Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows blockiert aus Sicherheitsgründen-Trojaner (https://www.trojaner-board.de/107445-windows-blockiert-sicherheitsgruenden-trojaner.html)

jujumitwurm 02.01.2012 19:48
Windows blockiert aus Sicherheitsgründen-Trojaner
 
Hallo zusammen, der hier schon häufig erwähnte trojaner raubt auch mir nach einem unschuldigen besuch von kinox.to den letzten nerv...
Toll, dass ihr mir vielleicht helfen könnt, auch wenn ich zugebenermaßen nicht gerade ein rechner-crack bin...eher das gegenteil...
Was ich bisher getan habe:
systemwiederherstellung auf 2Tage vorher, das beseitigte das symptom.
Dann scan mit Malwarebytes, 1 fund der wohl in Quarantäne verschoben wurde, den ich dort aber nicht finde. wie ich weiter vorgegangen bin hinter den logs. OTL Log ganz am Ende...

erstmal das log und ein altes von mai.

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.01.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
julchen :: TARKAN [Administrator]

01.01.2012 17:30:14
mbam-log-2012-01-01 (17-30-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228839
Laufzeit: 1 Stunde(n), 10 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6DAZ238Z\1f47f1419f1fabb265da5f3fb8606543472088693e72e17292ebe9c118414543_exe[1] (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
die beiden alten:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7562

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

25.08.2011 13:01:52
mbam-log-2011-08-25 (13-01-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 256448
Laufzeit: 1 Stunde(n), 20 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
In der Quarantäne ist nichts.
Dann habe ich noch Tdss Killer scannen lassen, da finde ich aber das log nicht.
Dann habe ich Esets inkl externer Festplatte laufen lassen, er hat jede Menge gefunden: wtf:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=acab50e6042389419571ea83b2ec02b2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 02:30:06
# local_time=2012-01-02 03:30:06 (+0100, Westeuropäische Normalzeit)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775145 100 93 153961 62043743 261384 0
# compatibility_mode=8192 67108863 100 0 4022 4022 0 0
# scanned=129049
# found=11
# cleaned=0
# scan_time=7687
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51\40d0d773-50c22d5e        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\Nero-8.2.8.0_deu_trial.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\SoftonicDownloader_fuer_freemind.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\SoftonicDownloader_fuer_zsnes.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Temp\321.exe        a variant of Win32/Kryptik.YHX trojan (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-63954bc9        probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\AppData\Roaming\Desktopicon\eBayShortcuts.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\Downloads\agsetup183se.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\Downloads\eac-0.99pb5.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\Downloads\MyWebFaceSetup2.3.50.62.GRfox000.exe        a variant of Win32/Toolbar.MyWebSearch.O application (unable to clean)        00000000000000000000000000000000        I
F:\Users\Nikolaus\Downloads\SoftonicDownloader90278.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
Dann habe ich erst die ext, otl, gmer logs erstellt.
defogger ging nicht, log hier
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:55 on 02/01/2012 (julchen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
so, und hier das OTL-Log

Code:
OTL logfile created on: 02.01.2012 15:58:38 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\julchen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
510,80 Mb Total Physical Memory | 252,52 Mb Available Physical Memory | 49,44% Memory free
1,22 Gb Paging File | 0,88 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69,34 Gb Total Space | 37,47 Gb Free Space | 54,03% Space Free | Partition Type: NTFS
Drive D: | 994,23 Mb Total Space | 493,16 Mb Free Space | 49,60% Space Free | Partition Type: FAT32
 
Computer Name: TARKAN | User Name: julchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe
PRC - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.02.23 17:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005.02.18 01:51:26 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.01.17 11:12:00 | 000,258,048 | R--- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\Ktp3.exe
PRC - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe


Ich hoffe, ich habe an alles gedacht. Ich habe allerdings noch nicht im abgesicherten modus irgendwas gemacht. habe übrigens windows XP, Targa notebook von 2005.
Vielen Dank Euch schon im Voraus...
JUJU mit Wurm

cosinus 03.01.2012 21:36
Das Log von OTL ist unvollständig...

Zitat:
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\SoftonicDownloader_fuer
Irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Lass die Finger von dieser Seite. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

jujumitwurm 05.01.2012 12:24
Hallo Arne, sorry und danke für deine antwort. Hier das log. Und was softonic angeht: Ich hatte keine ahnung...also immer vom hersteller?
OTL Logfile:
Code:
OTL logfile created on: 02.01.2012 15:58:38 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\julchen\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
510,80 Mb Total Physical Memory | 252,52 Mb Available Physical Memory | 49,44% Memory free
1,22 Gb Paging File | 0,88 Gb Available in Paging File | 72,43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69,34 Gb Total Space | 37,47 Gb Free Space | 54,03% Space Free | Partition Type: NTFS
Drive D: | 994,23 Mb Total Space | 493,16 Mb Free Space | 49,60% Space Free | Partition Type: FAT32
 
Computer Name: TARKAN | User Name: julchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe
PRC - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.02.23 17:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005.02.18 01:51:26 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005.01.17 11:12:00 | 000,258,048 | R--- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\Ktp3.exe
PRC - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
MOD - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
MOD - [2005.02.18 01:50:28 | 000,163,967 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll
MOD - [2005.02.18 01:50:28 | 000,057,465 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll
MOD - [2005.02.18 01:50:28 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll
MOD - [2005.02.18 01:49:46 | 000,229,458 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll
MOD - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2004.08.04 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.08 09:51:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.08 09:51:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2006.04.07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005.02.24 13:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.02.17 20:04:05 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005.01.29 14:02:00 | 001,012,608 | R--- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid)
DRV - [2005.01.25 19:47:00 | 000,148,480 | R--- | M] (Inprocomm, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (CB54G3)
DRV - [2005.01.25 19:47:00 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2005.01.17 11:12:00 | 001,270,540 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.01.17 11:12:00 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.01.17 11:12:00 | 000,024,704 | R--- | M] (Elantech Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ktp3.sys -- (Ktp3) Elantech TouchPad(KTP3)
DRV - [2005.01.12 21:30:22 | 000,915,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.12.01 17:55:32 | 000,022,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2004.11.05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004.10.19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004.10.19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004.09.21 18:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004.09.21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.05.17 16:11:42 | 000,067,456 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\rmedia.sys -- (rmedia)
DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.targa.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Programme\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.21 21:07:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.21 21:07:41 | 000,000,000 | ---D | M]
 
