Real Upgrade Logon TaskS-1-5-21.... Hallo, Nach Beenden des Internet-Explorers erscheint eine Meldung vom Anti-Viren-Programm, daß der "Real Upgrade Logon TaskS1-5-21..." eine Verhaltensänderung an meinem System vornehmen möchte. Diesen Vorgang kann ich jedesmal verbieten, gehe aber davon aus, daß im Hintergrund irgendein Schadprogramm tätig ist. Nach einigem Suchen fand ich auf dieser Seite die OSAM-Software. Das Resultat des Scans dieser Software stelle ich in diesen Beitrag, in der Hoffnung, daß mir jemand weiterhelfen kann. Im Vorfeld vielen Dank. Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:59:52 on 30.10.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "PavCPL" - ? - C:\WINDOWS\system32\pavcpl.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Antwort für Verbindungsschicht-Topologieerkennung" (rspndr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rspndr.sys "AVM FRITZ!web PPP over ISDN" (NETFRITZ) - ? - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS (File found, but it contains no detailed information) "BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cinemsup" (Cinemsup) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\Cinemsup.sys "G DATA Rootkit Detector Driver" (GRD) - "G DATA Software" - C:\WINDOWS\system32\drivers\GRD.sys "GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys "GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys "Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\WINDOWS\system32\drivers\Haspnt.sys "HookCentre" (HookCentre) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys (File not found) "InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys "Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys "MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS "MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PEI10 Protokoll Treiber" (Pei10Wdm) - "EIBA s.c." - C:\WINDOWS\System32\Drivers\Pei10Wdm.sys "PEI16 Protokoll Treiber" (Pei16Wdm) - "EIBA s.c." - C:\WINDOWS\System32\Drivers\Pei16Wdm.sys "PORTMON" (PORTMON) - ? - C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\Portmon\PORTMSYS.SYS (File not found) "RkHit" (RkHit) - ? - C:\WINDOWS\system32\drivers\RKHit.sys (File not found) "Sentinel" (Sentinel) - "SafeNet, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS "SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys "SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042mou.Sys "SSIPDDP Parallel port device driver" (SSIPDDP) - ? - C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS "TechniSat DVB-PC TV Star PCI" (SKYNET) - "B2C2, Inc." - C:\WINDOWS\System32\DRIVERS\SkyNET.SYS "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} "DIALux 2.0 ArchivProtocol Class" - "DIAL GmbH, Germany" - C:\Programme\DIALux\DLXToolBox.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell-Erweiterungskomponente" - ? - C:\Programme\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) DIALux Doc ShellExtension "{7889C2D5-D128-43e2-A8D8-A7590A12C8B3}" - ? - (File not found | COM-object registry key not found) DIALux LumFile ShellExtension "{7EFFF3DD-71B3-11D4-A25E-005056DCFB89}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "BitDefender QuickScan Control" - "BitDefender LLC" - C:\WINDOWS\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll (File found, but it contains no detailed information) <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} "DIALux 3.1 ULDBrowserHelper Class" - "DIAL GmbH, Germany" - C:\Programme\DIALux\DLXShellExtension.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\G DATA\AntiVirus\Webfilter\AVKWebIE.dll (File found, but it contains no detailed information) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "ISDNWatch.lnk" - "AVM Berlin" - C:\Programme\FRITZ!\IWatch.exe (Shortcut exists | File exists) "Pervasive.SQL Workgroup Engine.lnk" - "Pervasive Software Inc." - C:\PVSW\bin\w3dbsmgr.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Volker Stelzl\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "FRITZ!fax (2).lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFax32.exe (Shortcut exists | File exists) "FRITZ!fon (2).lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFon32.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe" "NokiaOviSuite2" - "Nokia" - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "ATICCC" - ? - "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" (File found, but it contains no detailed information) "ControlCenter2.0" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun "G DATA AntiVirus Trayapplication" - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVKTray\AVKTray.exe "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "IndexSearch" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup "OSSelectorReinstall" - ? - C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe (File found, but it contains no detailed information) "PaperPort PTD" - "ScanSoft, Inc." - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SHIWebOnDiskManager" - "SHI Elektronische Medien GmbH" - "C:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" "SoundMAX" - "Analog Devices, Inc." - "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray "SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "c:\programme\real\realplayer\update\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "CPW Monitor" - ? - C:\WINDOWS\system32\cute2mon2k.dll (File found, but it contains no detailed information) "CUSTPDF Writer Monitor x86" - ? - C:\WINDOWS\system32\custmon32.dll (File found, but it contains no detailed information) "FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll "FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll "PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AntiVirus Wächter" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVK\AVKWCtl.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "DIAL Communication Service" (DialComService) - ? - C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "G DATA AntiVirus Proxy" (AVKProxy) - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe "G DATA Scheduler" (AVKService) - "G DATA Software AG" - C:\Programme\G DATA\AntiVirus\AVK\AVKService.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "Sentinel Security Runtime" (SentinelSecurityRuntime) - "SafeNet, Inc." - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe "TVG OnlineUpdate-Service" (TVGOnlineUpdateSvc) - ? - C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
