Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Exploit.Java.CVE-2011-3544.jy + Weitere Viren? (https://www.trojaner-board.de/110834-exploit-java-cve-2011-3544-jy-viren.html)

xan1m0rphx 06.03.2012 21:43
ich werde es nocheinmal Scannen!
Ich habe i-wie die log File verschlampt -.-

xan1m0rphx 07.03.2012 00:00
hxxp://www.file-upload.net/download-4170668/Komplette-logs.zip.html


hier die komplette log datei!!
Danke für deine Hilfe!
Habe komplett neu gescannt, mit diesen "Codes" die sie mir bereit gestellt haben.

cosinus 07.03.2012 00:39
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 518637428
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.daemon-search.com/
IE - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=14823d1c00000000000000ff0eca649f
IE - HKU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-129560445-3818396582-2292848211-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-129560445-3818396582-2292848211-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\MSDCSC\dlxcc.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.07 10:31:44 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\Shell - "" = AutoRun
O33 - MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\Shell\AutoRun\command - "" = M:\pushinst.exe
O33 - MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\Shell\AutoRun\command - "" = K:\start.exe /checksection
O33 - MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe -- [2004.10.21 10:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
@Alternate Data Stream - 436 bytes -> C:\Users\Manuel\Desktop\Publication1.ppp:SummaryInformation
:Files
C:\Windows\system32\MSDCSC
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

xan1m0rphx 07.03.2012 04:50
Hallo, danke es hat Funktioniert logs sind hier unten :).
Ist es normal das nach diesem Vorgang, das Hochfahren länger dauert?
Als ich mich in mein benutzerkonto eingeloggt habe, musste ich erstmal eine Minute warten bis alles gebootet war.
Ich hoffe das war nur eine "ausnahme". :lach:
Und es ist ratsam nach diesen Trojanern die Passwörter zu changen oder?!

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\DefaultNetworkProfile| /E : value set successfully!
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-129560445-3818396582-2292848211-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MSDCSC\dlxcc.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54e3a53-6523-11e1-8d7c-bc53493c3cbb}\ not found.
File M:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d34618aa-49c6-11e1-8510-001d92e9f7cd}\ not found.
File K:\start.exe /checksection not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f53a6a2f-49c0-11e1-9b3e-806e6f6e6963}\ not found.
File move failed. F:\Launch.exe scheduled to be moved on reboot.
ADS C:\Users\Manuel\Desktop\Publication1.ppp:SummaryInformation deleted successfully.
========== FILES ==========
C:\Windows\system32\MSDCSC folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manuel
->Temp folder emptied: 8521675 bytes
->Temporary Internet Files folder emptied: 2320744 bytes
->Java cache emptied: 1638733 bytes
->FireFox cache emptied: 740752567 bytes
->Flash cache emptied: 2730 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 55296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24297576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 1392726014 bytes
 
Total Files Cleaned = 2.070,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.0 log created on 03072012_043102

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\Launch.exe scheduled to be moved on reboot.
C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Achja eine nebenfrage, wieso wurde Spybot search and Destroy entfernt?
hier auf diesen Board wurde wiese Programm empfohlen.. das verwirrt mich leicht.
Aber wenn das programm nicht nötig ist dann kann mir das ja nur Recht sein, schon eine Anwendung weniger. :)

cosinus 07.03.2012 10:15
Spybot wurde nicht entfernt, sondern der besch...eidene Teatimer. Den empfiehlt eigentlich keiner.

Zitat:
C:\Users\Manuel\Downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe
Was hast du da schon mit dem TDSS-Killer gemacht und warum lädst du dir das Teil ausgerechnet von Softonic?! :pfui:

xan1m0rphx 07.03.2012 14:42
Hab den TDSSKiller von Kaspersky runtergeladen da ich damals ( vor einigen Wochen) mal gedacht habe ein Rootkit scan kann nichts schaden, allerdings bin ich mit nicht mehr sicher ob es Funde gab!

Ich wurde nie darauf hingewiesen das Softonic so "schlimm" ist habe es als neutrales programm (Downlaoder) angesehen. :S

cosinus 07.03.2012 15:05
Log vom TDSS-Killer liegt direkt auf C: - alles posten!

xan1m0rphx 07.03.2012 15:17
TDSSKiller.2.5.5.0_08.02.2012_03.01.32_log:
Code:
2012/02/08 03:01:32.0145 6868        TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2012/02/08 03:01:35.0673 6868        Perform update action was selected
2012/02/08 03:01:35.0688 6064        Deinitialize success
TDSSKiller.2.7.10.0_02.03.2012_02.02.24_log:

