19:48:000 4064 OS Version: 5.1.2600 ServicePack: 3.0
14:19:48:000 4064 Product type: Workstation
14:19:48:000 4064 ComputerName: ACER-0C7D612F1B
14:19:48:000 4064 UserName: Tim
14:19:48:000 4064 Windows directory: C:\WINDOWS
14:19:48:000 4064 Processor architecture: Intel x86
14:19:48:000 4064 Number of processors: 2
14:19:48:000 4064 Page size: 0x1000
14:19:48:000 4064 Boot type: Normal boot
14:19:48:000 4064 ================================================================================
14:19:48:015 4064 UnloadDriverW: NtUnloadDriver error 2
14:19:48:015 4064 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:19:48:015 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:19:48:062 4064 UtilityInit: KLMD drop and load success
14:19:48:062 4064 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:19:48:062 4064 UtilityInit: KLMD open success
14:19:48:062 4064 UtilityInit: Initialize success
14:19:48:062 4064
14:19:48:062 4064 Scanning Services ...
14:19:48:062 4064 CreateRegParser: Registry parser init started
14:19:48:062 4064 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
14:19:48:062 4064 CreateRegParser: DisableWow64Redirection error
14:19:48:062 4064 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:19:48:062 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
14:19:48:062 4064 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:19:48:062 4064 wfopen_ex: Trying to KLMD file open
14:19:48:062 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
14:19:48:062 4064 wfopen_ex: File opened ok (Flags 2)
14:19:48:062 4064 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394958
14:19:48:062 4064 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:19:48:062 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
14:19:48:062 4064 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:19:48:062 4064 wfopen_ex: Trying to KLMD file open
14:19:48:062 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
14:19:48:062 4064 wfopen_ex: File opened ok (Flags 2)
14:19:48:062 4064 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394A00
14:19:48:062 4064 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
14:19:48:062 4064 CreateRegParser: EnableWow64Redirection error
14:19:48:062 4064 CreateRegParser: RegParser init completed
14:19:48:437 4064 GetAdvancedServicesInfo: Raw services enum returned 425 services
14:19:48:437 4064 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:19:48:437 4064 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:19:48:437 4064
14:19:48:437 4064 Scanning Kernel memory ...
14:19:48:437 4064 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:19:48:437 4064 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86F47EE0
14:19:48:437 4064 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
14:19:48:437 4064
14:19:48:437 4064 DetectCureTDL3: DEVICE_OBJECT: 86F61848
14:19:48:437 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F61848
14:19:48:437 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F61848[0x38]
14:19:48:437 4064 DetectCureTDL3: DRIVER_OBJECT: 86F47EE0
14:19:48:437 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F47EE0[0xA8]
14:19:48:437 4064 KLMD_ReadMem: Trying to ReadMemory 0xE17C5710[0x18]
14:19:48:437 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:19:48:437 4064 DetectCureTDL3: IrpHandler (0) addr: F75B8BB0
14:19:48:437 4064 DetectCureTDL3: IrpHandler (1) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (2) addr: F75B8BB0
14:19:48:437 4064 DetectCureTDL3: IrpHandler (3) addr: F75B2D1F
14:19:48:437 4064 DetectCureTDL3: IrpHandler (4) addr: F75B2D1F
14:19:48:437 4064 DetectCureTDL3: IrpHandler (5) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (6) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (7) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (8) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (9) addr: F75B32E2
14:19:48:437 4064 DetectCureTDL3: IrpHandler (10) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (11) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (12) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (13) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (14) addr: F75B33BB
14:19:48:437 4064 DetectCureTDL3: IrpHandler (15) addr: F75B6F28
14:19:48:437 4064 DetectCureTDL3: IrpHandler (16) addr: F75B32E2
14:19:48:437 4064 DetectCureTDL3: IrpHandler (17) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (18) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (19) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (20) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (21) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (22) addr: F75B4C82
14:19:48:437 4064 DetectCureTDL3: IrpHandler (23) addr: F75B999E
14:19:48:437 4064 DetectCureTDL3: IrpHandler (24) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (25) addr: 804F4562
14:19:48:437 4064 DetectCureTDL3: IrpHandler (26) addr: 804F4562
14:19:48:437 4064 TDL3_FileDetect: Processing driver: Disk
14:19:48:437 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:437 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:453 4064 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:19:48:453 4064
14:19:48:453 4064 DetectCureTDL3: DEVICE_OBJECT: 86F61C68
14:19:48:453 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F61C68
14:19:48:453 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F61C68[0x38]
14:19:48:453 4064 DetectCureTDL3: DRIVER_OBJECT: 86F47EE0
14:19:48:453 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F47EE0[0xA8]
14:19:48:453 4064 KLMD_ReadMem: Trying to ReadMemory 0xE17C5710[0x18]
14:19:48:453 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:19:48:453 4064 DetectCureTDL3: IrpHandler (0) addr: F75B8BB0
14:19:48:453 4064 DetectCureTDL3: IrpHandler (1) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (2) addr: F75B8BB0
14:19:48:453 4064 DetectCureTDL3: IrpHandler (3) addr: F75B2D1F
14:19:48:453 4064 DetectCureTDL3: IrpHandler (4) addr: F75B2D1F
14:19:48:453 4064 DetectCureTDL3: IrpHandler (5) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (6) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (7) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (8) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (9) addr: F75B32E2
14:19:48:453 4064 DetectCureTDL3: IrpHandler (10) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (11) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (12) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (13) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (14) addr: F75B33BB