|
Hallo, Vielen Dankfür Deine schnelle Nachricht. Habe ie beschriebenen scans ausgeführt und poste nun die Auswertungen: 1. Malware Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8048 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.10.2011 23:32:35 mbam-log-2011-10-30 (23-32-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 511068 Laufzeit: 1 Stunde(n), 10 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\volker stelzl\eigene dateien\es\downloads\EIB\ETS3\Ets30f\ets3prosetup.exe (Heuristics.Shuriken) -> No action taken. 2. ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=939252d6b0f4144789847f7c7a0455be # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-31 01:29:32 # local_time=2011-10-31 02:29:32 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1536 16777215 100 0 97939071 97939071 0 0 # compatibility_mode=4097 16774821 100 96 55686659 326445878 85182 0 # compatibility_mode=8192 67108863 100 0 3702 3702 0 0 # scanned=305151 # found=7 # cleaned=7 # scan_time=10191 C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38\5e68cae6-61e5c803 a variant of Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\Volker Stelzl\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\270a1575-22e09a49 Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{EFB9D89B-79F0-4699-BB1E-99C2FB1DD514}\RP1484\A0213343.exe a variant of Win32/Foxferi.A trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{EFB9D89B-79F0-4699-BB1E-99C2FB1DD514}\RP1488\A0213750.sys Win32/Adware.SpywareCease application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{EFB9D89B-79F0-4699-BB1E-99C2FB1DD514}\RP1488\A0213755.dll a variant of Win32/Adware.SpywareCease.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{EFB9D89B-79F0-4699-BB1E-99C2FB1DD514}\RP1488\A0213758.exe Win32/Adware.SpywareCease application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{EFB9D89B-79F0-4699-BB1E-99C2FB1DD514}\RP1488\A0213762.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C Viele Grüße Volker |
Zitat:
|
Liste der Anhänge anzeigen (Anzahl: 1) Hallo, nach einem erneuten Scan mit Malware habe ich zwei fehlerhafte Dateien entfernen lassen. Das Problem beim Schließen des Internetexplorers besteht aber weiter. Ich habe einen Screenshot der Meldung beigefügt. Außerdem habe ich die log-Datei nach Abschluß des Löschvorgangs von Malware beigefügt. Nach dem Löschen wurde der Rechner neu gestartet. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8050 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31.10.2011 17:07:54 mbam-log-2011-10-31 (17-07-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 511799 Laufzeit: 1 Stunde(n), 13 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\volker stelzl\eigene dateien\es\downloads\EIB\ETS3\Ets30f\ets3prosetup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. |
Zitat:
|
c:\dokumente und einstellungen\volker stelzl\eigene dateien\es\downloads\EIB\ETS3\Ets30f\ets3prosetup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. Bei der betreffenden Datei handelt es sich einen Download, der sich schon lange Jahre auf dem Rechner befindet. Es ist eine Installationsdatei einer Software zur Inbetriebnahme Elektrotechnischer Hausinstallationen in EIB-Technik. Ich habe das gesamte Verzeichnis bereits gelöscht. Wurde nicht mehr benötigt und wundert mich eigentlich, dass dort ein Fehler vorhanden war. |
Beantwortet meine Frage nach der Quelle aber nicht. |
Wenn Du mit Quelle den Herausgeber der Sotfware meinst, dann: KNX Association, Brussels Belgium |
Nein. Ich will wissen woher die Datei kommt |
Diese Datei stammte aus einem Download eines Servers des vorgenannten Herausgebers. Der Download musste damals entpackt werden. Die originale zip-Datei habe ich noch. Sie stammt vom 29.06.2009 und hat eine Größe von 162MB. |
Dann ist das wohl ein Fehlalarm wenn du diese Datei von der Herstellerseite hast. |
Die entpackten Dateien habe ich , wie schon gesagt, bereits gelöscht. Konntest Du den Sreenshot (als .jpg beigefügt) öffnen? |
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
Hallo Arne, habe die Scans durchgeführt; mit folgenden Ergebnis: (2 Reporte) zunächst der erste Report:OTL Logfile: Code: OTL logfile created on: 31.10.2011 22:26:24 - Run 1 |
Hallo Arne, hier die zweite log-Datei nach dem Scan:OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 31.10.2011 22:26:24 - Run 1 |
Zitat:
Zitat:
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung. |
Hallo Arne, den angesprochene Proxy kenne ich nicht. Ich weiß ehrlich gesagt auch gar nicht, was das bedeutet. Ich denke mal, daß darüber der Datenverkehr zwischen PC und Internet gesteuert wird, oder so. Ich bin dabei unnütze Anwendungen zu entfernen. |
Ok, dann wie wie oben nochmal auf die gleiche Art und Weise ein neues OTL-Log |