Code:
02:02:24.0312 5900        TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
02:02:24.0468 5900        ============================================================
02:02:24.0468 5900        Current date / time: 2012/03/02 02:02:24.0468
02:02:24.0468 5900        SystemInfo:
02:02:24.0468 5900       
02:02:24.0468 5900        OS Version: 6.1.7600 ServicePack: 0.0
02:02:24.0468 5900        Product type: Workstation
02:02:24.0468 5900        ComputerName: UNKNOWN
02:02:24.0468 5900        UserName: Manuel
02:02:24.0468 5900        Windows directory: C:\Windows
02:02:24.0468 5900        System windows directory: C:\Windows
02:02:24.0468 5900        Running under WOW64
02:02:24.0468 5900        Processor architecture: Intel x64
02:02:24.0468 5900        Number of processors: 4
02:02:24.0468 5900        Page size: 0x1000
02:02:24.0468 5900        Boot type: Normal boot
02:02:24.0468 5900        ============================================================
02:02:28.0413 5900        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:02:28.0460 5900        \Device\Harddisk0\DR0:
02:02:28.0460 5900        MBR used
02:02:28.0460 5900        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:02:28.0460 5900        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E8F9000
02:02:28.0460 5900        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E92B800, BlocksNum 0x19258000
02:02:28.0585 5900        Initialize success
02:02:28.0585 5900        ============================================================
02:02:30.0987 3324        ============================================================
02:02:30.0987 3324        Scan started
02:02:30.0987 3324        Mode: Manual;
02:02:30.0987 3324        ============================================================
02:02:34.0589 3324        1394ohci - ok
02:02:34.0625 3324        ACPI - ok
02:02:34.0658 3324        AcpiPmi - ok
02:02:34.0756 3324        adp94xx - ok
02:02:34.0773 3324        adpahci - ok
02:02:34.0788 3324        adpu320 - ok
02:02:34.0835 3324        AFD - ok
02:02:34.0869 3324        agp440 - ok
02:02:34.0884 3324        aliide - ok
02:02:34.0983 3324        amdide - ok
02:02:35.0004 3324        amdiox64 - ok
02:02:35.0041 3324        AmdK8 - ok
02:02:35.0096 3324        amdkmdag - ok
02:02:35.0103 3324        amdkmdap - ok
02:02:35.0129 3324        AmdPPM - ok
02:02:35.0167 3324        amdsata - ok
02:02:35.0180 3324        amdsbs - ok
02:02:35.0195 3324        amdxata - ok
02:02:35.0226 3324        AODDriver4.0 - ok
02:02:35.0289 3324        AODDriver4.01 - ok
02:02:35.0351 3324        AppID - ok
02:02:35.0507 3324        arc - ok
02:02:35.0570 3324        arcsas - ok
02:02:35.0726 3324        AsyncMac - ok
02:02:35.0726 3324        atapi - ok
02:02:35.0835 3324        AtiHDAudioService - ok
02:02:36.0006 3324        b06bdrv - ok
02:02:36.0022 3324        b57nd60a - ok
02:02:36.0116 3324        Beep - ok
02:02:36.0240 3324        blbdrive - ok
02:02:36.0334 3324        bowser - ok
02:02:36.0365 3324        BrFiltLo - ok
02:02:36.0381 3324        BrFiltUp - ok
02:02:36.0396 3324        Brserid - ok
02:02:36.0396 3324        BrSerWdm - ok
02:02:36.0428 3324        BrUsbMdm - ok
02:02:36.0443 3324        BrUsbSer - ok
02:02:36.0474 3324        BTHMODEM - ok
02:02:36.0521 3324        cdfs - ok
02:02:36.0537 3324        cdrom - ok
02:02:36.0662 3324        circlass - ok
02:02:36.0677 3324        CLFS - ok
02:02:36.0786 3324        CmBatt - ok
02:02:36.0786 3324        cmdide - ok
02:02:36.0802 3324        CNG - ok
02:02:36.0802 3324        Compbatt - ok
02:02:36.0818 3324        CompFilter64 - ok
02:02:36.0833 3324        CompositeBus - ok
02:02:36.0849 3324        crcdisk - ok
02:02:36.0896 3324        CSC - ok
02:02:36.0942 3324        DfsC - ok
02:02:36.0958 3324        discache - ok
02:02:37.0052 3324        Disk - ok
02:02:37.0098 3324        drmkaud - ok
02:02:37.0145 3324        dtsoftbus01 - ok
02:02:37.0161 3324        DXGKrnl - ok
02:02:37.0223 3324        EagleX64 - ok
02:02:37.0239 3324        ebdrv - ok
02:02:37.0301 3324        elxstor - ok
02:02:37.0301 3324        ErrDev - ok
02:02:37.0332 3324        exfat - ok
02:02:37.0395 3324        fastfat - ok
02:02:37.0410 3324        fdc - ok
02:02:37.0426 3324        FileInfo - ok
02:02:37.0442 3324        Filetrace - ok
02:02:37.0457 3324        flpydisk - ok
02:02:37.0473 3324        FltMgr - ok
02:02:37.0504 3324        FsDepends - ok
02:02:37.0504 3324        Fs_Rec - ok
02:02:37.0566 3324        fvevol - ok
02:02:37.0613 3324        gagp30kx - ok
02:02:37.0613 3324        GEARAspiWDM - ok
02:02:37.0644 3324        hamachi - ok
02:02:37.0769 3324        hcw85cir - ok
02:02:37.0800 3324        HdAudAddService - ok
02:02:37.0832 3324        HDAudBus - ok
02:02:37.0847 3324        HidBatt - ok
02:02:37.0847 3324        HidBth - ok
02:02:37.0863 3324        HidIr - ok
02:02:37.0925 3324        HidUsb - ok
02:02:37.0972 3324        HpSAMD - ok
02:02:38.0003 3324        HTTP - ok
02:02:38.0003 3324        hwpolicy - ok
02:02:38.0050 3324        i8042prt - ok
02:02:38.0081 3324        iaStorV - ok
02:02:38.0128 3324        iirsp - ok
02:02:38.0190 3324        IntcAzAudAddService - ok
02:02:38.0190 3324        intelide - ok
02:02:38.0237 3324        intelppm - ok
02:02:38.0253 3324        IpFilterDriver - ok
02:02:38.0268 3324        IPMIDRV - ok
02:02:38.0268 3324        IPNAT - ok
02:02:38.0331 3324        IRENUM - ok
02:02:38.0346 3324        isapnp - ok
02:02:38.0346 3324        iScsiPrt - ok
02:02:38.0409 3324        johci - ok
02:02:38.0440 3324        kbdclass - ok
02:02:38.0456 3324        kbdhid - ok
02:02:38.0487 3324        KL1 - ok
02:02:38.0518 3324        kl2 - ok
02:02:38.0549 3324        KLIF - ok
02:02:38.0612 3324        KLIM6 - ok
02:02:38.0643 3324        klmouflt - ok
02:02:38.0658 3324        KSecDD - ok
02:02:38.0658 3324        KSecPkg - ok
02:02:38.0690 3324        ksthunk - ok
02:02:38.0799 3324        lltdio - ok
02:02:38.0861 3324        LSI_FC - ok
02:02:38.0892 3324        LSI_SAS - ok
02:02:38.0908 3324        LSI_SAS2 - ok
02:02:38.0939 3324        LSI_SCSI - ok
02:02:38.0986 3324        luafv - ok
02:02:39.0033 3324        LVRS64 - ok
02:02:39.0064 3324        LVUVC64 - ok
02:02:39.0080 3324        megasas - ok
02:02:39.0080 3324        MegaSR - ok
02:02:39.0267 3324        MEMSWEEP2 - ok
02:02:39.0314 3324        Modem - ok
02:02:39.0329 3324        monitor - ok
02:02:39.0360 3324        mouclass - ok
02:02:39.0423 3324        mouhid - ok
02:02:39.0423 3324        mountmgr - ok
02:02:39.0438 3324        mpio - ok
02:02:39.0454 3324        mpsdrv - ok
02:02:39.0454 3324        MRxDAV - ok
02:02:39.0470 3324        mrxsmb - ok
02:02:39.0485 3324        mrxsmb10 - ok
02:02:39.0485 3324        mrxsmb20 - ok
02:02:39.0501 3324        msahci - ok
02:02:39.0501 3324        msdsm - ok
02:02:39.0516 3324        Msfs - ok
02:02:39.0532 3324        mshidkmdf - ok
02:02:39.0532 3324        msisadrv - ok
02:02:39.0594 3324        MSKSSRV - ok
02:02:39.0641 3324        MSPCLOCK - ok
02:02:39.0688 3324        MSPQM - ok
02:02:39.0688 3324        MsRPC - ok
02:02:39.0704 3324        mssmbios - ok
02:02:39.0766 3324        MSTEE - ok
02:02:39.0766 3324        MTConfig - ok
02:02:39.0797 3324        Mup - ok
02:02:39.0860 3324        NativeWifiP - ok
02:02:39.0906 3324        NDIS - ok
02:02:39.0953 3324        NdisCap - ok
02:02:40.0000 3324        NdisTapi - ok
02:02:40.0047 3324        Ndisuio - ok
02:02:40.0062 3324        NdisWan - ok
02:02:40.0062 3324        NDProxy - ok
02:02:40.0109 3324        NetBIOS - ok
02:02:40.0109 3324        NetBT - ok
02:02:40.0296 3324        netr28ux - ok
02:02:40.0328 3324        nfrd960 - ok
02:02:40.0515 3324        NPF - ok
02:02:40.0515 3324        Npfs - ok
02:02:40.0593 3324        NPPTNT2 - ok
02:02:40.0593 3324        nsiproxy - ok
02:02:40.0608 3324        Ntfs - ok
02:02:40.0608 3324        Null - ok
02:02:40.0640 3324        nvraid - ok
02:02:40.0640 3324        nvstor - ok
02:02:40.0671 3324        nv_agp - ok
02:02:40.0671 3324        ohci1394 - ok
02:02:40.0749 3324        Parport - ok
02:02:40.0749 3324        partmgr - ok