[2008.07.15 08:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Extensions
[2012.01.01 17:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions
[2009.09.08 09:00:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.05 17:18:01 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2011.11.06 14:12:51 | 000,000,000 | ---D | M] (Zotero) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu
[2011.11.06 14:23:00 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org
[2012.01.01 17:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 11:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.12 11:11:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.10.12 11:11:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.07 09:26:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 09:26:17 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.07 09:26:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.07 09:26:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.07 09:26:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KTPWare] C:\Programme\Elantech\Ktp3.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [OEM-Reset]  File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108647141296 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46187F0C-A792-4EC2-98B3-3FC615C34B86}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.17 13:07:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {094AC089-2A75-5BCC-0A10-2A1C5AA04CB6} - Vektorgrafik-Rendering (VML)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4E5C2225-24C6-88E4-99E9-98FCF88F6CA2} - Vektorgrafik-Rendering (VML)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe - (IVT Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk - C:\Programme\Olympus\DeviceDetector\DevDtct2.exe - (OLYMPUS IMAGING CORP.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.02 15:55:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe
[2012.01.02 13:15:00 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.01 17:49:35 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\julchen\Desktop\TDSSKiller.exe
[2012.01.01 17:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.01 17:28:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.01 17:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.09 17:29:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr
[2011.12.09 17:27:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vizzed Retro Game Room
[2011.12.09 17:27:16 | 000,000,000 | ---D | C] -- C:\Programme\Vizzed
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe
[2012.01.02 15:43:28 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\defogger_reenable
[2012.01.02 15:35:28 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Defogger.exe
[2012.01.02 14:40:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.01.02 13:40:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.02 13:03:44 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.01.01 19:20:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.01 19:20:26 | 535,678,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.01 17:28:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.30 18:18:51 | 000,053,126 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\wklnhst.dat
[2011.12.28 12:22:23 | 344,357,476 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Reise um die Welt.wma
[2011.12.23 14:52:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\julchen\Desktop\TDSSKiller.exe
[2011.12.14 17:20:14 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.02 15:43:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\defogger_reenable
[2012.01.02 15:35:28 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Defogger.exe
[2012.01.01 17:28:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.28 12:13:29 | 344,357,476 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Reise um die Welt.wma
[2011.02.16 14:27:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.02.16 14:27:03 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.02.16 14:27:03 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.02.16 14:27:03 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.02.16 14:27:03 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.02.16 14:27:03 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.02.16 14:27:03 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.02.16 14:27:03 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.02.16 14:27:03 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.02.16 14:27:03 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.02.16 14:27:03 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.02.16 14:27:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.02.16 14:27:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.02.16 14:27:03 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.02.16 14:27:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.02.16 14:27:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.02.16 14:27:03 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.02.16 14:27:03 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.02.16 14:27:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.11.12 14:05:04 | 000,053,126 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\wklnhst.dat
[2010.09.27 22:44:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.05 17:30:56 | 000,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009.01.26 13:14:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.11.19 11:29:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.06.10 18:24:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008.06.10 18:24:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008.03.31 15:38:41 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.03.03 08:32:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2005.03.03 08:32:09 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2005.03.03 08:32:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2005.03.03 08:32:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2005.03.03 08:32:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2005.03.02 17:30:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005.02.24 16:33:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.18 14:40:01 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.02.18 13:07:17 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005.02.17 20:27:54 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.17 20:03:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005.02.17 13:45:06 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005.02.17 13:45:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005.02.17 13:42:34 | 000,013,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys
[2005.02.17 13:42:34 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005.02.17 13:39:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.02.17 13:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.02.17 13:31:29 | 000,077,267 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.02.17 13:13:42 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.02.17 13:09:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.02.17 13:05:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.02.17 13:00:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.02.17 12:59:32 | 002,113,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.02.17 12:47:22 | 000,000,814 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.02.17 12:47:11 | 000,459,390 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.02.17 12:47:11 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2005.02.17 12:47:11 | 000,084,728 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.02.17 12:47:11 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2005.02.17 12:46:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.02.17 12:46:56 | 000,441,458 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.02.17 12:46:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.02.17 12:46:56 | 000,071,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.02.17 12:46:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.02.17 12:46:54 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.02.17 12:46:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.02.17 12:46:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.02.17 12:46:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.02.17 12:46:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.02.17 12:46:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.02.17 12:46:38 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.03.18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
 
========== LOP Check ==========
 
[2005.02.17 15:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2010.05.20 11:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2005.02.18 13:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2005.02.18 13:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2005.02.17 20:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.10.30 20:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Broken Sword 2.5
[2010.05.20 11:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\elsterformular
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.08.11 08:20:13 | 000,000,000 | ---D | M] -- C:\cd022f1a27109f67dea27d362dad
[2011.12.09 17:33:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008.03.31 15:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.08.20 13:59:13 | 000,000,000 | ---D | M] -- C:\ef50918e92a6f10afe12b27ad1e8b135
[2010.09.28 15:09:00 | 000,000,000 | ---D | M] -- C:\HattrickOrganizer
[2005.02.23 09:37:27 | 000,000,000 | ---D | M] -- C:\Info
[2005.02.17 20:04:05 | 000,000,000 | ---D | M] -- C:\My Music
[2012.01.02 13:15:00 | 000,000,000 | R--D | M] -- C:\Programme
[2008.05.04 14:55:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.01.10 12:11:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2005.03.31 13:23:37 | 000,000,000 | ---D | M] -- C:\T-Online
[2011.03.31 11:30:31 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.14 17:45:14 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\drivers\afd.sys
[2004.08.04 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\system32\dllcache\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 09:24:36 | 001,851,008 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-18 13:50:19
 
<          >

< End of report >
--- --- ---


so, ich hoffe, alles ist jetzt da....
schönen tag.
jujumitwurm

jujumitwurm 05.01.2012 12:28
Hallo Arne, danke für deine antwort und sorry für das unvollständige log.im anhang das vollständige, für den threat war es anscheinend zu groß.
beste grüße
juju mit wurm


HÄH? Jetzt ist es doch im threat? also dann zweimal. sorry nochmal...

cosinus 05.01.2012 14:23
Zitat:
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Warum zum Geier gurkst du mit so einem veralteten Stand rum?!
Aktuell ist für XP das SP3 und der IE8!

Zitat:
510,80 Mb Total Physical Memory |
Alter PC? Mit ~512 MB RAM kann man heutzutage nicht mehr wirklich flüssig arbeiten/surfen :balla:

Zitat:
(Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\julchen\Desktop\TDSSKiller.exe
Einfach mal drauflos gescannt und alles gelöscht? Ich hoffe nicht :balla:
Es hat einen Grund warum man hier bestimmte Tool nur auf Anweisung ausgeführt werden sollen. Laien neigen dazu alles zu löschen und genau das ist pauschal falsch und kann das System nachhaltig Schaden zufügen.
Log ist direkt auf C: bitte posten