Hallo Arne, habe ein neues OTL-log angefertigt:OTL Logfile: Code: OTL logfile created on: 01.11.2011 21:05:51 - Run 2 |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTL Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Hallo Arne, hatte jetzt erst die Zeit, deine beschriebenen Funktionen auszuführen. hier das Resultat: (Meldung erscheint immer noch) All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Corel Reminder deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e2fbedf-da59-11dd-99e8-001e8c7097c6}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe CAROLIN.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3633c595-d387-11df-9ca1-001e8c7097c6}\ not found. File G:\BKCD.exe not found. ADS C:\WINDOWS\System32\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\WINDOWS\MBC-Logo.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\Strbeldobb1.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\IMG_3119.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\DSC00155.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan1.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ADS C:\Dokumente und Einstellungen\Volker Stelzl\Eigene Dateien\plan2.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 115654 bytes User: Administrator.PC_STELZL ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 98979 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 43179678 bytes User: Stelzel User: Stelzl ->Temp folder emptied: 103535571 bytes ->Temporary Internet Files folder emptied: 18206537 bytes ->Java cache emptied: 15252 bytes ->Flash cache emptied: 348 bytes User: Volker Stelzl ->Temp folder emptied: 511699822 bytes ->Temporary Internet Files folder emptied: 570334081 bytes ->Java cache emptied: 27064802 bytes ->Apple Safari cache emptied: 883712 bytes ->Flash cache emptied: 12981 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 485681 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10572647 bytes RecycleBin emptied: 2354161865 bytes Total Files Cleaned = 3.472,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11052011_121247 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\Volker Stelzl\Lokale Einstellungen\Temp\WCESLog.log moved successfully. C:\WINDOWS\temp\cteng_17_1_11320320384.dat moved successfully. C:\WINDOWS\temp\cteng_17_1_21320078867.dat moved successfully. C:\WINDOWS\temp\cteng_17_1_31320350422.dat moved successfully. C:\WINDOWS\temp\cteng_17_1_41320487215.dat moved successfully. C:\WINDOWS\temp\cteng_17_1_51319968811.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_11320447623.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_21320440420.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_31318795212.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_41320421556.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_51320421200.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_61320467915.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_71320421409.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_81320421331.dat moved successfully. C:\WINDOWS\temp\cteng_17_2_91320472814.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_101320380208.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_111319552172.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_121318853260.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_131320321239.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_151316951786.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_161316951935.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_311320253907.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_441320440182.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_451317204030.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_471320259895.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_61316951534.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_71320349201.dat moved successfully. C:\WINDOWS\temp\cteng_1_1_81320177199.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_101320386423.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_11318031148.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_121320476422.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_131320432716.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_141316952061.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_151320327176.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_161320454812.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_171320017330.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_181320451220.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_191316951754.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_201320361221.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_211316951173.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_21320440422.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_221317186677.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_241320414561.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_261320264006.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_281318872170.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_311316951790.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_331318014006.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_341320379220.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_361318344979.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_401317887256.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_41318906807.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_51320333409.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_551320311114.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_581319629495.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_611320469221.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_61316952014.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_631320433219.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_651320078747.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_671319925182.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_681320270876.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_71320260410.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_731320174596.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_741317178833.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_791320399317.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_801316951936.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_81320246635.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_921316951154.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_931320375617.dat moved successfully. C:\WINDOWS\temp\cteng_1_2_941316951814.dat moved successfully. C:\WINDOWS\temp\cteng_3_2_11316951733.dat moved successfully. C:\WINDOWS\temp\cteng_8_2_11316951329.dat moved successfully. C:\WINDOWS\temp\cteng_8_2_21316952017.dat moved successfully. File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot... |