14:19:48:453 4064 DetectCureTDL3: IrpHandler (15) addr: F75B6F28
14:19:48:453 4064 DetectCureTDL3: IrpHandler (16) addr: F75B32E2
14:19:48:453 4064 DetectCureTDL3: IrpHandler (17) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (18) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (19) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (20) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (21) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (22) addr: F75B4C82
14:19:48:453 4064 DetectCureTDL3: IrpHandler (23) addr: F75B999E
14:19:48:453 4064 DetectCureTDL3: IrpHandler (24) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (25) addr: 804F4562
14:19:48:453 4064 DetectCureTDL3: IrpHandler (26) addr: 804F4562
14:19:48:453 4064 TDL3_FileDetect: Processing driver: Disk
14:19:48:453 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:453 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:468 4064 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:19:48:468 4064
14:19:48:468 4064 DetectCureTDL3: DEVICE_OBJECT: 86F61030
14:19:48:468 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F61030
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F61030[0x38]
14:19:48:468 4064 DetectCureTDL3: DRIVER_OBJECT: 86F47EE0
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F47EE0[0xA8]
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0xE17C5710[0x18]
14:19:48:468 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:19:48:468 4064 DetectCureTDL3: IrpHandler (0) addr: F75B8BB0
14:19:48:468 4064 DetectCureTDL3: IrpHandler (1) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (2) addr: F75B8BB0
14:19:48:468 4064 DetectCureTDL3: IrpHandler (3) addr: F75B2D1F
14:19:48:468 4064 DetectCureTDL3: IrpHandler (4) addr: F75B2D1F
14:19:48:468 4064 DetectCureTDL3: IrpHandler (5) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (6) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (7) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (8) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (9) addr: F75B32E2
14:19:48:468 4064 DetectCureTDL3: IrpHandler (10) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (11) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (12) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (13) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (14) addr: F75B33BB
14:19:48:468 4064 DetectCureTDL3: IrpHandler (15) addr: F75B6F28
14:19:48:468 4064 DetectCureTDL3: IrpHandler (16) addr: F75B32E2
14:19:48:468 4064 DetectCureTDL3: IrpHandler (17) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (18) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (19) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (20) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (21) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (22) addr: F75B4C82
14:19:48:468 4064 DetectCureTDL3: IrpHandler (23) addr: F75B999E
14:19:48:468 4064 DetectCureTDL3: IrpHandler (24) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (25) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (26) addr: 804F4562
14:19:48:468 4064 TDL3_FileDetect: Processing driver: Disk
14:19:48:468 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:468 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:48:468 4064 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:19:48:468 4064
14:19:48:468 4064 DetectCureTDL3: DEVICE_OBJECT: 86F47808
14:19:48:468 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F47808
14:19:48:468 4064 DetectCureTDL3: DEVICE_OBJECT: 86F80730
14:19:48:468 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F80730
14:19:48:468 4064 DetectCureTDL3: DEVICE_OBJECT: 86F4F940
14:19:48:468 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4F940
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F4F940[0x38]
14:19:48:468 4064 DetectCureTDL3: DRIVER_OBJECT: 86F46E40
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0x86F46E40[0xA8]
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0xE10083F8[0x1A]
14:19:48:468 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:19:48:468 4064 DetectCureTDL3: IrpHandler (0) addr: F732E6F2
14:19:48:468 4064 DetectCureTDL3: IrpHandler (1) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (2) addr: F732E6F2
14:19:48:468 4064 DetectCureTDL3: IrpHandler (3) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (4) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (5) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (6) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (7) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (8) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (9) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (10) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (11) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (12) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (13) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (14) addr: F732E712
14:19:48:468 4064 DetectCureTDL3: IrpHandler (15) addr: F732A852
14:19:48:468 4064 DetectCureTDL3: IrpHandler (16) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (17) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (18) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (19) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (20) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (21) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (22) addr: F732E73C
14:19:48:468 4064 DetectCureTDL3: IrpHandler (23) addr: F7335336
14:19:48:468 4064 DetectCureTDL3: IrpHandler (24) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (25) addr: 804F4562
14:19:48:468 4064 DetectCureTDL3: IrpHandler (26) addr: 804F4562
14:19:48:468 4064 KLMD_ReadMem: Trying to ReadMemory 0xF732B864[0x400]
14:19:48:468 4064 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:19:48:468 4064 TDL3_FileDetect: Processing driver: atapi
14:19:48:468 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:48:468 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:48:484 4064 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
14:19:48:484 4064
14:19:48:484 4064 Completed
14:19:48:484 4064
14:19:48:484 4064 Results:
14:19:48:484 4064 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:19:48:484 4064 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:19:48:484 4064 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:19:48:484 4064
14:19:48:484 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:19:48:484 4064 UtilityDeinit: KLMD(ARK) unloaded successfully