jujumitwurm 05.01.2012 15:06
hallo arne,
anbei das log, es sind drei:
Code:
17:50:22.0156 0176        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:50:23.0062 0176        ============================================================
17:50:23.0062 0176        Current date / time: 2012/01/01 17:50:23.0062
17:50:23.0062 0176        SystemInfo:
17:50:23.0062 0176       
17:50:23.0062 0176        OS Version: 5.1.2600 ServicePack: 2.0
17:50:23.0062 0176        Product type: Workstation
17:50:23.0062 0176        ComputerName: TARKAN
17:50:23.0250 0176        UserName: julchen
17:50:23.0250 0176        Windows directory: C:\WINDOWS
17:50:23.0250 0176        System windows directory: C:\WINDOWS
17:50:23.0250 0176        Processor architecture: Intel x86
17:50:23.0250 0176        Number of processors: 1
17:50:23.0250 0176        Page size: 0x1000
17:50:23.0265 0176        Boot type: Normal boot
17:50:23.0265 0176        ============================================================
17:50:27.0218 0176        Initialize success
17:50:33.0343 1580        ============================================================
17:50:33.0343 1580        Scan started
17:50:33.0343 1580        Mode: Manual;
17:50:33.0343 1580        ============================================================
17:50:35.0953 1580        Abiosdsk - ok
17:50:36.0062 1580        abp480n5 - ok
17:50:36.0203 1580        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:50:36.0218 1580        ACPI - ok
17:50:36.0281 1580        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:50:36.0281 1580        ACPIEC - ok
17:50:36.0296 1580        adfs - ok
17:50:36.0328 1580        adpu160m - ok
17:50:36.0375 1580        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:50:36.0406 1580        aec - ok
17:50:36.0484 1580        AFD            (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:50:36.0484 1580        AFD - ok
17:50:36.0750 1580        AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:50:37.0140 1580        AgereSoftModem - ok
17:50:37.0500 1580        Aha154x - ok
17:50:37.0718 1580        aic78u2 - ok
17:50:38.0078 1580        aic78xx - ok
17:50:39.0578 1580        ALCXWDM        (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:50:41.0328 1580        ALCXWDM - ok
17:50:41.0953 1580        AliIde - ok
17:50:42.0406 1580        AmdK8          (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:50:42.0484 1580        AmdK8 - ok
17:50:42.0656 1580        amsint - ok
17:50:42.0828 1580        Arp1394        (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:50:42.0843 1580        Arp1394 - ok
17:50:42.0921 1580        ASAPIW2k        (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
17:50:42.0921 1580        ASAPIW2k - ok
17:50:42.0984 1580        asc - ok
17:50:43.0046 1580        asc3350p - ok
17:50:43.0156 1580        asc3550 - ok
17:50:43.0265 1580        ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:50:43.0359 1580        ASCTRM - ok
17:50:43.0421 1580        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:50:43.0437 1580        AsyncMac - ok
17:50:43.0484 1580        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:50:43.0484 1580        atapi - ok
17:50:43.0531 1580        Atdisk - ok
17:50:43.0625 1580        ati2mtag        (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:50:43.0671 1580        ati2mtag - ok
17:50:43.0734 1580        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:50:43.0734 1580        Atmarpc - ok
17:50:43.0781 1580        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:50:43.0781 1580        audstub - ok
17:50:43.0890 1580        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:50:43.0890 1580        avgio - ok
17:50:43.0937 1580        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:50:43.0937 1580        avgntflt - ok
17:50:44.0015 1580        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:50:44.0015 1580        avipbb - ok
17:50:44.0093 1580        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:50:44.0140 1580        Beep - ok
17:50:44.0203 1580        BlueletAudio    (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
17:50:44.0218 1580        BlueletAudio - ok
17:50:44.0281 1580        BT              (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
17:50:44.0281 1580        BT - ok
17:50:44.0328 1580        Btcsrusb        (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
17:50:44.0328 1580        Btcsrusb - ok
17:50:44.0375 1580        BTHidEnum      (083ad7f6ff500d0a93c0bea2cf298c93) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
17:50:44.0375 1580        BTHidEnum - ok
17:50:44.0406 1580        BTHidMgr        (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
17:50:44.0437 1580        BTHidMgr - ok
17:50:44.0484 1580        CB54G3          (02aaa5a6414b0d5cc0717b84fb74c4bb) C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
17:50:44.0484 1580        CB54G3 - ok
17:50:44.0531 1580        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:50:44.0578 1580        cbidf2k - ok
17:50:44.0625 1580        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:50:44.0640 1580        CCDECODE - ok
17:50:44.0703 1580        cd20xrnt - ok
17:50:44.0781 1580        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:50:44.0828 1580        Cdaudio - ok
17:50:44.0890 1580        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:50:44.0906 1580        Cdfs - ok
17:50:45.0000 1580        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:50:45.0000 1580        Cdrom - ok
17:50:45.0031 1580        Changer - ok
17:50:45.0109 1580        CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:50:45.0109 1580        CmBatt - ok
17:50:45.0187 1580        CmdIde - ok
17:50:45.0265 1580        Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:50:45.0265 1580        Compbatt - ok
17:50:45.0296 1580        Cpqarray - ok
17:50:45.0375 1580        dac2w2k - ok
17:50:45.0406 1580        dac960nt - ok
17:50:45.0453 1580        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:50:45.0468 1580        Disk - ok
17:50:45.0625 1580        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
17:50:45.0765 1580        dmboot - ok
17:50:45.0875 1580        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
17:50:45.0906 1580        dmio - ok
17:50:45.0968 1580        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:50:45.0984 1580        dmload - ok
17:50:46.0062 1580        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:50:46.0078 1580        DMusic - ok
17:50:46.0109 1580        dpti2o - ok
17:50:46.0140 1580        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:50:46.0140 1580        drmkaud - ok
17:50:46.0343 1580        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:50:46.0453 1580        Fastfat - ok
17:50:46.0500 1580        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:50:46.0531 1580        Fdc - ok
17:50:46.0578 1580        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
17:50:46.0625 1580        Fips - ok
17:50:46.0687 1580        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:50:46.0718 1580        Flpydisk - ok
17:50:46.0781 1580        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:50:46.0781 1580        FltMgr - ok
17:50:46.0843 1580        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:50:46.0890 1580        Fs_Rec - ok
17:50:46.0953 1580        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:50:46.0968 1580        Ftdisk - ok
17:50:47.0046 1580        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:50:47.0062 1580        Gpc - ok
17:50:47.0171 1580        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:50:47.0171 1580        HidUsb - ok
17:50:47.0203 1580        hpn - ok
17:50:47.0328 1580        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:50:47.0359 1580        HTTP - ok
17:50:47.0781 1580        i2omgmt - ok
17:50:47.0875 1580        i2omp - ok
17:50:47.0937 1580        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:50:47.0937 1580        i8042prt - ok
17:50:48.0000 1580        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:50:48.0000 1580        Imapi - ok
17:50:48.0031 1580        ini910u - ok
17:50:48.0078 1580        IntelIde - ok
17:50:48.0125 1580        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:50:48.0125 1580        Ip6Fw - ok
17:50:48.0171 1580        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:50:48.0171 1580        IpFilterDriver - ok
17:50:48.0296 1580        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:50:48.0296 1580        IpInIp - ok
17:50:48.0359 1580        IpNat          (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:50:48.0359 1580        IpNat - ok
17:50:48.0421 1580        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:50:48.0421 1580        IPSec - ok
17:50:48.0468 1580        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:50:48.0468 1580        IRENUM - ok
17:50:48.0531 1580        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:50:48.0562 1580        isapnp - ok
17:50:48.0625 1580        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:50:48.0640 1580        Kbdclass - ok
17:50:48.0703 1580        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:50:48.0703 1580        kmixer - ok
17:50:48.0812 1580        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:50:48.0828 1580        KSecDD - ok
17:50:48.0859 1580        Ktp3            (255243a645451d407bb46bb16ec616f2) C:\WINDOWS\system32\DRIVERS\Ktp3.sys
17:50:48.0859 1580        Ktp3 - ok
17:50:48.0906 1580        lbrtfdc - ok
17:50:49.0140 1580        LVHybrid        (7c12bb13661586035ca2c7d198c511a8) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
17:50:49.0718 1580        LVHybrid - ok
17:50:49.0828 1580        MBAMSwissArmy  (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:50:49.0828 1580        MBAMSwissArmy - ok
17:50:49.0937 1580        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:50:49.0968 1580        mnmdd - ok
17:50:50.0093 1580        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
17:50:50.0093 1580        Modem - ok
17:50:50.0156 1580        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:50:50.0156 1580        Mouclass - ok
17:50:50.0203 1580        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:50:50.0203 1580        mouhid - ok
17:50:50.0250 1580        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:50:50.0312 1580        MountMgr - ok
17:50:50.0375 1580        MPE            (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:50:50.0375 1580        MPE - ok
17:50:50.0421 1580        mraid35x - ok
17:50:50.0515 1580        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:50:50.0515 1580        MRxDAV - ok
17:50:50.0625 1580        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:50:50.0843 1580        MRxSmb - ok
17:50:51.0203 1580        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:50:51.0312 1580        Msfs - ok
17:50:51.0718 1580        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:50:51.0718 1580        MSKSSRV - ok
17:50:51.0921 1580        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:50:51.0937 1580        MSPCLOCK - ok
17:50:52.0062 1580        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:50:52.0062 1580        MSPQM - ok
17:50:52.0187 1580        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:50:52.0218 1580        mssmbios - ok
17:50:52.0343 1580        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
17:50:52.0406 1580        MSTEE - ok
17:50:52.0453 1580        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:50:52.0625 1580        Mup - ok
17:50:52.0671 1580        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:50:52.0687 1580        NABTSFEC - ok
17:50:52.0765 1580        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:50:52.0953 1580        NDIS - ok
17:50:53.0046 1580        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:50:53.0062 1580        NdisIP - ok
17:50:53.0109 1580        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:50:53.0109 1580        NdisTapi - ok
17:50:53.0171 1580        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:50:53.0218 1580        Ndisuio - ok
17:50:53.0359 1580        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:50:53.0390 1580        NdisWan - ok
17:50:53.0453 1580        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:50:53.0609 1580        NDProxy - ok
17:50:53.0781 1580        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:50:53.0812 1580        NetBIOS - ok
17:50:54.0000 1580        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:50:54.0062 1580        NetBT - ok
17:50:54.0171 1580        NIC1394        (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:50:54.0203 1580        NIC1394 - ok
17:50:54.0250 1580        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:50:54.0390 1580        Npfs - ok
17:50:54.0718 1580        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:50:55.0000 1580        Ntfs - ok
17:50:55.0546 1580        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:50:55.0656 1580        Null - ok
17:50:56.0046 1580        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:50:56.0062 1580        NwlnkFlt - ok
17:50:56.0156 1580        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:50:56.0187 1580        NwlnkFwd - ok
17:50:56.0234 1580        ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:50:56.0250 1580        ohci1394 - ok
17:50:56.0296 1580        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
17:50:56.0359 1580        Parport - ok
17:50:56.0437 1580        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:50:56.0515 1580        PartMgr - ok
17:50:56.0609 1580        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:50:56.0640 1580        ParVdm - ok
17:50:56.0703 1580        PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
17:50:56.0750 1580        PCANDIS5 - ok
17:50:56.0796 1580        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
17:50:56.0796 1580        PCI - ok
17:50:56.0859 1580        PCIDump - ok
17:50:56.0937 1580        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:50:56.0937 1580        PCIIde - ok
17:50:57.0000 1580        PCLEPCI        (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
17:50:57.0015 1580        PCLEPCI - ok
17:50:57.0156 1580        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:50:57.0218 1580        Pcmcia - ok
17:50:57.0312 1580        PDCOMP - ok
17:50:57.0500 1580        PDFRAME - ok
17:50:57.0578 1580        PDRELI - ok
17:50:57.0656 1580        PDRFRAME - ok
17:50:57.0718 1580        perc2 - ok
17:50:57.0750 1580        perc2hib - ok
17:50:57.0921 1580        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:50:57.0937 1580        PptpMiniport - ok
17:50:58.0218 1580        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
17:50:58.0234 1580        Processor - ok
17:50:58.0421 1580        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:50:58.0453 1580        PSched - ok
17:50:58.0531 1580        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:50:58.0546 1580        Ptilink - ok
17:50:58.0593 1580        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:50:58.0593 1580        PxHelp20 - ok
17:50:58.0625 1580        ql1080 - ok
17:50:58.0703 1580        Ql10wnt - ok
17:50:58.0765 1580        ql12160 - ok
17:50:58.0796 1580        ql1240 - ok
17:50:58.0828 1580        ql1280 - ok
17:50:58.0906 1580        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:50:58.0921 1580        RasAcd - ok
17:50:59.0031 1580        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:50:59.0046 1580        Rasl2tp - ok
17:50:59.0140 1580        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:50:59.0156 1580        RasPppoe - ok
17:50:59.0250 1580        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:50:59.0265 1580        Raspti - ok
17:50:59.0406 1580        Rdbss          (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:50:59.0437 1580        Rdbss - ok
17:50:59.0515 1580        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:50:59.0515 1580        RDPCDD - ok
17:50:59.0625 1580        RDPWD          (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:50:59.0656 1580        RDPWD - ok
17:50:59.0750 1580        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:50:59.0765 1580        redbook - ok
17:50:59.0875 1580        rmedia          (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
17:50:59.0906 1580        rmedia - ok
17:50:59.0968 1580        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:50:59.0968 1580        ROOTMODEM - ok
17:51:00.0062 1580        RTL8023xp      (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
17:51:00.0093 1580        RTL8023xp - ok
17:51:00.0156 1580        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:51:00.0156 1580        rtl8139 - ok
17:51:00.0296 1580        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:51:00.0296 1580        Secdrv - ok
17:51:00.0375 1580        Serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:51:00.0375 1580        Serenum - ok
17:51:00.0421 1580        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
17:51:00.0625 1580        Serial - ok
17:51:00.0734 1580        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:51:00.0734 1580        Sfloppy - ok
17:51:00.0812 1580        Simbad - ok
17:51:00.0875 1580        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:51:00.0890 1580        SLIP - ok
17:51:00.0953 1580        Sparrow - ok
17:51:01.0109 1580        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:51:01.0125 1580        splitter - ok
17:51:01.0281 1580        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:51:01.0328 1580        sr - ok
17:51:01.0515 1580        Srv            (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:51:01.0671 1580        Srv - ok
17:51:01.0765 1580        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:51:01.0765 1580        ssmdrv - ok
17:51:01.0875 1580        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:51:01.0875 1580        streamip - ok
17:51:01.0968 1580        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:51:01.0968 1580        swenum - ok
17:51:02.0015 1580        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:51:02.0015 1580        swmidi - ok
17:51:02.0046 1580        symc810 - ok
17:51:02.0078 1580        symc8xx - ok
17:51:02.0140 1580        sym_hi - ok
17:51:02.0171 1580        sym_u3 - ok
17:51:02.0218 1580        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:51:02.0234 1580        sysaudio - ok
17:51:02.0500 1580        Tcpip          (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:51:02.0593 1580        Tcpip - ok
17:51:02.0687 1580        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:51:02.0875 1580        TDPIPE - ok
17:51:02.0953 1580        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:51:03.0062 1580        TDTCP - ok
17:51:03.0125 1580        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:51:03.0140 1580        TermDD - ok
17:51:03.0187 1580        TosIde - ok
17:51:03.0296 1580        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:51:03.0343 1580        Udfs - ok
17:51:03.0421 1580        ultra - ok
17:51:03.0500 1580        Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:51:03.0515 1580        Update - ok
17:51:03.0593 1580        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:51:03.0609 1580        usbaudio - ok
17:51:03.0656 1580        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:51:03.0703 1580        usbccgp - ok
17:51:03.0734 1580        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:51:03.0734 1580        usbehci - ok
17:51:03.0796 1580        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:51:03.0812 1580        usbhub - ok
17:51:03.0828 1580        usbohci        (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:51:03.0828 1580        usbohci - ok
17:51:03.0937 1580        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:51:03.0953 1580        usbscan - ok
17:51:04.0015 1580        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:51:04.0031 1580        USBSTOR - ok
17:51:04.0125 1580        VComm          (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
17:51:04.0140 1580        VComm - ok
17:51:04.0203 1580        VcommMgr        (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
17:51:04.0234 1580        VcommMgr - ok
17:51:04.0312 1580        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:51:04.0343 1580        VgaSave - ok
17:51:04.0375 1580        ViaIde - ok
17:51:04.0453 1580        VNUSB          (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
17:51:04.0468 1580        VNUSB - ok
17:51:04.0531 1580        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
17:51:04.0578 1580        VolSnap - ok
17:51:04.0656 1580        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:51:04.0671 1580        Wanarp - ok
17:51:04.0734 1580        wanatw - ok
17:51:04.0765 1580        WDICA - ok
17:51:04.0843 1580        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:51:04.0859 1580        wdmaud - ok
17:51:05.0000 1580        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:51:05.0000 1580        WpdUsb - ok
17:51:05.0125 1580        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:51:05.0171 1580        WSTCODEC - ok
17:51:05.0375 1580        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:51:05.0406 1580        WudfPf - ok
17:51:05.0484 1580        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:51:05.0515 1580        WudfRd - ok
17:51:05.0625 1580        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:51:06.0593 1580        \Device\Harddisk0\DR0 - ok
17:51:06.0625 1580        Boot (0x1200)  (c2a45f1dca5aeb3928f61b90caa600a8) \Device\Harddisk0\DR0\Partition0
17:51:06.0750 1580        \Device\Harddisk0\DR0\Partition0 - ok
17:51:06.0796 1580        Boot (0x1200)  (332b190f6745cd253f6e7c5047aa5c34) \Device\Harddisk0\DR0\Partition1
17:51:06.0812 1580        \Device\Harddisk0\DR0\Partition1 - ok
17:51:06.0812 1580        ============================================================
17:51:06.0812 1580        Scan finished
17:51:06.0812 1580        ============================================================
17:51:06.0843 1520        Detected object count: 0
17:51:06.0843 1520        Actual detected object count: 0
17:52:03.0968 4004        Deinitialize success