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif |
Hallo Arne, hier das Ergebmis nach dem Scanvorgang von Kaspersky 10:17:13.0671 2716 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49 10:17:13.0843 2716 ============================================================ 10:17:13.0843 2716 Current date / time: 2011/11/07 10:17:13.0843 10:17:13.0843 2716 SystemInfo: 10:17:13.0843 2716 10:17:13.0843 2716 OS Version: 5.1.2600 ServicePack: 3.0 10:17:13.0843 2716 Product type: Workstation 10:17:13.0859 2716 ComputerName: PC_STELZL 10:17:13.0859 2716 UserName: Volker Stelzl 10:17:13.0859 2716 Windows directory: C:\WINDOWS 10:17:13.0859 2716 System windows directory: C:\WINDOWS 10:17:13.0859 2716 Processor architecture: Intel x86 10:17:13.0859 2716 Number of processors: 2 10:17:13.0859 2716 Page size: 0x1000 10:17:13.0859 2716 Boot type: Normal boot 10:17:13.0859 2716 ============================================================ 10:17:14.0062 2716 Initialize success 10:17:32.0187 4344 ============================================================ 10:17:32.0187 4344 Scan started 10:17:32.0187 4344 Mode: Manual; SigCheck; TDLFS; 10:17:32.0187 4344 ============================================================ 10:17:32.0453 4344 Abiosdsk - ok 10:17:32.0453 4344 abp480n5 - ok 10:17:32.0484 4344 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:17:33.0718 4344 ACPI - ok 10:17:33.0781 4344 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:17:33.0921 4344 ACPIEC - ok 10:17:33.0953 4344 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys 10:17:34.0000 4344 ADIHdAudAddService - ok 10:17:34.0015 4344 adpu160m - ok 10:17:34.0031 4344 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 10:17:34.0062 4344 AEAudio - ok 10:17:34.0093 4344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:17:34.0203 4344 aec - ok 10:17:34.0234 4344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:17:34.0265 4344 AFD - ok 10:17:34.0281 4344 Aha154x - ok 10:17:34.0296 4344 aic78u2 - ok 10:17:34.0296 4344 aic78xx - ok 10:17:34.0312 4344 AliIde - ok 10:17:34.0343 4344 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 10:17:34.0375 4344 AmdK8 - ok 10:17:34.0390 4344 amsint - ok 10:17:34.0406 4344 asc - ok 10:17:34.0406 4344 asc3350p - ok 10:17:34.0421 4344 asc3550 - ok 10:17:34.0453 4344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:17:34.0546 4344 AsyncMac - ok 10:17:34.0578 4344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:17:34.0671 4344 atapi - ok 10:17:34.0687 4344 Atdisk - ok 10:17:34.0781 4344 ati2mtag (6733656c24f4c6a29317c3dd9ac5980a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:17:34.0906 4344 ati2mtag - ok 10:17:34.0921 4344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:17:35.0015 4344 Atmarpc - ok 10:17:35.0046 4344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:17:35.0156 4344 audstub - ok 10:17:35.0203 4344 AVMCOWAN (0bcb6b3df2e248c8e8f2ffc6f58d1341) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys 10:17:35.0234 4344 AVMCOWAN - ok 10:17:35.0265 4344 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys 10:17:35.0375 4344 AVMWAN - ok 10:17:35.0406 4344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:17:35.0515 4344 Beep - ok 10:17:35.0546 4344 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys 10:17:35.0562 4344 BrPar ( UnsignedFile.Multi.Generic ) - warning 10:17:35.0562 4344 BrPar - detected UnsignedFile.Multi.Generic (1) 10:17:35.0578 4344 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 10:17:35.0687 4344 BthEnum - ok 10:17:35.0718 4344 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 10:17:35.0843 4344 BTHMODEM - ok 10:17:35.0859 4344 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 10:17:35.0968 4344 BthPan - ok 10:17:36.0000 4344 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys 10:17:36.0046 4344 BTHPORT - ok 10:17:36.0062 4344 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 10:17:36.0156 4344 BTHUSB - ok 10:17:36.0187 4344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:17:36.0312 4344 cbidf2k - ok 10:17:36.0312 4344 cd20xrnt - ok 10:17:36.0328 4344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:17:36.0453 4344 Cdaudio - ok 10:17:36.0468 4344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:17:36.0562 4344 Cdfs - ok 10:17:36.0578 4344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:17:36.0671 4344 Cdrom - ok 10:17:36.0687 4344 Changer - ok 10:17:36.0718 4344 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys 10:17:36.0718 4344 Cinemsup ( UnsignedFile.Multi.Generic ) - warning 10:17:36.0718 4344 Cinemsup - detected UnsignedFile.Multi.Generic (1) 10:17:36.0734 4344 CmdIde - ok 10:17:36.0750 4344 Cpqarray - ok 10:17:36.0765 4344 dac2w2k - ok 10:17:36.0781 4344 dac960nt - ok 10:17:36.0796 4344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:17:36.0906 4344 Disk - ok 10:17:36.0953 4344 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 10:17:37.0062 4344 dmboot - ok 10:17:37.0078 4344 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 10:17:37.0171 4344 dmio - ok 10:17:37.0187 