Ist Dr. Web-Live-CD nach dem Log noch ratsam durchzuführen?

Chris4You · 01.02.2010, 14:40

Hi,

nein, sieht sauber aus!

chris

Rattle07 · 01.02.2010, 14:56

Sehr schön! Bin ich dann richtig, in der vorsichtigen Annahme, dass alles entfernt, bzw. sauber zu seinen scheint?!

Chris4You · 01.02.2010, 17:14

Hi,

joh! Was macht der Rechner? Noch Auswirkungen des Befalls zu sene?

chris

Rattle07 · 01.02.2010, 17:40

Nein, es scheint alles wieder i.O.

Rattle07 · 02.02.2010, 18:04

Tja, da meint man, wieder in Sicherheit zu sein und stellt fest, nein dem ist nicht so. Hier das Ergebnis einen MBAM Durchlaufes von eben gerade:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3679
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.02.2010 17:50:21
mbam-log-2010-02-02 (17-50-21).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 208653
Laufzeit: 39 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.

"Quarantined and deleted successfully" klingt zwar gut, aber ist ein weiterer Scan nötig, bzw. kann das noch voriger Infektion geschuldet sein?

Chris4You · 02.02.2010, 21:07

Hi,

das sollte ein Rest der Infektion sein, nicht "infektiös"...

Zur Sicherheit OTL:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

Rattle07 · 02.02.2010, 23:23

Zitat:

Zitat von Chris4You

Hi,

das sollte ein Rest der Infektion sein, nicht "infektiös"...

Hm, dennoch komisch, dass er erst jetzt erst entdeckt hat - ich hatte davor auch schon MBAM durchlaufen lassen, jedoch ohne Fund.

Hier OLT:

OTL logfile created on: 02.02.2010 23:17:05 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Dokumente und Einstellungen\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 654,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,82 Gb Total Space | 22,54 Gb Free Space | 31,38% Space Free | Partition Type: FAT32
Drive D: | 72,31 Gb Total Space | 24,29 Gb Free Space | 33,59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-0C7D612F1B
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Java\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programme\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (EmmaDevMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (EmmaUpdMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Programme\CyberLink\Shared Files\RichVideo.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LGII2CDevice) -- C:\Programme\LG Soft forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Programme\LG Soft forteManager\bin\I2CDriver.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\lib\deploy\jqs\ff [2009.10.07 23:05:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.04 16:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.04 16:44:26 | 000,000,000 | ---D | M]