02:02:40.0764 3324        pci - ok
02:02:40.0764 3324        pciide - ok
02:02:40.0780 3324        pcmcia - ok
02:02:40.0780 3324        pcw - ok
02:02:40.0796 3324        PEAUTH - ok
02:02:40.0952 3324        PptpMiniport - ok
02:02:40.0967 3324        Processor - ok
02:02:41.0108 3324        Psched - ok
02:02:41.0108 3324        ql2300 - ok
02:02:41.0123 3324        ql40xx - ok
02:02:41.0139 3324        QWAVEdrv - ok
02:02:41.0139 3324        RasAcd - ok
02:02:41.0201 3324        RasAgileVpn - ok
02:02:41.0217 3324        Rasl2tp - ok
02:02:41.0248 3324        RasPppoe - ok
02:02:41.0279 3324        RasSstp - ok
02:02:41.0279 3324        rdbss - ok
02:02:41.0295 3324        rdpbus - ok
02:02:41.0295 3324        RDPCDD - ok
02:02:41.0310 3324        RDPDR - ok
02:02:41.0342 3324        RDPENCDD - ok
02:02:41.0357 3324        RDPREFMP - ok
02:02:41.0373 3324        RDPWD - ok
02:02:41.0404 3324        rdyboost - ok
02:02:41.0498 3324        rspndr - ok
02:02:41.0576 3324        RTL8167 - ok
02:02:41.0576 3324        s3cap - ok
02:02:41.0591 3324        sbp2port - ok
02:02:41.0607 3324        scfilter - ok
02:02:41.0669 3324        ScreamBAudioSvc - ok
02:02:41.0716 3324        Serenum - ok
02:02:41.0732 3324        Serial - ok
02:02:41.0778 3324        sermouse - ok
02:02:41.0810 3324        sffdisk - ok
02:02:41.0810 3324        sffp_mmc - ok
02:02:41.0825 3324        sffp_sd - ok
02:02:41.0825 3324        sfloppy - ok
02:02:41.0872 3324        SiSRaid2 - ok
02:02:41.0888 3324        SiSRaid4 - ok
02:02:41.0919 3324        Smb - ok
02:02:41.0997 3324        spldr - ok
02:02:42.0215 3324        srv - ok
02:02:42.0231 3324        srv2 - ok
02:02:42.0231 3324        srvnet - ok
02:02:42.0324 3324        stexstor - ok
02:02:42.0356 3324        storflt - ok
02:02:42.0371 3324        storvsc - ok
02:02:42.0371 3324        swenum - ok
02:02:42.0527 3324        tap0801 - ok
02:02:42.0558 3324        tap0901 - ok
02:02:42.0574 3324        tapoas - ok
02:02:42.0621 3324        Tcpip - ok
02:02:42.0683 3324        TCPIP6 - ok
02:02:42.0683 3324        tcpipreg - ok
02:02:42.0730 3324        TDPIPE - ok
02:02:42.0746 3324        TDTCP - ok
02:02:42.0777 3324        tdx - ok
02:02:42.0792 3324        TermDD - ok
02:02:42.0855 3324        truecrypt - ok
02:02:42.0870 3324        tssecsrv - ok
02:02:42.0902 3324        tunnel - ok
02:02:42.0902 3324        uagp35 - ok
02:02:42.0917 3324        udfs - ok
02:02:42.0980 3324        uliagpkx - ok
02:02:42.0980 3324        umbus - ok
02:02:42.0995 3324        UmPass - ok
02:02:43.0120 3324        usbaudio - ok
02:02:43.0136 3324        usbccgp - ok
02:02:43.0151 3324        usbcir - ok
02:02:43.0167 3324        usbehci - ok
02:02:43.0167 3324        usbhub - ok
02:02:43.0182 3324        usbohci - ok
02:02:43.0182 3324        usbprint - ok
02:02:43.0198 3324        USBSTOR - ok
02:02:43.0198 3324        usbuhci - ok
02:02:43.0214 3324        usbvideo - ok
02:02:43.0276 3324        VBoxDrv - ok
02:02:43.0323 3324        VBoxNetAdp - ok
02:02:43.0338 3324        VBoxNetFlt - ok
02:02:43.0401 3324        VBoxUSBMon - ok
02:02:43.0416 3324        vdrvroot - ok
02:02:43.0463 3324        vga - ok
02:02:43.0479 3324        VgaSave - ok
02:02:43.0479 3324        vhdmp - ok
02:02:43.0494 3324        viaide - ok
02:02:43.0494 3324        vmbus - ok
02:02:43.0510 3324        VMBusHID - ok
02:02:43.0557 3324        volmgr - ok
02:02:43.0557 3324        volmgrx - ok
02:02:43.0572 3324        volsnap - ok
02:02:43.0604 3324        vsmraid - ok
02:02:43.0619 3324        vwifibus - ok
02:02:43.0650 3324        vwififlt - ok
02:02:43.0666 3324        WacomPen - ok
02:02:43.0760 3324        WANARP - ok
02:02:43.0822 3324        Wanarpv6 - ok
02:02:43.0838 3324        Wd - ok
02:02:43.0838 3324        Wdf01000 - ok
02:02:43.0884 3324        WfpLwf - ok
02:02:43.0900 3324        WIMMount - ok
02:02:44.0072 3324        WmiAcpi - ok
02:02:44.0181 3324        ws2ifsl - ok
02:02:44.0196 3324        WudfPf - ok
02:02:44.0274 3324        WUDFRd - ok
02:02:44.0462 3324        MBR (0x1B8)    (1854f68cee30696626621e5b0647ee3d) \Device\Harddisk0\DR0
02:02:44.0883 3324        \Device\Harddisk0\DR0 - ok
02:02:44.0898 3324        Boot (0x1200)  (89d1a493e0b8364a5128c29ecbbcc2f6) \Device\Harddisk0\DR0\Partition0
02:02:44.0898 3324        \Device\Harddisk0\DR0\Partition0 - ok
02:02:44.0945 3324        Boot (0x1200)  (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
02:02:44.0945 3324        \Device\Harddisk0\DR0\Partition1 - ok
02:02:44.0976 3324        Boot (0x1200)  (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
02:02:44.0976 3324        \Device\Harddisk0\DR0\Partition2 - ok
02:02:44.0976 3324        ============================================================
02:02:44.0976 3324        Scan finished
02:02:44.0976 3324        ============================================================
02:02:45.0008 6084        Detected object count: 0
02:02:45.0008 6084        Actual detected object count: 0
02:02:53.0666 5912        ============================================================
02:02:53.0666 5912        Scan started
02:02:53.0666 5912        Mode: Manual; SigCheck; TDLFS;
02:02:53.0666 5912        ============================================================
02:02:53.0946 5912        1394ohci - ok
02:02:53.0946 5912        ACPI - ok
02:02:53.0962 5912        AcpiPmi - ok
02:02:53.0962 5912        adp94xx - ok
02:02:53.0978 5912        adpahci - ok
02:02:53.0978 5912        adpu320 - ok
02:02:54.0009 5912        AFD - ok
02:02:54.0009 5912        agp440 - ok
02:02:54.0024 5912        aliide - ok
02:02:54.0040 5912        amdide - ok
02:02:54.0040 5912        amdiox64 - ok
02:02:54.0056 5912        AmdK8 - ok
02:02:54.0056 5912        amdkmdag - ok
02:02:54.0071 5912        amdkmdap - ok
02:02:54.0071 5912        AmdPPM - ok
02:02:54.0087 5912        amdsata - ok
02:02:54.0087 5912        amdsbs - ok
02:02:54.0102 5912        amdxata - ok
02:02:54.0102 5912        AODDriver4.0 - ok
02:02:54.0118 5912        AODDriver4.01 - ok
02:02:54.0118 5912        AppID - ok
02:02:54.0149 5912        arc - ok
02:02:54.0165 5912        arcsas - ok
02:02:54.0180 5912        AsyncMac - ok
02:02:54.0196 5912        atapi - ok
02:02:54.0196 5912        AtiHDAudioService - ok
02:02:54.0227 5912        b06bdrv - ok
02:02:54.0227 5912        b57nd60a - ok
02:02:54.0243 5912        Beep - ok
02:02:54.0258 5912        blbdrive - ok
02:02:54.0274 5912        bowser - ok
02:02:54.0290 5912        BrFiltLo - ok
02:02:54.0290 5912        BrFiltUp - ok
02:02:54.0305 5912        Brserid - ok
02:02:54.0321 5912        BrSerWdm - ok
02:02:54.0336 5912        BrUsbMdm - ok
02:02:54.0352 5912        BrUsbSer - ok
02:02:54.0383 5912        BTHMODEM - ok
02:02:54.0399 5912        cdfs - ok
02:02:54.0414 5912        cdrom - ok
02:02:54.0430 5912        circlass - ok
02:02:54.0430 5912        CLFS - ok
02:02:54.0461 5912        CmBatt - ok
02:02:54.0477 5912        cmdide - ok
02:02:54.0477 5912        CNG - ok
02:02:54.0492 5912        Compbatt - ok
02:02:54.0508 5912        CompFilter64 - ok
02:02:54.0508 5912        CompositeBus - ok
02:02:54.0524 5912        crcdisk - ok
02:02:54.0539 5912        CSC - ok
02:02:54.0555 5912        DfsC - ok
02:02:54.0570 5912        discache - ok
02:02:54.0570 5912        Disk - ok
02:02:54.0602 5912        drmkaud - ok
02:02:54.0602 5912        dtsoftbus01 - ok
02:02:54.0617 5912        DXGKrnl - ok
02:02:54.0617 5912        EagleX64 - ok
02:02:54.0633 5912        ebdrv - ok
02:02:54.0648 5912        elxstor - ok
02:02:54.0664 5912        ErrDev - ok
02:02:54.0680 5912        exfat - ok
02:02:54.0695 5912        fastfat - ok
02:02:54.0695 5912        fdc - ok
02:02:54.0711 5912        FileInfo - ok
02:02:54.0726 5912        Filetrace - ok
02:02:54.0742 5912        flpydisk - ok
02:02:54.0742 5912        FltMgr - ok
02:02:54.0758 5912        FsDepends - ok
02:02:54.0773 5912        Fs_Rec - ok
02:02:54.0773 5912        fvevol - ok
02:02:54.0789 5912        gagp30kx - ok
02:02:54.0789 5912        GEARAspiWDM - ok
02:02:54.0804 5912        hamachi - ok
02:02:54.0804 5912        hcw85cir - ok
02:02:54.0820 5912        HdAudAddService - ok