4344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:17:37.0296 4344 dmload - ok 10:17:37.0312 4344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:17:37.0406 4344 DMusic - ok 10:17:37.0421 4344 dpti2o - ok 10:17:37.0437 4344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:17:37.0546 4344 drmkaud - ok 10:17:37.0578 4344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:17:37.0671 4344 Fastfat - ok 10:17:37.0687 4344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:17:37.0812 4344 Fdc - ok 10:17:37.0828 4344 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 10:17:37.0921 4344 Fips - ok 10:17:37.0937 4344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:17:38.0031 4344 Flpydisk - ok 10:17:38.0046 4344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:17:38.0140 4344 FltMgr - ok 10:17:38.0187 4344 fpcibase (25baa9e7e21ca204b3202637c4f0d44e) C:\WINDOWS\system32\DRIVERS\fpcibase.sys 10:17:38.0265 4344 fpcibase - ok 10:17:38.0281 4344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:17:38.0390 4344 Fs_Rec - ok 10:17:38.0390 4344 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:17:38.0500 4344 Ftdisk - ok 10:17:38.0531 4344 GDMnIcpt (9a58148406e1bb4a2265b84320dedc2b) C:\WINDOWS\system32\drivers\MiniIcpt.sys 10:17:38.0562 4344 GDMnIcpt - ok 10:17:38.0593 4344 GDTdiInterceptor (e6d8269ee03119fa4c54b7b59d9699bf) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 10:17:38.0609 4344 GDTdiInterceptor - ok 10:17:38.0625 4344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 10:17:38.0640 4344 GEARAspiWDM - ok 10:17:38.0671 4344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:17:38.0765 4344 Gpc - ok 10:17:38.0796 4344 GRD (aaea50a15f0e0b0e92848dbfdc072ece) C:\WINDOWS\system32\drivers\GRD.sys 10:17:38.0812 4344 GRD - ok 10:17:38.0859 4344 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 10:17:38.0921 4344 Hardlock - ok 10:17:38.0953 4344 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 10:17:38.0968 4344 Haspnt ( UnsignedFile.Multi.Generic ) - warning 10:17:38.0968 4344 Haspnt - detected UnsignedFile.Multi.Generic (1) 10:17:38.0984 4344 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:17:39.0078 4344 HDAudBus - ok 10:17:39.0093 4344 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:17:39.0203 4344 hidusb - ok 10:17:39.0234 4344 HookCentre (33ef584aa0b583d2f106d62fd3a5a053) C:\WINDOWS\system32\drivers\HookCentre.sys 10:17:39.0250 4344 HookCentre - ok 10:17:39.0265 4344 hpn - ok 10:17:39.0296 4344 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 10:17:39.0312 4344 HPZid412 - ok 10:17:39.0328 4344 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 10:17:39.0359 4344 HPZipr12 - ok 10:17:39.0359 4344 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 10:17:39.0390 4344 HPZius12 - ok 10:17:39.0421 4344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:17:39.0468 4344 HTTP - ok 10:17:39.0484 4344 i2omgmt - ok 10:17:39.0484 4344 i2omp - ok 10:17:39.0531 4344 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:17:39.0640 4344 i8042prt - ok 10:17:39.0656 4344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:17:39.0750 4344 Imapi - ok 10:17:39.0765 4344 InCDFs - ok 10:17:39.0781 4344 InCDPass - ok 10:17:39.0796 4344 InCDRm - ok 10:17:39.0796 4344 ini910u - ok 10:17:39.0812 4344 IntelIde - ok 10:17:39.0843 4344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:17:39.0921 4344 Ip6Fw - ok 10:17:39.0953 4344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:17:40.0062 4344 IpFilterDriver - ok 10:17:40.0078 4344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:17:40.0187 4344 IpInIp - ok 10:17:40.0203 4344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:17:40.0296 4344 IpNat - ok 10:17:40.0312 4344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:17:40.0406 4344 IPSec - ok 10:17:40.0437 4344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:17:40.0531 4344 IRENUM - ok 10:17:40.0562 4344 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:17:40.0640 4344 isapnp - ok 10:17:40.0671 4344 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:17:40.0765 4344 Kbdclass - ok 10:17:40.0796 4344 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:17:40.0890 4344 kbdhid - ok 10:17:40.0906 4344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:17:40.0984 4344 kmixer - ok 10:17:41.0015 4344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:17:41.0062 4344 KSecDD - ok 10:17:41.0078 4344 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 10:17:41.0093 4344 L8042Kbd - ok 10:17:41.0109 4344 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 10:17:41.0125 4344 L8042mou - ok 10:17:41.0140 4344 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys 10:17:41.0187 4344 L8042pr2 - ok 10:17:41.0203 4344 lbrtfdc - ok 10:17:41.0234 4344 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 10:17:41.0250 4344 LHidFilt - ok 10:17:41.0281 4344 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 10:17:41.0312 4344 LHidFlt2 - ok 10:17:41.0312 4344 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 10:17:41.0328 4344 LMouFilt - ok 10:17:41.0328 4344 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 10:17:41.0359 4344 LMouFlt2 - ok 10:17:41.0375 4344 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 10:17:41.0390 4344 LMouKE - ok 10:17:41.0453 4344 MACNDIS5 (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS 10:17:41.0453 4344 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning 10:17:41.0453 4344 MACNDIS5 - detected UnsignedFile.Multi.Generic (1) 10:17:41.0468 4344 MBAMSwissArmy - ok 10:17:41.0484 4344 MIINPazX (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS 10:17:41.0500 4344 MIINPazX ( UnsignedFile.Multi.Generic ) - warning 10:17:41.0500 4344 MIINPazX - detected UnsignedFile.Multi.Generic (1) 10:17:41.0531 