[2009.10.04 17:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Extensions
[2009.10.04 17:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\s9ciewtv.default\extensions
[2010.01.31 23:44:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\s9ciewtv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.10.04 16:44:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.04 18:59:54 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.23 20:27:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.23 20:27:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.23 20:27:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.23 20:27:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.23 20:27:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254669372847 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.25 07:43:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2a249e1e-ceff-11de-bbff-0018de25344b}\Shell - "" = AutoRun
O33 - MountPoints2\{2a249e1e-ceff-11de-bbff-0018de25344b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46a59bf5-b1b0-11de-bbc1-0018de25344b}\Shell\abc\command - "" = F:\Instal~1\Start.exe -- File not found
O33 - MountPoints2\{46a59bf5-b1b0-11de-bbc1-0018de25344b}\Shell\AutoRun\command - "" = F:\Instal~1\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.02 23:15:59 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
[2010.02.02 19:56:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Tim\Recent
[2010.02.02 19:51:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Desktop\König der Löwen
[2010.02.02 19:51:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Desktop\Harvest
[2010.02.01 14:18:23 | 000,000,000 | ---D | C] -- C:\Programme\TDSS Killer
[2010.01.31 13:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Desktop\Das Dschungelbuch
[2010.01.28 14:53:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.01.28 14:53:45 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010.01.22 16:38:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.22 16:38:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.22 16:38:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes-Anti-Malware
[2010.01.22 15:46:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.22 15:45:12 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010.01.18 08:18:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\IrfanView
[2010.01.17 21:47:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2010.01.15 20:12:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Software
[2010.01.15 19:22:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\MakeDVDVideo
[2010.01.14 21:19:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Malwarebytes
[2010.01.14 21:19:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.01.14 18:41:34 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.01.06 23:26:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
[2009.10.17 15:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2009.10.08 23:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2006.08.25 07:26:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2006.08.25 07:26:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2006.08.25 07:11:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2006.08.25 07:11:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.02 23:16:34 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\Tim\NTUSER.DAT
[2010.02.02 23:16:14 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
[2010.02.02 19:56:22 | 000,002,378 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100202_195619.reg
[2010.02.02 19:41:08 | 000,000,454 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.02.02 19:40:34 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.02.02 19:40:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.02 19:40:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.02 19:39:56 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.02 19:38:16 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Tim\ntuser.ini
[2010.02.02 19:38:16 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.02.02 18:58:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.30 15:11:08 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.01.30 01:24:44 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1140580375-1501994220-3611913250-1006Core1ca881895a3de1c.job
[2010.01.29 16:39:14 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100129_163911.reg
[2010.01.29 16:39:00 | 000,014,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100129_163856.reg
[2010.01.23 20:14:40 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.23 19:25:48 | 000,001,284 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100123_192545.reg
[2010.01.09 21:57:32 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.07 23:17:28 | 000,000,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Desktop\Auslandspraktikum.lnk
[2010.01.07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.02 19:56:20 | 000,002,378 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100202_195619.reg
[2010.01.29 16:39:12 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100129_163911.reg
[2010.01.29 16:38:58 | 000,014,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100129_163856.reg
[2010.01.23 19:25:46 | 000,001,284 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Eigene Dateien\cc_20100123_192545.reg
[2010.01.07 23:17:27 | 000,000,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Desktop\Auslandspraktikum.lnk
[2010.01.02 13:33:41 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009.12.31 14:55:28 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\setup_ldm.iss
[2009.12.08 20:12:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.10.27 13:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JCMKR32.INI
[2009.10.05 13:47:27 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.04 20:09:46 | 000,000,341 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2009.10.04 20:00:24 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.04 16:29:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009.10.04 16:26:43 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009.10.04 16:21:59 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.10.04 16:12:23 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.10.04 16:05:07 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2006.08.29 23:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.25 07:43:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006.08.25 07:42:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006.08.25 07:42:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006.08.25 07:42:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006.08.25 07:42:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006.06.19 11:59:24 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006.06.16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006.06.12 16:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.06.12 16:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.06.12 16:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.12 16:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.06.12 16:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.03.10 14:15:44 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.12.27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005.12.27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005.12.27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.10.31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.03.28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005.02.17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.12.17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
< End of report >

Rattle07 · 02.02.2010, 23:24

Und OLT 2:

OTL Extras logfile created on: 02.02.2010 23:17:05 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Dokumente und Einstellungen\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 654,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,82 Gb Total Space | 22,54 Gb Free Space | 31,38% Space Free | Partition Type: FAT32
Drive D: | 72,31 Gb Total Space | 24,29 Gb Free Space | 33,59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-0C7D612F1B
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\VLC Player\VLC\vlc.exe" = C:\Programme\VLC Player\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A157AC1C-DF44-481A-81E7-17AE00239818}" = Logitech Z-series Software 1.04
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AxCrypt" = AxCrypt (Nur Entfernen)
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ePresentation" = Acer ePresentation Management
"foobar2000" = foobar2000 v0.9.6.8
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Logitech® Camera-Treiber
"SEMC OMSI Module" = SEMC OMSI Module
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.02.2010 14:18:28 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:19:56 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:23:51 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:23:56 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:23:56 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:23:56 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:24:01 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:32:11 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

Error - 02.02.2010 14:36:06 | Computer Name = ACER-0C7D612F1B | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 02.02.2010 14:56:48 | Computer Name = ACER-0C7D612F1B | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 22.01.2010 12:23:24 | Computer Name = ACER-0C7D612F1B | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 22.01.2010 12:23:51 | Computer Name = ACER-0C7D612F1B | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 23.01.2010 13:42:03 | Computer Name = ACER-0C7D612F1B | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 23.01.2010 13:42:25 | Computer Name = ACER-0C7D612F1B | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 23.01.2010 14:24:46 | Computer Name = ACER-0C7D612F1B | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_LRGEGS\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.

Error - 24.01.2010 09:30:40 | Computer Name = ACER-0C7D612F1B | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0018DE25344B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 24.01.2010 09:43:43 | Computer Name = ACER-0C7D612F1B | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0018DE25344B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 29.01.2010 14:44:00 | Computer Name = ACER-0C7D612F1B | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0018DE25344B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 02.02.2010 12:59:07 | Computer Name = ACER-0C7D612F1B | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.

Error - 02.02.2010 12:59:56 | Computer Name = ACER-0C7D612F1B | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

< End of report >

Chris4You · 03.02.2010, 08:45

Hi,

gibt es eigentlich Startprobleme? Eine Reihe von Treibern kann ab- und an nicht geladen werden...

Folgende versteckte Datein bitte online prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\WINDOWS\System32\NTIBUN4.dll
C:\WINDOWS\System32\NTIMPEG2.dll
C:\WINDOWS\System32\NTIMP3.dll
C:\WINDOWS\System32\NTIFCD3.dll
C:\WINDOWS\System32\NTICDMK7.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Lass auch bitte noch mal GMER laufen...

chris

Rattle07 · 03.02.2010, 09:13

Zitat:

* Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Was ist damit gemeint?
Es gibt egtl keine Startprobleme, nur ab und zu kommt sobald der PC hochgefahren ist, ein USB-Geräusch Stakkato - vielleicht die Treiber? Kann man da was machen?

Hier die files:

Code:

ATTFilter

 File NTIBUN4.dll received on 2010.02.03 08:01:31 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	-
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3803	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
Jiangmin	13.0.900	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	-
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	-
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-
Additional information
File size: 1024 bytes
MD5...: fc0aa85226d113ab01ed2b886d807456
SHA1..: 4616270dee57b409bcee5a5590a7d6c9736bcf5f
SHA256: 7d980b2bb38615161e77d69f1c219c85aaceab982643a936ce83d6c5a2c6791d
ssdeep: 3:LQK20iLn2wCUkaIM302A0s1DBXTzg//Ky076ur/WSHKGKtF6CCtK5lhRR6yeTK
GU:aBdX40sHX/WKJm
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Unknown!

Code:

ATTFilter

 File NTIMPEG2.dll received on 2010.02.03 08:04:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 12.
Estimated start time is between 140 and 200 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	-
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3803	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	-
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	-
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-
Additional information
File size: 1024 bytes
MD5...: 0837842417d0402a961d854bd0aafece
SHA1..: 8276b9246156dc08e22a852a26720ea8945df82d
SHA256: 4cc8a6ecd666eb7fbe1e94fe77c6d61eced9df09a3e2db6142fd96aacea44a1f
ssdeep: 3:I/AgifiBmM6Gii6oqWRKWGk7I33Sp75TiO4yD0y2SI+n8GKdxOZGz02SI+n8GK
dE:IAgzBzBiBWGyfp1ia1
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Code:

ATTFilter

 File NTIMP3.dll received on 2010.02.03 08:06:38 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 60 and 85 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	-
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3803	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
Jiangmin	13.0.900	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	-
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	-
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-
Additional information
File size: 1024 bytes
MD5...: 92232b2cab11924ff7864baed280e4dc
SHA1..: 91f17d35c4970a74070c2b1b8c4d5d993201226c
SHA256: 14711f69a15e484e04d6ce11cc001cc842dcc8c56f7d1a006eaf0a6b6ff9af4f
ssdeep: 3:prwBORyuR2Y+Fiiyr+Nj5pz6wIv7G6c/DByDKyrx25dM6WA4CGP25dM6WA4CGP
2m:IOUFTYRr+x/OwIzcVyDKyb
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Unknown!