02:02:54.0820 5912        HDAudBus - ok
02:02:54.0836 5912        HidBatt - ok
02:02:54.0836 5912        HidBth - ok
02:02:54.0851 5912        HidIr - ok
02:02:54.0867 5912        HidUsb - ok
02:02:54.0882 5912        HpSAMD - ok
02:02:54.0882 5912        HTTP - ok
02:02:54.0898 5912        hwpolicy - ok
02:02:54.0898 5912        i8042prt - ok
02:02:54.0914 5912        iaStorV - ok
02:02:54.0929 5912        iirsp - ok
02:02:54.0945 5912        IntcAzAudAddService - ok
02:02:54.0945 5912        intelide - ok
02:02:54.0960 5912        intelppm - ok
02:02:54.0960 5912        IpFilterDriver - ok
02:02:54.0976 5912        IPMIDRV - ok
02:02:54.0992 5912        IPNAT - ok
02:02:54.0992 5912        IRENUM - ok
02:02:55.0007 5912        isapnp - ok
02:02:55.0007 5912        iScsiPrt - ok
02:02:55.0023 5912        johci - ok
02:02:55.0023 5912        kbdclass - ok
02:02:55.0038 5912        kbdhid - ok
02:02:55.0054 5912        KL1 - ok
02:02:55.0054 5912        kl2 - ok
02:02:55.0070 5912        KLIF - ok
02:02:55.0070 5912        KLIM6 - ok
02:02:55.0085 5912        klmouflt - ok
02:02:55.0085 5912        KSecDD - ok
02:02:55.0101 5912        KSecPkg - ok
02:02:55.0101 5912        ksthunk - ok
02:02:55.0132 5912        lltdio - ok
02:02:55.0148 5912        LSI_FC - ok
02:02:55.0148 5912        LSI_SAS - ok
02:02:55.0163 5912        LSI_SAS2 - ok
02:02:55.0163 5912        LSI_SCSI - ok
02:02:55.0179 5912        luafv - ok
02:02:55.0179 5912        LVRS64 - ok
02:02:55.0194 5912        LVUVC64 - ok
02:02:55.0210 5912        megasas - ok
02:02:55.0210 5912        MegaSR - ok
02:02:55.0226 5912        MEMSWEEP2 - ok
02:02:55.0226 5912        Modem - ok
02:02:55.0241 5912        monitor - ok
02:02:55.0257 5912        mouclass - ok
02:02:55.0257 5912        mouhid - ok
02:02:55.0272 5912        mountmgr - ok
02:02:55.0272 5912        mpio - ok
02:02:55.0288 5912        mpsdrv - ok
02:02:55.0288 5912        MRxDAV - ok
02:02:55.0304 5912        mrxsmb - ok
02:02:55.0304 5912        mrxsmb10 - ok
02:02:55.0319 5912        mrxsmb20 - ok
02:02:55.0319 5912        msahci - ok
02:02:55.0335 5912        msdsm - ok
02:02:55.0350 5912        Msfs - ok
02:02:55.0350 5912        mshidkmdf - ok
02:02:55.0366 5912        msisadrv - ok
02:02:55.0382 5912        MSKSSRV - ok
02:02:55.0382 5912        MSPCLOCK - ok
02:02:55.0397 5912        MSPQM - ok
02:02:55.0397 5912        MsRPC - ok
02:02:55.0413 5912        mssmbios - ok
02:02:55.0428 5912        MSTEE - ok
02:02:55.0428 5912        MTConfig - ok
02:02:55.0444 5912        Mup - ok
02:02:55.0460 5912        NativeWifiP - ok
02:02:55.0460 5912        NDIS - ok
02:02:55.0475 5912        NdisCap - ok
02:02:55.0475 5912        NdisTapi - ok
02:02:55.0491 5912        Ndisuio - ok
02:02:55.0491 5912        NdisWan - ok
02:02:55.0506 5912        NDProxy - ok
02:02:55.0506 5912        NetBIOS - ok
02:02:55.0506 5912        NetBT - ok
02:02:55.0538 5912        netr28ux - ok
02:02:55.0553 5912        nfrd960 - ok
02:02:55.0569 5912        NPF - ok
02:02:55.0584 5912        Npfs - ok
02:02:55.0600 5912        NPPTNT2 - ok
02:02:55.0600 5912        nsiproxy - ok
02:02:55.0616 5912        Ntfs - ok
02:02:55.0631 5912        Null - ok
02:02:55.0631 5912        nvraid - ok
02:02:55.0647 5912        nvstor - ok
02:02:55.0647 5912        nv_agp - ok
02:02:55.0662 5912        ohci1394 - ok
02:02:55.0678 5912        Parport - ok
02:02:55.0678 5912        partmgr - ok
02:02:55.0694 5912        pci - ok
02:02:55.0709 5912        pciide - ok
02:02:55.0709 5912        pcmcia - ok
02:02:55.0725 5912        pcw - ok
02:02:55.0725 5912        PEAUTH - ok
02:02:55.0787 5912        PptpMiniport - ok
02:02:55.0803 5912        Processor - ok
02:02:55.0818 5912        Psched - ok
02:02:55.0834 5912        ql2300 - ok
02:02:55.0834 5912        ql40xx - ok
02:02:55.0850 5912        QWAVEdrv - ok
02:02:55.0865 5912        RasAcd - ok
02:02:55.0865 5912        RasAgileVpn - ok
02:02:55.0881 5912        Rasl2tp - ok
02:02:55.0896 5912        RasPppoe - ok
02:02:55.0896 5912        RasSstp - ok
02:02:55.0896 5912        rdbss - ok
02:02:55.0912 5912        rdpbus - ok
02:02:55.0912 5912        RDPCDD - ok
02:02:55.0928 5912        RDPDR - ok
02:02:55.0943 5912        RDPENCDD - ok
02:02:55.0943 5912        RDPREFMP - ok
02:02:55.0959 5912        RDPWD - ok
02:02:55.0959 5912        rdyboost - ok
02:02:55.0990 5912        rspndr - ok
02:02:56.0006 5912        RTL8167 - ok
02:02:56.0006 5912        s3cap - ok
02:02:56.0021 5912        sbp2port - ok
02:02:56.0037 5912        scfilter - ok
02:02:56.0052 5912        ScreamBAudioSvc - ok
02:02:56.0084 5912        Serenum - ok
02:02:56.0084 5912        Serial - ok
02:02:56.0099 5912        sermouse - ok
02:02:56.0115 5912        sffdisk - ok
02:02:56.0130 5912        sffp_mmc - ok
02:02:56.0130 5912        sffp_sd - ok
02:02:56.0146 5912        sfloppy - ok
02:02:56.0162 5912        SiSRaid2 - ok
02:02:56.0162 5912        SiSRaid4 - ok
02:02:56.0177 5912        Smb - ok
02:02:56.0193 5912        spldr - ok
02:02:56.0224 5912        srv - ok
02:02:56.0224 5912        srv2 - ok
02:02:56.0240 5912        srvnet - ok
02:02:56.0255 5912        stexstor - ok
02:02:56.0271 5912        storflt - ok
02:02:56.0271 5912        storvsc - ok
02:02:56.0286 5912        swenum - ok
02:02:56.0302 5912        tap0801 - ok
02:02:56.0318 5912        tap0901 - ok
02:02:56.0333 5912        tapoas - ok
02:02:56.0333 5912        Tcpip - ok
02:02:56.0349 5912        TCPIP6 - ok
02:02:56.0364 5912        tcpipreg - ok
02:02:56.0364 5912        TDPIPE - ok
02:02:56.0380 5912        TDTCP - ok
02:02:56.0380 5912        tdx - ok
02:02:56.0396 5912        TermDD - ok
02:02:56.0427 5912        truecrypt - ok
02:02:56.0442 5912        tssecsrv - ok
02:02:56.0458 5912        tunnel - ok
02:02:56.0458 5912        uagp35 - ok
02:02:56.0474 5912        udfs - ok
02:02:56.0489 5912        uliagpkx - ok
02:02:56.0489 5912        umbus - ok
02:02:56.0505 5912        UmPass - ok
02:02:56.0520 5912        usbaudio - ok
02:02:56.0520 5912        usbccgp - ok
02:02:56.0536 5912        usbcir - ok
02:02:56.0536 5912        usbehci - ok
02:02:56.0552 5912        usbhub - ok
02:02:56.0552 5912        usbohci - ok
02:02:56.0567 5912        usbprint - ok
02:02:56.0583 5912        USBSTOR - ok
02:02:56.0583 5912        usbuhci - ok
02:02:56.0598 5912        usbvideo - ok
02:02:56.0598 5912        VBoxDrv - ok
02:02:56.0614 5912        VBoxNetAdp - ok
02:02:56.0614 5912        VBoxNetFlt - ok
02:02:56.0630 5912        VBoxUSBMon - ok
02:02:56.0630 5912        vdrvroot - ok
02:02:56.0645 5912        vga - ok
02:02:56.0661 5912        VgaSave - ok
02:02:56.0661 5912        vhdmp - ok
02:02:56.0676 5912        viaide - ok
02:02:56.0676 5912        vmbus - ok
02:02:56.0692 5912        VMBusHID - ok
02:02:56.0692 5912        volmgr - ok
02:02:56.0708 5912        volmgrx - ok
02:02:56.0708 5912        volsnap - ok
02:02:56.0723 5912        vsmraid - ok
02:02:56.0723 5912        vwifibus - ok
02:02:56.0739 5912        vwififlt - ok
02:02:56.0754 5912        WacomPen - ok
02:02:56.0754 5912        WANARP - ok
02:02:56.0770 5912        Wanarpv6 - ok
02:02:56.0786 5912        Wd - ok
02:02:56.0801 5912        Wdf01000 - ok
02:02:56.0832 5912        WfpLwf - ok
02:02:56.0832 5912        WIMMount - ok
02:02:56.0879 5912        WmiAcpi - ok
02:02:56.0910 5912        ws2ifsl - ok
02:02:56.0926 5912        WudfPf - ok
02:02:56.0942 5912        WUDFRd - ok
02:02:57.0020 5912        MBR (0x1B8)    (1854f68cee30696626621e5b0647ee3d) \Device\Harddisk0\DR0
02:02:57.0800 5912        \Device\Harddisk0\DR0 - ok
02:02:57.0846 5912        Boot (0x1200)  (89d1a493e0b8364a5128c29ecbbcc2f6) \Device\Harddisk0\DR0\Partition0
02:02:57.0846 5912        \Device\Harddisk0\DR0\Partition0 - ok
02:02:57.0893 5912        Boot (0x1200)  (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
02:02:57.0893 5912        \Device\Harddisk0\DR0\Partition1 - ok
02:02:57.0956 5912        Boot (0x1200)  (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
02:02:57.0956 5912        \Device\Harddisk0\DR0\Partition2 - ok
02:02:57.0956 5912        ============================================================