4344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:17:41.0656 4344 mnmdd - ok 10:17:41.0687 4344 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 10:17:41.0781 4344 Modem - ok 10:17:41.0796 4344 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:17:41.0890 4344 Mouclass - ok 10:17:41.0921 4344 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:17:42.0046 4344 mouhid - ok 10:17:42.0046 4344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:17:42.0156 4344 MountMgr - ok 10:17:42.0156 4344 mraid35x - ok 10:17:42.0171 4344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:17:42.0265 4344 MRxDAV - ok 10:17:42.0296 4344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:17:42.0359 4344 MRxSmb - ok 10:17:42.0375 4344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:17:42.0468 4344 Msfs - ok 10:17:42.0484 4344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:17:42.0578 4344 MSKSSRV - ok 10:17:42.0593 4344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:17:42.0687 4344 MSPCLOCK - ok 10:17:42.0718 4344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:17:42.0812 4344 MSPQM - ok 10:17:42.0843 4344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:17:42.0937 4344 mssmbios - ok 10:17:42.0984 4344 MTOnlPktAlyX (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS 10:17:43.0000 4344 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning 10:17:43.0000 4344 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1) 10:17:43.0031 4344 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 10:17:43.0046 4344 MTsensor - ok 10:17:43.0078 4344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:17:43.0109 4344 Mup - ok 10:17:43.0125 4344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:17:43.0218 4344 NDIS - ok 10:17:43.0250 4344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:17:43.0281 4344 NdisTapi - ok 10:17:43.0296 4344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:17:43.0390 4344 Ndisuio - ok 10:17:43.0406 4344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:17:43.0500 4344 NdisWan - ok 10:17:43.0531 4344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:17:43.0562 4344 NDProxy - ok 10:17:43.0578 4344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:17:43.0671 4344 NetBIOS - ok 10:17:43.0687 4344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:17:43.0812 4344 NetBT - ok 10:17:43.0843 4344 NETFRITZ (004539c10fd06186aeb06e909d9201e6) C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS 10:17:43.0843 4344 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS. Real md5: 004539c10fd06186aeb06e909d9201e6, Fake md5: 404cf7407e87a0f3cc832162ab9deaf2 10:17:43.0843 4344 NETFRITZ ( ForgedFile.Multi.Generic ) - warning 10:17:43.0843 4344 NETFRITZ - detected ForgedFile.Multi.Generic (1) 10:17:43.0875 4344 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 10:17:43.0984 4344 nm - ok 10:17:44.0000 4344 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys 10:17:44.0156 4344 nmwcd - ok 10:17:44.0187 4344 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys 10:17:44.0250 4344 nmwcdc - ok 10:17:44.0265 4344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:17:44.0359 4344 Npfs - ok 10:17:44.0390 4344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:17:44.0500 4344 Ntfs - ok 10:17:44.0531 4344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:17:44.0640 4344 Null - ok 10:17:44.0671 4344 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys 10:17:44.0687 4344 nvata - ok 10:17:44.0734 4344 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 10:17:44.0765 4344 NVENETFD - ok 10:17:44.0781 4344 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 10:17:44.0812 4344 nvnetbus - ok 10:17:44.0843 4344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:17:44.0937 4344 NwlnkFlt - ok 10:17:44.0937 4344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:17:45.0046 4344 NwlnkFwd - ok 10:17:45.0078 4344 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 10:17:45.0171 4344 Parport - ok 10:17:45.0187 4344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:17:45.0281 4344 PartMgr - ok 10:17:45.0296 4344 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 10:17:45.0390 4344 ParVdm - ok 10:17:45.0421 4344 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 10:17:45.0468 4344 pccsmcfd - ok 10:17:45.0468 4344 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 10:17:45.0578 4344 PCI - ok 10:17:45.0578 4344 PCIDump - ok 10:17:45.0593 4344 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:17:45.0703 4344 PCIIde - ok 10:17:45.0718 4344 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:17:45.0812 4344 Pcmcia - ok 10:17:45.0828 4344 PDCOMP - ok 10:17:45.0843 4344 PDFRAME - ok 10:17:45.0843 4344 PDRELI - ok 10:17:45.0859 4344 PDRFRAME - ok 10:17:45.0890 4344 Pei10Wdm (76e1e107355d986842779bde5fb35d5f) C:\WINDOWS\system32\Drivers\Pei10Wdm.sys 10:17:45.0906 4344 Pei10Wdm ( UnsignedFile.Multi.Generic ) - warning 10:17:45.0906 4344 Pei10Wdm - detected UnsignedFile.Multi.Generic (1) 10:17:45.0921 4344 Pei16Wdm (1035daa6900f040fa087866421da0e47) C:\WINDOWS\system32\Drivers\Pei16Wdm.sys 10:17:45.0937 4344 Pei16Wdm ( UnsignedFile.Multi.Generic ) - warning 10:17:45.0937 4344 Pei16Wdm - detected UnsignedFile.Multi.Generic (1) 10:17:45.0953 4344 perc2 - ok 10:17:45.0953 4344 perc2hib - ok 10:17:46.0046 4344 PORTMON - ok 10:17:46.0046 4344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:17:46.0140 4344 PptpMiniport - ok 10:17:46.0156 4344 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 10:17:46.0250 4344 Processor - ok 10:17:46.0250 4344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:17:46.0343 4344 PSched - ok 10:17:46.0359 4344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:17:46.0453 4344 Ptilink - ok 10:17:46.0468 4344 ql1080 - ok 10:17:46.0468 4344 