Code:
19:28:13.0203 3704        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:28:13.0515 3704        ============================================================
19:28:13.0515 3704        Current date / time: 2012/01/02 19:28:13.0515
19:28:13.0515 3704        SystemInfo:
19:28:13.0515 3704       
19:28:13.0515 3704        OS Version: 5.1.2600 ServicePack: 2.0
19:28:13.0515 3704        Product type: Workstation
19:28:13.0515 3704        ComputerName: TARKAN
19:28:13.0515 3704        UserName: julchen
19:28:13.0515 3704        Windows directory: C:\WINDOWS
19:28:13.0515 3704        System windows directory: C:\WINDOWS
19:28:13.0515 3704        Processor architecture: Intel x86
19:28:13.0515 3704        Number of processors: 1
19:28:13.0515 3704        Page size: 0x1000
19:28:13.0515 3704        Boot type: Normal boot
19:28:13.0515 3704        ============================================================
19:28:17.0718 3704        Initialize success
19:28:39.0265 0128        Deinitialize success
Code:
14:09:14.0656 2892        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:09:15.0062 2892        ============================================================
14:09:15.0078 2892        Current date / time: 2012/01/02 14:09:15.0062
14:09:15.0078 2892        SystemInfo:
14:09:15.0078 2892       
14:09:15.0078 2892        OS Version: 5.1.2600 ServicePack: 2.0
14:09:15.0078 2892        Product type: Workstation
14:09:15.0078 2892        ComputerName: TARKAN
14:09:15.0078 2892        UserName: julchen
14:09:15.0078 2892        Windows directory: C:\WINDOWS
14:09:15.0078 2892        System windows directory: C:\WINDOWS
14:09:15.0078 2892        Processor architecture: Intel x86
14:09:15.0078 2892        Number of processors: 1
14:09:15.0078 2892        Page size: 0x1000
14:09:15.0078 2892        Boot type: Normal boot
14:09:15.0078 2892        ============================================================
14:09:19.0125 2892        Initialize success
14:09:27.0281 2268        Deinitialize success
Glaube nicht, dass ich das gelöscht habe, weiß es aber nicht 100% :pfeiff:

Ich benutze Mozilla Firefox, den IE nutze ich nicht,
was du mit service pack meinst, weiß ich noch nicht mal...kann man das irgendwie aktualisieren?
und wie gesagt...ich versteh nix von rechnern...
beste grüße
j.

cosinus 05.01.2012 15:54
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2010.08.05 17:18:01 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2011.11.06 14:12:51 | 000,000,000 | ---D | M] (Zotero) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu
[2011.11.06 14:23:00 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.17 13:07:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jujumitwurm 05.01.2012 16:40
hier das log:
Code:
Error: Unable to interpret <14:09:14.0656 2892        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16> in the current context!
Error: Unable to interpret <14:09:15.0062 2892        ============================================================> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Current date / time: 2012/01/02 14:09:15.0062> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        SystemInfo:> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        > in the current context!
Error: Unable to interpret <14:09:15.0078 2892        OS Version: 5.1.2600 ServicePack: 2.0> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Product type: Workstation> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        ComputerName: TARKAN> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        UserName: julchen> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Windows directory: C:\WINDOWS> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        System windows directory: C:\WINDOWS> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Processor architecture: Intel x86> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Number of processors: 1> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Page size: 0x1000> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        Boot type: Normal boot> in the current context!
Error: Unable to interpret <14:09:15.0078 2892        ============================================================> in the current context!
Error: Unable to interpret <14:09:19.0125 2892        Initialize success> in the current context!
Error: Unable to interpret <14:09:27.0281 2268        Deinitialize success> in the current context!
 
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_163702
danke und gruß
j.

cosinus 05.01.2012 16:48
Bitte mal vorher prüfen was du kopierst in das Textfeld von OTL!!

jujumitwurm 05.01.2012 17:02
sorry schon wieder

Code:
All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\lib folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\scripts folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\resource folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\install folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-8.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-7.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-6.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-5.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ed3908-8b42-11d9-8d3b-806d6172696f}\ not found.
D:\AUTORUN.EXE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58658fe2-8bb6-11d9-b435-0011091f4734}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86dea630-8bb6-11d9-b1cc-806d6172696f}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{906a1bae-8c53-11d9-9947-806d6172696f}\ not found.
File D:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fc63a8a-8678-11d9-978e-806d6172696f}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dea7350a-8b3d-11d9-b428-0011091f4734}\ not found.
File D:\AUTORUN.EXE not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 41 bytes
 
User: julchen
->Temp folder emptied: 237879658 bytes
->Temporary Internet Files folder emptied: 24686336 bytes
->Java cache emptied: 9183987 bytes
->FireFox cache emptied: 99747269 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1901690 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 26643793 bytes
 