02:02:57.0956 5912        Scan finished
02:02:57.0956 5912        ============================================================
02:02:57.0956 3008        Detected object count: 0
02:02:57.0956 3008        Actual detected object count: 0
02:04:29.0421 3732        Deinitialize success
TDSSKiller.2.7.10.0_08.02.2012_03.02.32_log:
Code:
  03:02:33.0159 5092        TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
03:02:33.0986 5092        ============================================================
03:02:33.0986 5092        Current date / time: 2012/02/08 03:02:33.0986
03:02:33.0986 5092        SystemInfo:
03:02:33.0986 5092       
03:02:33.0986 5092        OS Version: 6.1.7600 ServicePack: 0.0
03:02:33.0986 5092        Product type: Workstation
03:02:33.0986 5092        ComputerName: UNKNOWN
03:02:33.0986 5092        UserName: Manuel
03:02:33.0986 5092        Windows directory: C:\Windows
03:02:33.0986 5092        System windows directory: C:\Windows
03:02:33.0986 5092        Running under WOW64
03:02:33.0986 5092        Processor architecture: Intel x64
03:02:33.0986 5092        Number of processors: 4
03:02:33.0986 5092        Page size: 0x1000
03:02:33.0986 5092        Boot type: Normal boot
03:02:33.0986 5092        ============================================================
03:02:41.0369 5092        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:02:41.0415 5092        \Device\Harddisk0\DR0:
03:02:41.0447 5092        MBR used
03:02:41.0447 5092        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:02:41.0447 5092        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E8F9000
03:02:41.0447 5092        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E92B800, BlocksNum 0x19258000
03:02:41.0681 5092        Initialize success
03:02:41.0681 5092        ============================================================
03:02:43.0321 6328        ============================================================
03:02:43.0321 6328        Scan started
03:02:43.0321 6328        Mode: Manual;
03:02:43.0321 6328        ============================================================
03:02:44.0850 6328        1394ohci - ok
03:02:44.0850 6328        ACPI - ok
03:02:44.0866 6328        AcpiPmi - ok
03:02:45.0413 6328        adp94xx - ok
03:02:45.0491 6328        adpahci - ok
03:02:45.0553 6328        adpu320 - ok
03:02:46.0056 6328        AFD - ok
03:02:46.0134 6328        agp440 - ok
03:02:46.0305 6328        aliide - ok
03:02:46.0570 6328        amdide - ok
03:02:46.0617 6328        amdiox64 - ok
03:02:46.0804 6328        AmdK8 - ok
03:02:46.0929 6328        amdkmdag - ok
03:02:46.0945 6328        amdkmdap - ok
03:02:47.0008 6328        AmdPPM - ok
03:02:47.0273 6328        amdsata - ok
03:02:47.0492 6328        amdsbs - ok
03:02:47.0632 6328        amdxata - ok
03:02:47.0726 6328        AODDriver4.0 - ok
03:02:47.0851 6328        AppID - ok
03:02:48.0024 6328        arc - ok
03:02:48.0040 6328        arcsas - ok
03:02:48.0165 6328        AsyncMac - ok
03:02:48.0180 6328        atapi - ok
03:02:48.0445 6328        AtiHDAudioService - ok
03:02:49.0397 6328        b06bdrv - ok
03:02:49.0475 6328        b57nd60a - ok
03:02:49.0678 6328        Beep - ok
03:02:49.0740 6328        blbdrive - ok
03:02:49.0756 6328        bowser - ok
03:02:49.0787 6328        BrFiltLo - ok
03:02:49.0787 6328        BrFiltUp - ok
03:02:49.0803 6328        Brserid - ok
03:02:49.0818 6328        BrSerWdm - ok
03:02:49.0834 6328        BrUsbMdm - ok
03:02:49.0834 6328        BrUsbSer - ok
03:02:49.0849 6328        BTHMODEM - ok
03:02:49.0865 6328        cdfs - ok
03:02:49.0881 6328        cdrom - ok
03:02:49.0943 6328        circlass - ok
03:02:49.0943 6328        CLFS - ok
03:02:49.0959 6328        CmBatt - ok
03:02:49.0974 6328        cmdide - ok
03:02:49.0990 6328        CNG - ok
03:02:49.0990 6328        Compbatt - ok
03:02:50.0005 6328        CompFilter64 - ok
03:02:50.0068 6328        CompositeBus - ok
03:02:50.0068 6328        crcdisk - ok
03:02:50.0099 6328        CSC - ok
03:02:50.0115 6328        DfsC - ok
03:02:50.0130 6328        discache - ok
03:02:50.0208 6328        Disk - ok
03:02:50.0239 6328        drmkaud - ok
03:02:50.0255 6328        dtsoftbus01 - ok
03:02:50.0271 6328        DXGKrnl - ok
03:02:50.0302 6328        EagleX64 - ok
03:02:50.0317 6328        ebdrv - ok
03:02:50.0349 6328        elxstor - ok
03:02:50.0364 6328        ErrDev - ok
03:02:50.0427 6328        exfat - ok
03:02:50.0427 6328        fastfat - ok
03:02:50.0442 6328        fdc - ok
03:02:50.0473 6328        FileInfo - ok
03:02:50.0473 6328        Filetrace - ok
03:02:50.0489 6328        flpydisk - ok
03:02:50.0505 6328        FltMgr - ok
03:02:50.0520 6328        FsDepends - ok
03:02:50.0536 6328        Fs_Rec - ok
03:02:50.0536 6328        fvevol - ok
03:02:50.0551 6328        gagp30kx - ok
03:02:50.0567 6328        GEARAspiWDM - ok
03:02:50.0567 6328        hcw85cir - ok
03:02:50.0614 6328        HdAudAddService - ok
03:02:50.0629 6328        HDAudBus - ok
03:02:50.0629 6328        HidBatt - ok
03:02:50.0645 6328        HidBth - ok
03:02:50.0661 6328        HidIr - ok
03:02:50.0692 6328        HidUsb - ok
03:02:50.0723 6328        HpSAMD - ok
03:02:50.0739 6328        HTTP - ok
03:02:50.0754 6328        hwpolicy - ok
03:02:50.0770 6328        i8042prt - ok
03:02:50.0770 6328        iaStorV - ok
03:02:50.0785 6328        iirsp - ok
03:02:50.0801 6328        intelide - ok
03:02:50.0832 6328        intelppm - ok
03:02:50.0848 6328        IpFilterDriver - ok
03:02:50.0863 6328        IPMIDRV - ok
03:02:50.0863 6328        IPNAT - ok
03:02:50.0895 6328        IRENUM - ok
03:02:50.0910 6328        isapnp - ok
03:02:50.0926 6328        iScsiPrt - ok
03:02:50.0926 6328        kbdclass - ok
03:02:50.0941 6328        kbdhid - ok
03:02:50.0988 6328        KL1 - ok
03:02:50.0988 6328        kl2 - ok
03:02:51.0004 6328        KLIF - ok
03:02:51.0019 6328        KLIM6 - ok
03:02:51.0019 6328        klmouflt - ok
03:02:51.0035 6328        KSecDD - ok
03:02:51.0035 6328        KSecPkg - ok
03:02:51.0051 6328        ksthunk - ok
03:02:51.0113 6328        lltdio - ok
03:02:51.0144 6328        LSI_FC - ok
03:02:51.0160 6328        LSI_SAS - ok
03:02:51.0175 6328        LSI_SAS2 - ok
03:02:51.0191 6328        LSI_SCSI - ok
03:02:51.0191 6328        luafv - ok
03:02:51.0207 6328        LVRS64 - ok
03:02:51.0238 6328        LVUVC64 - ok
03:02:51.0253 6328        megasas - ok
03:02:51.0269 6328        MegaSR - ok
03:02:51.0363 6328        MEMSWEEP2 - ok
03:02:51.0378 6328        Modem - ok
03:02:51.0394 6328        monitor - ok
03:02:51.0409 6328        mouclass - ok
03:02:51.0425 6328        mouhid - ok
03:02:51.0425 6328        mountmgr - ok
03:02:51.0441 6328        mpio - ok
03:02:51.0441 6328        mpsdrv - ok
03:02:51.0456 6328        MRxDAV - ok
03:02:51.0472 6328        mrxsmb - ok
03:02:51.0487 6328        mrxsmb10 - ok
03:02:51.0487 6328        mrxsmb20 - ok
03:02:51.0503 6328        msahci - ok
03:02:51.0503 6328        msdsm - ok
03:02:51.0519 6328        Msfs - ok
03:02:51.0534 6328        mshidkmdf - ok
03:02:51.0550 6328        msisadrv - ok
03:02:51.0581 6328        MSKSSRV - ok
03:02:51.0597 6328        MSPCLOCK - ok
03:02:51.0643 6328        MSPQM - ok
03:02:51.0659 6328        MsRPC - ok
03:02:51.0675 6328        mssmbios - ok
03:02:51.0675 6328        MSTEE - ok
03:02:51.0690 6328        MTConfig - ok
03:02:51.0706 6328        Mup - ok
03:02:51.0737 6328        NativeWifiP - ok
03:02:51.0753 6328        NDIS - ok
03:02:51.0753 6328        NdisCap - ok
03:02:51.0768 6328        NdisTapi - ok
03:02:51.0784 6328        Ndisuio - ok
03:02:51.0784 6328        NdisWan - ok
03:02:51.0799 6328        NDProxy - ok
03:02:51.0815 6328        NetBIOS - ok
03:02:51.0831 6328        NetBT - ok
03:02:51.0877 6328        netr28ux - ok
03:02:51.0909 6328        nfrd960 - ok
03:02:51.0955 6328        Npfs - ok
03:02:52.0002 6328        NPPTNT2 - ok
03:02:52.0018 6328        nsiproxy - ok
03:02:52.0033 6328        Ntfs - ok
03:02:52.0049 6328        Null - ok
03:02:52.0065 6328        nvraid - ok
03:02:52.0065 6328        nvstor - ok