Ql10wnt - ok 10:17:46.0484 4344 ql12160 - ok 10:17:46.0500 4344 ql1240 - ok 10:17:46.0500 4344 ql1280 - ok 10:17:46.0515 4344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:17:46.0609 4344 RasAcd - ok 10:17:46.0625 4344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:17:46.0734 4344 Rasl2tp - ok 10:17:46.0750 4344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:17:46.0859 4344 RasPppoe - ok 10:17:46.0859 4344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:17:46.0953 4344 Raspti - ok 10:17:46.0984 4344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:17:47.0078 4344 Rdbss - ok 10:17:47.0093 4344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:17:47.0187 4344 RDPCDD - ok 10:17:47.0218 4344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:17:47.0312 4344 rdpdr - ok 10:17:47.0343 4344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 10:17:47.0375 4344 RDPWD - ok 10:17:47.0390 4344 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:17:47.0468 4344 redbook - ok 10:17:47.0500 4344 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 10:17:47.0593 4344 RFCOMM - ok 10:17:47.0609 4344 RkHit - ok 10:17:47.0640 4344 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 10:17:47.0718 4344 ROOTMODEM - ok 10:17:47.0750 4344 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys 10:17:47.0765 4344 rspndr ( UnsignedFile.Multi.Generic ) - warning 10:17:47.0765 4344 rspndr - detected UnsignedFile.Multi.Generic (1) 10:17:47.0796 4344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:17:47.0890 4344 Secdrv - ok 10:17:47.0937 4344 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 10:17:47.0968 4344 SenFiltService - ok 10:17:48.0000 4344 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 10:17:48.0015 4344 Sentinel - ok 10:17:48.0015 4344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:17:48.0109 4344 serenum - ok 10:17:48.0125 4344 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 10:17:48.0234 4344 Serial - ok 10:17:48.0250 4344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:17:48.0343 4344 Sfloppy - ok 10:17:48.0359 4344 Simbad - ok 10:17:48.0390 4344 SIUSBXP (f39c03d8068331438221f6dbdcc6f9c7) C:\WINDOWS\system32\drivers\SiUSBXp.sys 10:17:48.0421 4344 SIUSBXP - ok 10:17:48.0453 4344 SKYNET (7932513cc4f8c173da6c01594a844f41) C:\WINDOWS\system32\DRIVERS\SkyNET.SYS 10:17:48.0468 4344 SKYNET ( UnsignedFile.Multi.Generic ) - warning 10:17:48.0468 4344 SKYNET - detected UnsignedFile.Multi.Generic (1) 10:17:48.0500 4344 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys 10:17:48.0515 4344 snapman - ok 10:17:48.0546 4344 SNTNLUSB (4cd88cd1891b63d0d84c1a0fa3786b47) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 10:17:48.0562 4344 SNTNLUSB - ok 10:17:48.0593 4344 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 10:17:48.0687 4344 SONYPVU1 - ok 10:17:48.0703 4344 Sparrow - ok 10:17:48.0718 4344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:17:48.0812 4344 splitter - ok 10:17:48.0828 4344 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 10:17:48.0921 4344 sr - ok 10:17:48.0953 4344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:17:49.0000 4344 Srv - ok 10:17:49.0031 4344 SSIPDDP (818ecec4024e6518f504329af60d1cbf) C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS 10:17:49.0046 4344 SSIPDDP ( UnsignedFile.Multi.Generic ) - warning 10:17:49.0046 4344 SSIPDDP - detected UnsignedFile.Multi.Generic (1) 10:17:49.0062 4344 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys 10:17:49.0171 4344 StillCam - ok 10:17:49.0187 4344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:17:49.0281 4344 swenum - ok 10:17:49.0296 4344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:17:49.0390 4344 swmidi - ok 10:17:49.0390 4344 symc810 - ok 10:17:49.0406 4344 symc8xx - ok 10:17:49.0421 4344 sym_hi - ok 10:17:49.0437 4344 sym_u3 - ok 10:17:49.0453 4344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:17:49.0546 4344 sysaudio - ok 10:17:49.0578 4344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:17:49.0671 4344 Tcpip - ok 10:17:49.0687 4344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:17:49.0781 4344 TDPIPE - ok 10:17:49.0796 4344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:17:49.0906 4344 TDTCP - ok 10:17:49.0921 4344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:17:50.0015 4344 TermDD - ok 10:17:50.0031 4344 TosIde - ok 10:17:50.0046 4344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:17:50.0140 4344 Udfs - ok 10:17:50.0156 4344 ultra - ok 10:17:50.0203 4344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:17:50.0312 4344 Update - ok 10:17:50.0343 4344 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 10:17:50.0390 4344 upperdev - ok 10:17:50.0421 4344 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 10:17:50.0468 4344 USBAAPL - ok 10:17:50.0500 4344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:17:50.0593 4344 usbccgp - ok 10:17:50.0609 4344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:17:50.0703 4344 usbehci - ok 10:17:50.0718 4344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:17:50.0828 4344 usbhub - ok 10:17:50.0828 4344 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:17:50.0921 4344 usbohci - ok 10:17:50.0937 4344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:17:51.0031 4344 usbprint - ok 10:17:51.0046 4344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:17:51.0125 4344 usbscan - ok 10:17:51.0156 4344 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 10:17:51.0250 4344 usbser - ok 10:17:51.0265 4344 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 10:17:51.0343 4344 UsbserFilt - ok 10:17:51.0359 4344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:17:51.0453 4344 USBSTOR - ok 10:17:51.0453 4344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:17:51.0546 