User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 40205116 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4182407 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180121907 bytes
RecycleBin emptied: 575397484 bytes
 
Total Files Cleaned = 1.145,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_165333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 05.01.2012 20:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

jujumitwurm 06.01.2012 13:02
salut, hier das log von tdss killer
Code:
12:54:17.0234 3516        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:54:19.0234 3516        ============================================================
12:54:19.0234 3516        Current date / time: 2012/01/06 12:54:19.0234
12:54:19.0234 3516        SystemInfo:
12:54:19.0234 3516       
12:54:19.0234 3516        OS Version: 5.1.2600 ServicePack: 2.0
12:54:19.0234 3516        Product type: Workstation
12:54:19.0234 3516        ComputerName: TARKAN
12:54:19.0234 3516        UserName: julchen
12:54:19.0234 3516        Windows directory: C:\WINDOWS
12:54:19.0234 3516        System windows directory: C:\WINDOWS
12:54:19.0234 3516        Processor architecture: Intel x86
12:54:19.0234 3516        Number of processors: 1
12:54:19.0234 3516        Page size: 0x1000
12:54:19.0234 3516        Boot type: Normal boot
12:54:19.0234 3516        ============================================================
12:54:20.0781 3516        Initialize success
12:56:00.0296 2172        ============================================================
12:56:00.0296 2172        Scan started
12:56:00.0296 2172        Mode: Manual; SigCheck; TDLFS;
12:56:00.0296 2172        ============================================================
12:56:00.0578 2172        Abiosdsk - ok
12:56:00.0625 2172        abp480n5 - ok
12:56:00.0703 2172        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:56:02.0468 2172        ACPI - ok
12:56:02.0578 2172        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:56:02.0718 2172        ACPIEC - ok
12:56:02.0750 2172        adfs - ok
12:56:02.0796 2172        adpu160m - ok
12:56:02.0859 2172        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
12:56:03.0234 2172        aec - ok
12:56:03.0281 2172        AFD            (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:56:03.0328 2172        AFD - ok
12:56:03.0421 2172        AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:56:03.0562 2172        AgereSoftModem - ok
12:56:03.0593 2172        Aha154x - ok
12:56:03.0609 2172        aic78u2 - ok
12:56:03.0640 2172        aic78xx - ok
12:56:03.0765 2172        ALCXWDM        (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:56:04.0093 2172        ALCXWDM - ok
12:56:04.0140 2172        AliIde - ok
12:56:04.0187 2172        AmdK8          (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:56:04.0234 2172        AmdK8 - ok
12:56:04.0250 2172        amsint - ok
12:56:04.0312 2172        Arp1394        (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:56:04.0468 2172        Arp1394 - ok
12:56:04.0515 2172        ASAPIW2k        (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
12:56:04.0515 2172        ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
12:56:04.0515 2172        ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
12:56:04.0531 2172        asc - ok
12:56:04.0562 2172        asc3350p - ok
12:56:04.0578 2172        asc3550 - ok
12:56:04.0640 2172        ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
12:56:04.0656 2172        ASCTRM ( UnsignedFile.Multi.Generic ) - warning
12:56:04.0656 2172        ASCTRM - detected UnsignedFile.Multi.Generic (1)
12:56:04.0718 2172        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:56:04.0859 2172        AsyncMac - ok
12:56:04.0906 2172        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:56:05.0062 2172        atapi - ok
12:56:05.0078 2172        Atdisk - ok
12:56:05.0156 2172        ati2mtag        (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:56:05.0296 2172        ati2mtag - ok
12:56:05.0343 2172        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:56:05.0468 2172        Atmarpc - ok
12:56:05.0515 2172        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:56:05.0656 2172        audstub - ok
12:56:05.0765 2172        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:56:05.0796 2172        avgio - ok
12:56:05.0828 2172        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:56:05.0921 2172        avgntflt - ok
12:56:05.0953 2172        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:56:05.0968 2172        avipbb - ok
12:56:06.0015 2172        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:56:06.0171 2172        Beep - ok
12:56:06.0218 2172        BlueletAudio    (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:56:06.0234 2172        BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0234 2172        BlueletAudio - detected UnsignedFile.Multi.Generic (1)
12:56:06.0281 2172        BT              (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:56:06.0281 2172        BT ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0281 2172        BT - detected UnsignedFile.Multi.Generic (1)
12:56:06.0328 2172        Btcsrusb        (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
12:56:06.0343 2172        Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0343 2172        Btcsrusb - detected UnsignedFile.Multi.Generic (1)
12:56:06.0375 2172        BTHidEnum      (083ad7f6ff500d0a93c0bea2cf298c93) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
12:56:06.0390 2172        BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0390 2172        BTHidEnum - detected UnsignedFile.Multi.Generic (1)
12:56:06.0421 2172        BTHidMgr        (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:56:06.0437 2172        BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0437 2172        BTHidMgr - detected UnsignedFile.Multi.Generic (1)
12:56:06.0484 2172        CB54G3          (02aaa5a6414b0d5cc0717b84fb74c4bb) C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
12:56:06.0515 2172        CB54G3 - ok
12:56:06.0562 2172        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:56:06.0718 2172        cbidf2k - ok
12:56:06.0750 2172        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:56:06.0906 2172        CCDECODE - ok
12:56:06.0921 2172        cd20xrnt - ok
12:56:06.0953 2172        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:56:07.0093 2172        Cdaudio - ok
12:56:07.0140 2172        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:56:07.0250 2172        Cdfs - ok
12:56:07.0281 2172        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:56:07.0421 2172        Cdrom - ok
12:56:07.0437 2172        Changer - ok
12:56:07.0500 2172        CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:56:07.0609 2172        CmBatt - ok
12:56:07.0625 2172        CmdIde - ok
12:56:07.0656 2172        Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:56:07.0796 2172        Compbatt - ok
12:56:07.0828 2172        Cpqarray - ok
12:56:07.0859 2172        dac2w2k - ok
12:56:07.0875 2172        dac960nt - ok
12:56:07.0906 2172        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:56:08.0015 2172        Disk - ok
12:56:08.0093 2172        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
12:56:08.0281 2172        dmboot - ok
12:56:08.0328 2172        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
12:56:08.0468 2172        dmio - ok
12:56:08.0500 2172        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:56:08.0640 2172        dmload - ok
12:56:08.0687 2172        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:56:08.0812 2172        DMusic - ok
12:56:08.0843 2172        dpti2o - ok
12:56:08.0875 2172        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:56:09.0015 2172        drmkaud - ok
12:56:09.0062 2172        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:56:09.0203 2172        Fastfat - ok
12:56:09.0234 2172        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
12:56:09.0359 2172        Fdc - ok
12:56:09.0406 2172        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
12:56:09.0531 2172        Fips - ok
12:56:09.0546 2172        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:56:09.0687 2172        Flpydisk - ok
12:56:09.0718 2172        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:56:10.0125 2172        FltMgr - ok
12:56:10.0140 2172        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:56:10.0265 2172        Fs_Rec - ok
12:56:10.0296 2172        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:56:10.0421 2172        Ftdisk - ok
12:56:10.0453 2172        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:56:10.0593 2172        Gpc - ok
12:56:10.0640 2172        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:56:10.0765 2172        HidUsb - ok
12:56:10.0781 2172        hpn - ok
12:56:10.0843 2172        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:56:10.0890 2172        HTTP - ok
12:56:10.0921 2172        i2omgmt - ok
12:56:10.0937 2172        i2omp - ok
12:56:10.0968 2172        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:56:11.0093 2172        i8042prt - ok
12:56:11.0140 2172        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:56:11.0265 2172        Imapi - ok
12:56:11.0296 2172        ini910u - ok
12:56:11.0312 2172        IntelIde - ok
12:56:11.0359 2172        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:56:11.0515 2172        Ip6Fw - ok
12:56:11.0546 2172        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:56:11.0687 2172        IpFilterDriver - ok
12:56:11.0734 2172        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:56:11.0875 2172        IpInIp - ok
12:56:11.0921 2172        IpNat          (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:56:12.0359 2172        IpNat - ok
12:56:12.0421 2172        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:56:12.0531 2172        IPSec - ok
12:56:12.0578 2172        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:56:12.0640 2172        IRENUM - ok
12:56:12.0687 2172        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:56:12.0812 2172        isapnp - ok
12:56:12.0843 2172        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:56:12.0953 2172        Kbdclass - ok
12:56:13.0015 2172        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
12:56:13.0421 2172        kmixer - ok
12:56:13.0484 2172        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:56:13.0562 2172        KSecDD - ok
12:56:13.0609 2172        Ktp3            (255243a645451d407bb46bb16ec616f2) C:\WINDOWS\system32\DRIVERS\Ktp3.sys
12:56:13.0656 2172        Ktp3 - ok
12:56:13.0671 2172        lbrtfdc - ok
12:56:13.0796 2172        LVHybrid        (7c12bb13661586035ca2c7d198c511a8) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
12:56:13.0890 2172        LVHybrid - ok
12:56:13.0968 2172        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:56:14.0218 2172        mnmdd - ok
12:56:14.0281 2172        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
12:56:14.0406 2172        Modem - ok
12:56:14.0421 2172        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:56:14.0546 2172        Mouclass - ok
12:56:14.0593 2172        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:56:14.0718 2172        mouhid - ok
12:56:14.0750 2172        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:56:14.0875 2172        MountMgr - ok
12:56:14.0921 2172        MPE            (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:56:15.0062 2172        MPE - ok
12:56:15.0078 2172        mraid35x - ok
12:56:15.0125 2172        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:56:15.0578 2172        MRxDAV - ok
12:56:15.0640 2172        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:56:15.0703 2172        MRxSmb - ok
12:56:15.0765 2172        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:56:15.0890 2172        Msfs - ok
12:56:15.0937 2172        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:56:16.0062 2172        MSKSSRV - ok
12:56:16.0093 2172        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:56:16.0234 2172        MSPCLOCK - ok
12:56:16.0265 2172        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:56:16.0421 2172        MSPQM - ok
12:56:16.0453 2172        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:56:16.0578 2172        mssmbios - ok