03:02:52.0080 6328        nv_agp - ok
03:02:52.0096 6328        ohci1394 - ok
03:02:52.0127 6328        Parport - ok
03:02:52.0143 6328        partmgr - ok
03:02:52.0158 6328        pci - ok
03:02:52.0158 6328        pciide - ok
03:02:52.0174 6328        pcmcia - ok
03:02:52.0174 6328        pcw - ok
03:02:52.0189 6328        PEAUTH - ok
03:02:52.0283 6328        PptpMiniport - ok
03:02:52.0283 6328        Processor - ok
03:02:52.0314 6328        Psched - ok
03:02:52.0314 6328        ql2300 - ok
03:02:52.0330 6328        ql40xx - ok
03:02:52.0345 6328        QWAVEdrv - ok
03:02:52.0345 6328        RasAcd - ok
03:02:52.0361 6328        RasAgileVpn - ok
03:02:52.0377 6328        Rasl2tp - ok
03:02:52.0439 6328        RasPppoe - ok
03:02:52.0470 6328        RasSstp - ok
03:02:52.0470 6328        rdbss - ok
03:02:52.0486 6328        rdpbus - ok
03:02:52.0501 6328        RDPCDD - ok
03:02:52.0517 6328        RDPDR - ok
03:02:52.0533 6328        RDPENCDD - ok
03:02:52.0533 6328        RDPREFMP - ok
03:02:52.0548 6328        RDPWD - ok
03:02:52.0579 6328        rdyboost - ok
03:02:52.0611 6328        rspndr - ok
03:02:52.0642 6328        RTL8167 - ok
03:02:52.0657 6328        s3cap - ok
03:02:52.0673 6328        sbp2port - ok
03:02:52.0689 6328        scfilter - ok
03:02:52.0735 6328        secdrv - ok
03:02:52.0767 6328        Serenum - ok
03:02:52.0782 6328        Serial - ok
03:02:52.0798 6328        sermouse - ok
03:02:52.0829 6328        sffdisk - ok
03:02:52.0829 6328        sffp_mmc - ok
03:02:52.0845 6328        sffp_sd - ok
03:02:52.0860 6328        sfloppy - ok
03:02:52.0923 6328        SiSRaid2 - ok
03:02:52.0923 6328        SiSRaid4 - ok
03:02:52.0954 6328        Smb - ok
03:02:52.0969 6328        spldr - ok
03:02:52.0985 6328        srv - ok
03:02:53.0001 6328        srv2 - ok
03:02:53.0001 6328        srvnet - ok
03:02:53.0047 6328        stexstor - ok
03:02:53.0079 6328        storflt - ok
03:02:53.0094 6328        storvsc - ok
03:02:53.0094 6328        swenum - ok
03:02:53.0203 6328        tap0801 - ok
03:02:53.0250 6328        tap0901 - ok
03:02:53.0266 6328        tapoas - ok
03:02:53.0281 6328        Tcpip - ok
03:02:53.0297 6328        TCPIP6 - ok
03:02:53.0313 6328        tcpipreg - ok
03:02:53.0328 6328        TDPIPE - ok
03:02:53.0328 6328        TDTCP - ok
03:02:53.0344 6328        tdx - ok
03:02:53.0453 6328        TermDD - ok
03:02:53.0500 6328        truecrypt - ok
03:02:53.0515 6328        tssecsrv - ok
03:02:53.0562 6328        tunnel - ok
03:02:53.0578 6328        uagp35 - ok
03:02:53.0578 6328        udfs - ok
03:02:53.0609 6328        uliagpkx - ok
03:02:53.0625 6328        umbus - ok
03:02:53.0656 6328        UmPass - ok
03:02:53.0827 6328        usbaudio - ok
03:02:53.0843 6328        usbccgp - ok
03:02:53.0843 6328        usbcir - ok
03:02:53.0859 6328        usbehci - ok
03:02:53.0874 6328        usbhub - ok
03:02:53.0874 6328        usbohci - ok
03:02:53.0890 6328        usbprint - ok
03:02:53.0905 6328        USBSTOR - ok
03:02:53.0905 6328        usbuhci - ok
03:02:53.0921 6328        usbvideo - ok
03:02:53.0968 6328        vdrvroot - ok
03:02:53.0999 6328        vga - ok
03:02:54.0015 6328        VgaSave - ok
03:02:54.0030 6328        vhdmp - ok
03:02:54.0030 6328        viaide - ok
03:02:54.0046 6328        vmbus - ok
03:02:54.0046 6328        VMBusHID - ok
03:02:54.0061 6328        volmgr - ok
03:02:54.0077 6328        volmgrx - ok
03:02:54.0077 6328        volsnap - ok
03:02:54.0108 6328        vsmraid - ok
03:02:54.0124 6328        vwifibus - ok
03:02:54.0139 6328        vwififlt - ok
03:02:54.0186 6328        WacomPen - ok
03:02:54.0327 6328        WANARP - ok
03:02:54.0420 6328        Wanarpv6 - ok
03:02:54.0436 6328        Wd - ok
03:02:54.0451 6328        Wdf01000 - ok
03:02:54.0529 6328        WfpLwf - ok
03:02:54.0529 6328        WIMMount - ok
03:02:54.0732 6328        WmiAcpi - ok
03:02:54.0779 6328        ws2ifsl - ok
03:02:54.0795 6328        WudfPf - ok
03:02:54.0888 6328        WUDFRd - ok
03:02:54.0935 6328        MBR (0x1B8)    (ddc4773eef68ef7fac87cf9235395cab) \Device\Harddisk0\DR0
03:02:56.0074 6328        \Device\Harddisk0\DR0 - ok
03:02:56.0105 6328        Boot (0x1200)  (0b7917c20fe128bc0e3b3ee7d2b9c084) \Device\Harddisk0\DR0\Partition0
03:02:56.0105 6328        \Device\Harddisk0\DR0\Partition0 - ok
03:02:56.0121 6328        Boot (0x1200)  (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
03:02:56.0121 6328        \Device\Harddisk0\DR0\Partition1 - ok
03:02:56.0152 6328        Boot (0x1200)  (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
03:02:56.0152 6328        \Device\Harddisk0\DR0\Partition2 - ok
03:02:56.0152 6328        ============================================================
03:02:56.0152 6328        Scan finished
03:02:56.0152 6328        ============================================================
03:02:56.0167 6128        Detected object count: 0
03:02:56.0167 6128        Actual detected object count: 0
03:03:05.0187 5080        ============================================================
03:03:05.0187 5080        Scan started
03:03:05.0187 5080        Mode: Manual; SigCheck; TDLFS;
03:03:05.0187 5080        ============================================================
03:03:06.0248 5080        1394ohci - ok
03:03:06.0264 5080        ACPI - ok
03:03:06.0279 5080        AcpiPmi - ok
03:03:06.0279 5080        adp94xx - ok
03:03:06.0295 5080        adpahci - ok
03:03:06.0310 5080        adpu320 - ok
03:03:06.0326 5080        AFD - ok
03:03:06.0326 5080        agp440 - ok
03:03:06.0342 5080        aliide - ok
03:03:06.0373 5080        amdide - ok
03:03:06.0388 5080        amdiox64 - ok
03:03:06.0388 5080        AmdK8 - ok
03:03:06.0404 5080        amdkmdag - ok
03:03:06.0420 5080        amdkmdap - ok
03:03:06.0420 5080        AmdPPM - ok
03:03:06.0435 5080        amdsata - ok
03:03:06.0435 5080        amdsbs - ok
03:03:06.0451 5080        amdxata - ok
03:03:06.0466 5080        AODDriver4.0 - ok
03:03:06.0466 5080        AppID - ok
03:03:06.0498 5080        arc - ok
03:03:06.0513 5080        arcsas - ok
03:03:06.0513 5080        AsyncMac - ok
03:03:06.0529 5080        atapi - ok
03:03:06.0544 5080        AtiHDAudioService - ok
03:03:06.0560 5080        b06bdrv - ok
03:03:06.0576 5080        b57nd60a - ok
03:03:06.0591 5080        Beep - ok
03:03:06.0607 5080        blbdrive - ok
03:03:06.0622 5080        bowser - ok
03:03:06.0638 5080        BrFiltLo - ok
03:03:06.0638 5080        BrFiltUp - ok
03:03:06.0654 5080        Brserid - ok
03:03:06.0669 5080        BrSerWdm - ok
03:03:06.0685 5080        BrUsbMdm - ok
03:03:06.0685 5080        BrUsbSer - ok
03:03:06.0700 5080        BTHMODEM - ok
03:03:06.0716 5080        cdfs - ok
03:03:06.0716 5080        cdrom - ok
03:03:06.0732 5080        circlass - ok
03:03:06.0747 5080        CLFS - ok
03:03:06.0763 5080        CmBatt - ok
03:03:06.0778 5080        cmdide - ok
03:03:06.0778 5080        CNG - ok
03:03:06.0794 5080        Compbatt - ok
03:03:06.0810 5080        CompFilter64 - ok
03:03:06.0810 5080        CompositeBus - ok
03:03:06.0825 5080        crcdisk - ok
03:03:06.0841 5080        CSC - ok
03:03:06.0872 5080        DfsC - ok
03:03:06.0888 5080        discache - ok
03:03:06.0903 5080        Disk - ok
03:03:06.0919 5080        drmkaud - ok
03:03:06.0934 5080        dtsoftbus01 - ok
03:03:06.0950 5080        DXGKrnl - ok
03:03:06.0950 5080        EagleX64 - ok
03:03:06.0966 5080        ebdrv - ok
03:03:06.0997 5080        elxstor - ok
03:03:06.0997 5080        ErrDev - ok
03:03:07.0028 5080        exfat - ok
03:03:07.0028 5080        fastfat - ok
03:03:07.0044 5080        fdc - ok
03:03:07.0059 5080        FileInfo - ok
03:03:07.0075 5080        Filetrace - ok
03:03:07.0090 5080        flpydisk - ok
03:03:07.0090 5080        FltMgr - ok
03:03:07.0106 5080        FsDepends - ok
03:03:07.0122 5080        Fs_Rec - ok
03:03:07.0137 5080        fvevol - ok
03:03:07.0137 5080        gagp30kx - ok
03:03:07.0153 5080        GEARAspiWDM - ok
03:03:07.0168 5080        hcw85cir - ok
03:03:07.0168 5080        HdAudAddService - ok
03:03:07.0184 5080        HDAudBus - ok
03:03:07.0200 5080        HidBatt - ok