4344 usbuhci - ok 10:17:51.0562 4344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:17:51.0656 4344 VgaSave - ok 10:17:51.0671 4344 ViaIde - ok 10:17:51.0703 4344 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 10:17:51.0796 4344 VolSnap - ok 10:17:51.0812 4344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:17:51.0906 4344 Wanarp - ok 10:17:51.0937 4344 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 10:17:51.0984 4344 wceusbsh - ok 10:17:52.0015 4344 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 10:17:52.0046 4344 Wdf01000 - ok 10:17:52.0062 4344 WDICA - ok 10:17:52.0093 4344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:17:52.0203 4344 wdmaud - ok 10:17:52.0218 4344 WinDriver6 (2c7d830e86b378771af5dafeae428a09) C:\WINDOWS\system32\drivers\windrvr6.sys 10:17:52.0234 4344 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning 10:17:52.0234 4344 WinDriver6 - detected UnsignedFile.Multi.Generic (1) 10:17:52.0281 4344 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 10:17:52.0343 4344 WpdUsb - ok 10:17:52.0359 4344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 10:17:52.0468 4344 WS2IFSL - ok 10:17:52.0500 4344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:17:52.0546 4344 WudfPf - ok 10:17:52.0562 4344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:17:52.0593 4344 WudfRd - ok 10:17:52.0625 4344 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 10:17:52.0734 4344 \Device\Harddisk0\DR0 - ok 10:17:52.0734 4344 Boot (0x1200) (28a162f03460282831bd8fab4089f72d) \Device\Harddisk0\DR0\Partition0 10:17:52.0734 4344 \Device\Harddisk0\DR0\Partition0 - ok 10:17:52.0734 4344 Boot (0x1200) (2cbbd03237235a992fb4be37bdd4ab42) \Device\Harddisk0\DR0\Partition1 10:17:52.0734 4344 \Device\Harddisk0\DR0\Partition1 - ok 10:17:52.0734 4344 ============================================================ 10:17:52.0734 4344 Scan finished 10:17:52.0734 4344 ============================================================ 10:17:52.0843 3028 Detected object count: 13 10:17:52.0843 3028 Actual detected object count: 13 10:18:56.0531 3028 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0531 3028 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0531 3028 Cinemsup ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0531 3028 Cinemsup ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0531 3028 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0531 3028 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0531 3028 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0531 3028 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0531 3028 MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0531 3028 MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 NETFRITZ ( ForgedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 NETFRITZ ( ForgedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 Pei10Wdm ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 Pei10Wdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 Pei16Wdm ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 Pei16Wdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 SKYNET ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 SKYNET ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:18:56.0546 3028 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user 10:18:56.0546 3028 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Hallo Arne, hier das Ergebnis: Combofix Logfile: Code: ComboFix 11-11-07.02 - Volker Stelzl 07.11.2011 11:10:35.1.2 - x86 |
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). |
Hallo Arne, hier die Scans: OSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0 If You have questions or want to get some help, You can visit Online Solutions :: Index aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-08 17:32:29 ----------------------------- 17:32:29.109 OS Version: Windows 5.1.2600 Service Pack 3 17:32:29.109 Number of processors: 2 586 0x6B02 17:32:29.109 ComputerName: PC_STELZL UserName: 17:32:29.437 Initialize success 17:34:51.000 AVAST engine defs: 11110801 17:35:03.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000085 17:35:03.796 Disk 0 Vendor: WDC_WD1500AHFD-00RAR5 21.07QR5 Size: 143089MB BusType: 3 17:35:05.796 Disk 0 MBR read successfully 17:35:05.796 Disk 0 MBR scan 17:35:05.828 Disk 0 Windows XP default MBR code 17:35:05.828 Disk 0 scanning sectors +293041665 17:35:05.875 Disk 0 scanning C:\WINDOWS\system32\drivers 17:35:15.312 Service scanning 17:35:16.328 Modules scanning 17:35:20.000 Disk 0 trace - called modules: 17:35:20.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 17:35:20.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afa6ab8] 17:35:20.015 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8af50f18] 17:35:20.015 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\00000085[0x8afa6030] 17:35:20.484 AVAST engine scan C:\WINDOWS 17:35:33.828 AVAST engine scan C:\WINDOWS\system32 17:37:24.093 AVAST engine scan C:\WINDOWS\system32\drivers 17:37:37.500 AVAST engine scan C:\Dokumente und Einstellungen\Volker Stelzl 17:50:44.562 AVAST engine scan C:\Dokumente und Einstellungen\All Users 18:05:54.468 Scan finished successfully 18:12:59.515 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\MBR.dat" 18:12:59.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Volker Stelzl\Desktop\aswMBR.txt" |
GMER ging nicht? |
Hallo Arne, habe zwischenzeitlich die aktuellste Version des Virenscanners von GDATA installiert. Damit ist das Problem nicht wieder aufgetreten. Ich denke, somit sind keine weiteren scans erforderlich. Vielen Dank nochmal |
Nein, Kontrollscans sollte man unebdingt noch machen. Was ist jetzt mit GMER, ging das nun oder nicht? |
Alle Zeitangaben in WEZ +1. Es ist jetzt 19:53 Uhr. |
Copyright ©2000-2024, Trojaner-Board