Code:

ATTFilter

 File NTIFCD3.dll received on 2010.02.03 08:09:37 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 60 and 85 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	-
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3803	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
Jiangmin	13.0.900	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	-
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	-
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-
Additional information
File size: 1024 bytes
MD5...: 4a142d47b54bd2a3883fb370d633d210
SHA1..: cdad17074ac76b8d1c35d16025890d8cabac188b
SHA256: 701c1e97772478c62822d08a2c3af9a74be3770474bfd92c38d274ebb6cd6818
ssdeep: 3:ySD0+hiPIFYws36Aa00qv58XOo3mY3l/crN1HoOufEdKF+6R6l4XFS/updEdKF
+g:ySoRIFYws3BTiZWyG7U
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Code:

ATTFilter

 File NTICDMK7.dll received on 2010.02.03 08:11:35 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 11.
Estimated start time is between 110 and 157 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.50	2010.02.03	-
AhnLab-V3	5.0.0.2	2010.02.03	-
AntiVir	7.9.1.156	2010.02.02	-
Antiy-AVL	2.0.3.7	2010.02.02	-
Authentium	5.2.0.5	2010.02.03	-
Avast	4.8.1351.0	2010.02.02	-
AVG	9.0.0.730	2010.02.02	-
BitDefender	7.2	2010.02.03	-
CAT-QuickHeal	10.00	2010.02.03	-
ClamAV	0.96.0.0-git	2010.02.03	-
Comodo	3803	2010.02.03	-
DrWeb	5.0.1.12222	2010.02.03	-
eSafe	7.0.17.0	2010.02.02	-
eTrust-Vet	35.2.7278	2010.02.03	-
F-Prot	4.5.1.85	2010.02.01	-
F-Secure	9.0.15370.0	2010.02.03	-
Fortinet	4.0.14.0	2010.02.03	-
GData	19	2010.02.03	-
Ikarus	T3.1.1.80.0	2010.02.03	-
Jiangmin	13.0.900	2010.02.03	-
K7AntiVirus	7.10.963	2010.02.02	-
Kaspersky	7.0.0.125	2010.02.03	-
McAfee	5880	2010.02.02	-
McAfee+Artemis	5880	2010.02.02	-
McAfee-GW-Edition	6.8.5	2010.02.02	-
Microsoft	1.5406	2010.02.03	-
NOD32	4830	2010.02.03	-
Norman	6.04.03	2010.02.02	-
nProtect	2009.1.8.0	2010.02.03	-
Panda	10.0.2.2	2010.02.02	-
PCTools	7.0.3.5	2010.02.03	-
Prevx	3.0	2010.02.03	-
Rising	22.33.02.03	2010.02.03	-
Sophos	4.50.0	2010.02.03	-
Sunbelt	3.2.1858.2	2010.02.03	-
TheHacker	6.5.1.0.177	2010.02.03	-
TrendMicro	9.120.0.1004	2010.02.03	-
VBA32	3.12.12.1	2010.02.02	-
ViRobot	2010.2.3.2169	2010.02.03	-
VirusBuster	5.0.21.0	2010.02.02	-
Additional information
File size: 1024 bytes
MD5...: 3faca33fb4e9e446158af522fc3e9310
SHA1..: c4479db2d28b21df3e87012ff1c41cfd631141b4
SHA256: 58d8f340cd2838fa3fa94b7900fcfd71308395078dc81140033d8fe9725a7c32
ssdeep: 3:DrEaMlj/3MqZa+5uDMyzIirJ3oervvqr+SFkSuv1w1ibaFBSWUKhCu7ogBFBSW
UO:VYEqkQuD3YGvyr+SWdvK
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Unknown!

Rogue.MalwareDefense, Rootkit und Freund

Plagegeister aller Art und deren Bekämpfung: Rogue.MalwareDefense, Rootkit und Freund