12:56:16.0625 2172        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:56:16.0750 2172        MSTEE - ok
12:56:16.0781 2172        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:56:16.0906 2172        Mup - ok
12:56:17.0000 2172        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:56:17.0125 2172        NABTSFEC - ok
12:56:17.0187 2172        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:56:17.0328 2172        NDIS - ok
12:56:17.0359 2172        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:56:17.0515 2172        NdisIP - ok
12:56:17.0546 2172        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:56:17.0656 2172        NdisTapi - ok
12:56:17.0687 2172        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:56:17.0812 2172        Ndisuio - ok
12:56:17.0828 2172        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:56:17.0968 2172        NdisWan - ok
12:56:17.0984 2172        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:56:18.0109 2172        NDProxy - ok
12:56:18.0140 2172        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:56:18.0265 2172        NetBIOS - ok
12:56:18.0328 2172        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:56:18.0453 2172        NetBT - ok
12:56:18.0515 2172        NIC1394        (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:56:18.0640 2172        NIC1394 - ok
12:56:18.0671 2172        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:56:18.0796 2172        Npfs - ok
12:56:18.0890 2172        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
12:56:19.0328 2172        Ntfs - ok
12:56:19.0375 2172        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:56:19.0531 2172        Null - ok
12:56:19.0562 2172        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:56:19.0687 2172        NwlnkFlt - ok
12:56:19.0734 2172        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:56:19.0875 2172        NwlnkFwd - ok
12:56:19.0906 2172        ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:56:20.0062 2172        ohci1394 - ok
12:56:20.0109 2172        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
12:56:20.0234 2172        Parport - ok
12:56:20.0265 2172        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:56:20.0406 2172        PartMgr - ok
12:56:20.0453 2172        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:56:20.0593 2172        ParVdm - ok
12:56:20.0625 2172        PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
12:56:20.0671 2172        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:56:20.0671 2172        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
12:56:20.0687 2172        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
12:56:20.0843 2172        PCI - ok
12:56:20.0859 2172        PCIDump - ok
12:56:20.0890 2172        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:56:21.0000 2172        PCIIde - ok
12:56:21.0046 2172        PCLEPCI        (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
12:56:21.0062 2172        PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
12:56:21.0062 2172        PCLEPCI - detected UnsignedFile.Multi.Generic (1)
12:56:21.0109 2172        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:56:21.0218 2172        Pcmcia - ok
12:56:21.0250 2172        PDCOMP - ok
12:56:21.0265 2172        PDFRAME - ok
12:56:21.0281 2172        PDRELI - ok
12:56:21.0296 2172        PDRFRAME - ok
12:56:21.0328 2172        perc2 - ok
12:56:21.0343 2172        perc2hib - ok
12:56:21.0421 2172        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:56:21.0515 2172        PptpMiniport - ok
12:56:21.0562 2172        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
12:56:21.0703 2172        Processor - ok
12:56:21.0734 2172        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:56:21.0859 2172        PSched - ok
12:56:21.0890 2172        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:56:22.0000 2172        Ptilink - ok
12:56:22.0031 2172        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:56:22.0031 2172        PxHelp20 - ok
12:56:22.0046 2172        ql1080 - ok
12:56:22.0078 2172        Ql10wnt - ok
12:56:22.0093 2172        ql12160 - ok
12:56:22.0109 2172        ql1240 - ok
12:56:22.0125 2172        ql1280 - ok
12:56:22.0156 2172        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:56:22.0265 2172        RasAcd - ok
12:56:22.0312 2172        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:56:22.0421 2172        Rasl2tp - ok
12:56:22.0437 2172        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:56:22.0546 2172        RasPppoe - ok
12:56:22.0578 2172        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:56:22.0703 2172        Raspti - ok
12:56:22.0750 2172        Rdbss          (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:56:23.0140 2172        Rdbss - ok
12:56:23.0187 2172        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:56:23.0328 2172        RDPCDD - ok
12:56:23.0375 2172        RDPWD          (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
12:56:23.0765 2172        RDPWD - ok
12:56:23.0828 2172        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:56:23.0953 2172        redbook - ok
12:56:24.0000 2172        rmedia          (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
12:56:24.0031 2172        rmedia - ok
12:56:24.0062 2172        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:56:24.0203 2172        ROOTMODEM - ok
12:56:24.0250 2172        RTL8023xp      (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
12:56:24.0312 2172        RTL8023xp - ok
12:56:24.0359 2172        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:56:24.0484 2172        rtl8139 - ok
12:56:24.0546 2172        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:56:24.0984 2172        Secdrv - ok
12:56:25.0015 2172        Serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:56:25.0140 2172        Serenum - ok
12:56:25.0171 2172        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
12:56:25.0281 2172        Serial - ok
12:56:25.0312 2172        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:56:25.0437 2172        Sfloppy - ok
12:56:25.0453 2172        Simbad - ok
12:56:25.0484 2172        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:56:25.0609 2172        SLIP - ok
12:56:25.0640 2172        Sparrow - ok
12:56:25.0671 2172        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
12:56:26.0031 2172        splitter - ok
12:56:26.0078 2172        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
12:56:26.0156 2172        sr - ok
12:56:26.0218 2172        Srv            (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:56:26.0281 2172        Srv - ok
12:56:26.0328 2172        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:56:26.0343 2172        ssmdrv - ok
12:56:26.0375 2172        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:56:26.0484 2172        streamip - ok
12:56:26.0531 2172        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:56:26.0671 2172        swenum - ok
12:56:26.0718 2172        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:56:26.0859 2172        swmidi - ok
12:56:26.0890 2172        symc810 - ok
12:56:26.0906 2172        symc8xx - ok
12:56:26.0921 2172        sym_hi - ok
12:56:26.0937 2172        sym_u3 - ok
12:56:26.0984 2172        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:56:27.0125 2172        sysaudio - ok
12:56:27.0187 2172        Tcpip          (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:56:27.0281 2172        Tcpip - ok
12:56:27.0343 2172        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:56:27.0484 2172        TDPIPE - ok
12:56:27.0515 2172        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:56:27.0656 2172        TDTCP - ok
12:56:27.0687 2172        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:56:27.0828 2172        TermDD - ok
12:56:27.0859 2172        TosIde - ok
12:56:27.0921 2172        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:56:28.0046 2172        Udfs - ok
12:56:28.0062 2172        ultra - ok
12:56:28.0109 2172        Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:56:28.0234 2172        Update - ok
12:56:28.0296 2172        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
12:56:28.0406 2172        usbaudio - ok
12:56:28.0453 2172        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:56:28.0609 2172        usbccgp - ok
12:56:28.0640 2172        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:56:28.0765 2172        usbehci - ok
12:56:28.0796 2172        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:56:28.0937 2172        usbhub - ok
12:56:28.0953 2172        usbohci        (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:56:29.0093 2172        usbohci - ok
12:56:29.0140 2172        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:56:29.0296 2172        usbscan - ok
12:56:29.0328 2172        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:56:29.0484 2172        USBSTOR - ok
12:56:29.0531 2172        VComm          (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
12:56:29.0531 2172        VComm ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0531 2172        VComm - detected UnsignedFile.Multi.Generic (1)
12:56:29.0578 2172        VcommMgr        (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:56:29.0593 2172        VcommMgr ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0593 2172        VcommMgr - detected UnsignedFile.Multi.Generic (1)
12:56:29.0625 2172        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:56:29.0750 2172        VgaSave - ok
12:56:29.0765 2172        ViaIde - ok
12:56:29.0843 2172        VNUSB          (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
12:56:29.0843 2172        VNUSB ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0843 2172        VNUSB - detected UnsignedFile.Multi.Generic (1)
12:56:29.0890 2172        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
12:56:30.0046 2172        VolSnap - ok
12:56:30.0109 2172        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:56:30.0250 2172        Wanarp - ok
12:56:30.0265 2172        wanatw - ok
12:56:30.0281 2172        WDICA - ok
12:56:30.0328 2172        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
12:56:30.0765 2172        wdmaud - ok
12:56:30.0875 2172        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:56:30.0937 2172        WpdUsb - ok
12:56:30.0984 2172        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:56:31.0093 2172        WSTCODEC - ok
12:56:31.0140 2172        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:56:31.0171 2172        WudfPf - ok
12:56:31.0218 2172        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:56:31.0250 2172        WudfRd - ok
12:56:31.0328 2172        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:56:31.0640 2172        \Device\Harddisk0\DR0 - ok
12:56:31.0656 2172        Boot (0x1200)  (c2a45f1dca5aeb3928f61b90caa600a8) \Device\Harddisk0\DR0\Partition0
12:56:31.0656 2172        \Device\Harddisk0\DR0\Partition0 - ok
12:56:31.0671 2172        Boot (0x1200)  (8263ee10114c8d4dde341e12dd952423) \Device\Harddisk0\DR0\Partition1
12:56:31.0671 2172        \Device\Harddisk0\DR0\Partition1 - ok
12:56:31.0671 2172        ============================================================
12:56:31.0671 2172        Scan finished
12:56:31.0671 2172        ============================================================
12:56:31.0796 3492        Detected object count: 12
12:56:31.0796 3492        Actual detected object count: 12
12:56:55.0687 3492        ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492        ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492        ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492        ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492        BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492        BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492        BT ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492        BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492        VComm ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492        VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0718 3492        VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0718 3492        VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0718 3492        VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0718 3492        VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
danke für deine hilfe
j.

cosinus 06.01.2012 15:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

jujumitwurm 06.01.2012 16:50
hier das log von combofix Combofix Logfile:
Code:
ComboFix 12-01-06.01 - julchen 06.01.2012  16:34:44.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.43.1031.18.511.268 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\julchen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\IsUn0407.exe
D:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-05 15:37 . 2012-01-05 15:37        --------        d-----w-        C:\_OTL
2012-01-02 12:15 . 2012-01-02 12:15        --------        d-----w-        c:\programme\ESET
2012-01-01 16:28 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-01 16:28 . 2012-01-01 16:28        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-01 16:21 . 2012-01-01 16:21        --------        d-----w-        c:\windows\system32\wbem\Repository
2011-12-09 16:29 . 2011-12-09 16:30        --------        d-----w-        c:\dokumente und einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr
2011-12-09 16:27 . 2011-12-09 16:27        --------        d-----w-        c:\programme\Vizzed
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 88363]
"KTPWare"="c:\programme\Elantech\ktp3.exe" [2005-01-17 258048]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24        1694208        ------w-        c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-12-09 14:38        1937408        ----a-w-        c:\programme\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-02-18 00:49        110744        ----a-w-        c:\programme\CyberLink\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01        220552        ----a-w-        c:\programme\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18        413696        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-02-17 19:04        26112        ----a-w-        c:\programme\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-10 00:22        39408        ----a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Ahead\\SIPPS\\SIPPS.exe"=
"c:\\Programme\\Pinnacle\\Studio 9\\InstantInfo\\InstantInfo.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.12.2010 12:48 136360]
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [17.02.2005 13:46 148480]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [17.02.2005 14:00 24704]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [17.02.2005 13:45 1012608]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 22799970
*Deregistered* - 22799970
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-16 07:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-OEM-Reset - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 16:42
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-01-06  16:44:21
ComboFix-quarantined-files.txt  2012-01-06 15:44
.
Vor Suchlauf: 12 Verzeichnis(se), 41.094.557.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 41.114.988.544 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AllwaysOff /fastdetect
.
- - End Of File - - 6C9F5DF871137A0B7B2C1A2A0BAC425F
--- --- ---


schönen feierabend,j.

cosinus 06.01.2012 19:02
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Dirlook::
c:\dokumente und einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr
c:\programme\Vizzed
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:24 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28