03:03:07.0200 5080        HidBth - ok
03:03:07.0215 5080        HidIr - ok
03:03:07.0231 5080        HidUsb - ok
03:03:07.0246 5080        HpSAMD - ok
03:03:07.0262 5080        HTTP - ok
03:03:07.0262 5080        hwpolicy - ok
03:03:07.0278 5080        i8042prt - ok
03:03:07.0278 5080        iaStorV - ok
03:03:07.0293 5080        iirsp - ok
03:03:07.0309 5080        intelide - ok
03:03:07.0324 5080        intelppm - ok
03:03:07.0340 5080        IpFilterDriver - ok
03:03:07.0356 5080        IPMIDRV - ok
03:03:07.0356 5080        IPNAT - ok
03:03:07.0371 5080        IRENUM - ok
03:03:07.0387 5080        isapnp - ok
03:03:07.0387 5080        iScsiPrt - ok
03:03:07.0402 5080        kbdclass - ok
03:03:07.0402 5080        kbdhid - ok
03:03:07.0465 5080        KL1 - ok
03:03:07.0480 5080        kl2 - ok
03:03:07.0480 5080        KLIF - ok
03:03:07.0496 5080        KLIM6 - ok
03:03:07.0512 5080        klmouflt - ok
03:03:07.0512 5080        KSecDD - ok
03:03:07.0527 5080        KSecPkg - ok
03:03:07.0527 5080        ksthunk - ok
03:03:07.0558 5080        lltdio - ok
03:03:07.0590 5080        LSI_FC - ok
03:03:07.0590 5080        LSI_SAS - ok
03:03:07.0605 5080        LSI_SAS2 - ok
03:03:07.0621 5080        LSI_SCSI - ok
03:03:07.0621 5080        luafv - ok
03:03:07.0636 5080        LVRS64 - ok
03:03:07.0636 5080        LVUVC64 - ok
03:03:07.0652 5080        megasas - ok
03:03:07.0668 5080        MegaSR - ok
03:03:07.0668 5080        MEMSWEEP2 - ok
03:03:07.0683 5080        Modem - ok
03:03:07.0699 5080        monitor - ok
03:03:07.0714 5080        mouclass - ok
03:03:07.0714 5080        mouhid - ok
03:03:07.0730 5080        mountmgr - ok
03:03:07.0746 5080        mpio - ok
03:03:07.0746 5080        mpsdrv - ok
03:03:07.0761 5080        MRxDAV - ok
03:03:07.0777 5080        mrxsmb - ok
03:03:07.0777 5080        mrxsmb10 - ok
03:03:07.0792 5080        mrxsmb20 - ok
03:03:07.0808 5080        msahci - ok
03:03:07.0808 5080        msdsm - ok
03:03:07.0839 5080        Msfs - ok
03:03:07.0839 5080        mshidkmdf - ok
03:03:07.0886 5080        msisadrv - ok
03:03:07.0902 5080        MSKSSRV - ok
03:03:07.0902 5080        MSPCLOCK - ok
03:03:07.0917 5080        MSPQM - ok
03:03:07.0933 5080        MsRPC - ok
03:03:07.0948 5080        mssmbios - ok
03:03:07.0948 5080        MSTEE - ok
03:03:07.0964 5080        MTConfig - ok
03:03:07.0964 5080        Mup - ok
03:03:07.0980 5080        NativeWifiP - ok
03:03:07.0995 5080        NDIS - ok
03:03:08.0011 5080        NdisCap - ok
03:03:08.0011 5080        NdisTapi - ok
03:03:08.0026 5080        Ndisuio - ok
03:03:08.0026 5080        NdisWan - ok
03:03:08.0042 5080        NDProxy - ok
03:03:08.0058 5080        NetBIOS - ok
03:03:08.0058 5080        NetBT - ok
03:03:08.0089 5080        netr28ux - ok
03:03:08.0104 5080        nfrd960 - ok
03:03:08.0104 5080        Npfs - ok
03:03:08.0120 5080        NPPTNT2 - ok
03:03:08.0136 5080        nsiproxy - ok
03:03:08.0151 5080        Ntfs - ok
03:03:08.0167 5080        Null - ok
03:03:08.0182 5080        nvraid - ok
03:03:08.0182 5080        nvstor - ok
03:03:08.0198 5080        nv_agp - ok
03:03:08.0198 5080        ohci1394 - ok
03:03:08.0229 5080        Parport - ok
03:03:08.0229 5080        partmgr - ok
03:03:08.0245 5080        pci - ok
03:03:08.0260 5080        pciide - ok
03:03:08.0276 5080        pcmcia - ok
03:03:08.0276 5080        pcw - ok
03:03:08.0292 5080        PEAUTH - ok
03:03:08.0370 5080        PptpMiniport - ok
03:03:08.0370 5080        Processor - ok
03:03:08.0385 5080        Psched - ok
03:03:08.0401 5080        ql2300 - ok
03:03:08.0416 5080        ql40xx - ok
03:03:08.0416 5080        QWAVEdrv - ok
03:03:08.0432 5080        RasAcd - ok
03:03:08.0448 5080        RasAgileVpn - ok
03:03:08.0463 5080        Rasl2tp - ok
03:03:08.0479 5080        RasPppoe - ok
03:03:08.0479 5080        RasSstp - ok
03:03:08.0494 5080        rdbss - ok
03:03:08.0510 5080        rdpbus - ok
03:03:08.0510 5080        RDPCDD - ok
03:03:08.0526 5080        RDPDR - ok
03:03:08.0541 5080        RDPENCDD - ok
03:03:08.0557 5080        RDPREFMP - ok
03:03:08.0557 5080        RDPWD - ok
03:03:08.0572 5080        rdyboost - ok
03:03:08.0604 5080        rspndr - ok
03:03:08.0619 5080        RTL8167 - ok
03:03:08.0619 5080        s3cap - ok
03:03:08.0635 5080        sbp2port - ok
03:03:08.0650 5080        scfilter - ok
03:03:08.0682 5080        secdrv - ok
03:03:08.0697 5080        Serenum - ok
03:03:08.0713 5080        Serial - ok
03:03:08.0728 5080        sermouse - ok
03:03:08.0760 5080        sffdisk - ok
03:03:08.0760 5080        sffp_mmc - ok
03:03:08.0775 5080        sffp_sd - ok
03:03:08.0775 5080        sfloppy - ok
03:03:08.0806 5080        SiSRaid2 - ok
03:03:08.0806 5080        SiSRaid4 - ok
03:03:08.0822 5080        Smb - ok
03:03:08.0838 5080        spldr - ok
03:03:08.0869 5080        srv - ok
03:03:08.0869 5080        srv2 - ok
03:03:08.0884 5080        srvnet - ok
03:03:08.0900 5080        stexstor - ok
03:03:08.0916 5080        storflt - ok
03:03:08.0931 5080        storvsc - ok
03:03:08.0931 5080        swenum - ok
03:03:08.0962 5080        tap0801 - ok
03:03:08.0978 5080        tap0901 - ok
03:03:08.0994 5080        tapoas - ok
03:03:09.0009 5080        Tcpip - ok
03:03:09.0009 5080        TCPIP6 - ok
03:03:09.0025 5080        tcpipreg - ok
03:03:09.0040 5080        TDPIPE - ok
03:03:09.0056 5080        TDTCP - ok
03:03:09.0056 5080        tdx - ok
03:03:09.0072 5080        TermDD - ok
03:03:09.0103 5080        truecrypt - ok
03:03:09.0118 5080        tssecsrv - ok
03:03:09.0134 5080        tunnel - ok
03:03:09.0134 5080        uagp35 - ok
03:03:09.0150 5080        udfs - ok
03:03:09.0181 5080        uliagpkx - ok
03:03:09.0181 5080        umbus - ok
03:03:09.0196 5080        UmPass - ok
03:03:09.0212 5080        usbaudio - ok
03:03:09.0228 5080        usbccgp - ok
03:03:09.0228 5080        usbcir - ok
03:03:09.0243 5080        usbehci - ok
03:03:09.0243 5080        usbhub - ok
03:03:09.0259 5080        usbohci - ok
03:03:09.0259 5080        usbprint - ok
03:03:09.0274 5080        USBSTOR - ok
03:03:09.0290 5080        usbuhci - ok
03:03:09.0290 5080        usbvideo - ok
03:03:09.0306 5080        vdrvroot - ok
03:03:09.0321 5080        vga - ok
03:03:09.0337 5080        VgaSave - ok
03:03:09.0337 5080        vhdmp - ok
03:03:09.0352 5080        viaide - ok
03:03:09.0368 5080        vmbus - ok
03:03:09.0368 5080        VMBusHID - ok
03:03:09.0384 5080        volmgr - ok
03:03:09.0384 5080        volmgrx - ok
03:03:09.0399 5080        volsnap - ok
03:03:09.0399 5080        vsmraid - ok
03:03:09.0415 5080        vwifibus - ok
03:03:09.0430 5080        vwififlt - ok
03:03:09.0446 5080        WacomPen - ok
03:03:09.0462 5080        WANARP - ok
03:03:09.0477 5080        Wanarpv6 - ok
03:03:09.0508 5080        Wd - ok
03:03:09.0508 5080        Wdf01000 - ok
03:03:09.0555 5080        WfpLwf - ok
03:03:09.0555 5080        WIMMount - ok
03:03:09.0602 5080        WmiAcpi - ok
03:03:09.0633 5080        ws2ifsl - ok
03:03:09.0664 5080        WudfPf - ok
03:03:09.0664 5080        WUDFRd - ok
03:03:09.0727 5080        MBR (0x1B8)    (ddc4773eef68ef7fac87cf9235395cab) \Device\Harddisk0\DR0
03:03:10.0226 5080        \Device\Harddisk0\DR0 - ok
03:03:10.0273 5080        Boot (0x1200)  (0b7917c20fe128bc0e3b3ee7d2b9c084) \Device\Harddisk0\DR0\Partition0
03:03:10.0273 5080        \Device\Harddisk0\DR0\Partition0 - ok
03:03:10.0335 5080        Boot (0x1200)  (79c7eee141b6b1aad10435e9cac26fc4) \Device\Harddisk0\DR0\Partition1
03:03:10.0335 5080        \Device\Harddisk0\DR0\Partition1 - ok
03:03:10.0429 5080        Boot (0x1200)  (c8b2076ae587b4252765885e0019e070) \Device\Harddisk0\DR0\Partition2
03:03:10.0429 5080        \Device\Harddisk0\DR0\Partition2 - ok
03:03:10.0429 5080        ============================================================
03:03:10.0429 5080        Scan finished
03:03:10.0429 5080        ============================================================
03:03:10.0617 4464        Detected object count: 0
03:03:10.0617 4464        Actual detected object count: 0
03:03:14.0552 6256        Deinitialize success
TDSSKiller.2.7.10.0_27.02.2012_23.11.34_log:

Code:
23:11:34.0118 1824        TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
23:11:40.0914 1824        Perform update action was selected
23:11:40.0925 5672        Deinitialize success

cosinus 07.03.2012 15:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

xan1m0rphx 07.03.2012 16:24
ComboFix durchrattern lassen!
Maus und tastertur nicht angerührt :)

Combofix Logfile:
Code:
ComboFix 12-03-07.03 - Manuel 07.03.2012  16:07:49.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.4606.3248 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manuel\AppData\Local\assembly\tmp
c:\users\Manuel\AppData\Roaming\InstallDir
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\lARkr8tK0VXpuGMp8L.dat
c:\users\Manuel\AppData\Roaming\Microsoft\Windows\lARkr8tK0VXpuGMp8L.xtr
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))
.
.
2012-03-07 15:17 . 2012-03-07 15:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-07 05:30 . 2012-03-07 05:31        --------        d-----w-        c:\program files (x86)\Wireshark
2012-03-07 05:27 . 2012-03-07 05:27        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-03-07 05:27 . 2012-03-07 05:27        --------        d-----w-        c:\program files (x86)\Java
2012-03-07 05:05 . 2012-03-07 05:05        --------        d-----w-        c:\users\Manuel\AppData\Local\Secunia PSI
2012-03-07 05:05 . 2012-03-07 05:05        --------        d-----w-        c:\program files (x86)\Secunia
2012-03-07 04:57 . 2012-03-07 04:57        --------        d-----w-        c:\users\Manuel\AppData\Roaming\SUPERAntiSpyware.com
2012-03-07 04:57 . 2012-03-07 04:59        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-03-07 04:57 . 2012-03-07 04:57        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-03-07 03:31 . 2012-03-07 03:31        --------        d-----w-        C:\_OTL
2012-03-06 20:07 . 2012-03-06 20:07        --------        d-----w-        c:\program files (x86)\Screaming Bee
2012-03-06 14:34 . 2012-03-07 03:47        --------        d-----r-        C:\Javascript
2012-03-04 14:19 . 2012-03-04 14:19        --------        d-----w-        c:\users\Manuel\AppData\Local\Vitalwerks
2012-03-04 14:10 . 2012-03-04 14:10        --------        d-----w-        c:\program files (x86)\No-IP
2012-03-04 13:21 . 2012-03-04 13:21        --------        d-----w-        c:\program files (x86)\VirtualDJ
2012-03-04 12:38 . 2012-03-04 12:38        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 12:38 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-04 02:02 . 2012-03-04 02:02        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-03-03 18:37 . 2012-03-03 18:37        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Malwarebytes
2012-03-03 18:37 . 2012-03-03 18:37        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-03 11:21 . 2012-03-03 11:21        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-03-03 11:20 . 2012-03-03 11:20        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-03-03 03:54 . 2012-03-03 03:56        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Tunngle
2012-03-03 03:54 . 2012-03-03 03:54        --------        d-----w-        c:\programdata\Tunngle
2012-03-03 03:54 . 2009-09-16 06:02        31232        ----a-w-        c:\windows\system32\drivers\tap0901t.sys
2012-03-03 03:54 . 2012-03-03 03:56        --------        d-----w-        c:\program files (x86)\Tunngle
2012-03-03 02:52 . 2012-03-03 02:52        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-03-02 17:45 . 2010-09-14 06:45        367104        ----a-w-        c:\windows\system32\wcncsvc.dll
2012-03-02 17:45 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\SysWow64\wcncsvc.dll
2012-03-02 17:16 . 2012-03-02 17:16        --------        d-----w-        c:\program files (x86)\Winamp Detect
2012-03-02 17:15 . 2012-03-02 17:15        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2012-03-02 17:15 . 2012-03-06 17:37        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Winamp
2012-03-02 17:15 . 2012-03-02 17:16        --------        d-----w-        c:\program files (x86)\Winamp
2012-03-02 17:14 . 2012-03-02 17:15        --------        d-----w-        c:\program files\Virtual Audio Cable
2012-03-02 17:14 . 2012-03-02 17:14        66728        ----a-w-        c:\windows\system32\drivers\vrtaucbl.sys
2012-03-02 17:09 . 2009-09-10 06:28        311808        ----a-w-        c:\windows\system32\msv1_0.dll
2012-03-02 17:09 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2012-03-02 16:30 . 2009-10-10 03:17        14336        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys
2012-03-02 16:30 . 2012-03-02 16:30        --------        d-----w-        c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-02 16:18 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-03-02 15:48 . 2012-03-04 02:22        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-03-02 15:10 . 2010-03-04 04:40        184832        ----a-w-        c:\windows\system32\drivers\usbvideo.sys
2012-03-02 15:10 . 2010-03-04 04:32        243712        ----a-w-        c:\windows\system32\drivers\ks.sys
2012-03-02 15:08 . 2009-09-03 07:36        1975296        ----a-w-        c:\windows\system32\CertEnroll.dll
2012-03-02 15:08 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\SysWow64\CertEnroll.dll
2012-03-02 15:06 . 2012-01-14 04:02        3143168        ----a-w-        c:\windows\system32\win32k.sys
2012-03-02 15:05 . 2010-07-29 06:30        82944        ----a-w-        c:\windows\SysWow64\iccvid.dll
2012-03-02 15:04 . 2011-11-05 05:17        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-03-02 14:53 . 2011-12-16 08:42        634368        ----a-w-        c:\windows\system32\msvcrt.dll
2012-03-02 14:53 . 2011-12-16 07:59        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2012-03-02 14:51 . 2011-06-23 05:29        5507968        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-02 14:51 . 2011-06-23 04:38        3957120        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-02 14:51 . 2011-06-23 04:38        3902336        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-02 14:47 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll
2012-03-02 14:47 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-03-02 14:45 . 2009-12-29 08:03        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-02 14:45 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-03-02 14:45 . 2010-01-09 07:19        139264        ----a-w-        c:\windows\system32\cabview.dll
2012-03-02 14:45 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\SysWow64\cabview.dll
2012-03-02 14:32 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DDF34F3-52EA-4A34-9495-2FF642A099B0}\mpengine.dll
2012-03-02 03:13 . 2009-06-18 11:55        18816        ------w-        c:\windows\SysWow64\SAVRKBootTasks.sys
2012-03-02 01:32 . 2012-03-07 03:31        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-03-02 01:32 . 2012-03-03 04:39        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-03-02 01:21 . 2012-03-02 01:22        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Spamihilator
2012-03-02 01:20 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\SysWow64\ztvcabinet.dll
2012-03-02 01:20 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\SysWow64\ztvunrar36.dll
2012-03-02 01:20 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\SysWow64\ztvunace26.dll
2012-03-02 01:20 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\SysWow64\UNRAR3.dll
2012-03-02 01:20 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\SysWow64\unacev2.dll
2012-03-02 01:20 . 2012-03-02 11:24        --------        d-----w-        c:\program files (x86)\Trojan Remover
2012-03-02 01:20 . 2012-03-02 01:20        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Simply Super Software
2012-03-02 01:20 . 2012-03-02 01:20        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-01 23:32 . 2012-03-02 00:53        --------        d-sh--r-        c:\users\Manuel\AppData\Roaming\MicroUpdate
2012-03-01 21:29 . 2012-03-01 21:29        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-03-01 21:28 . 2012-03-06 14:06        --------        d-----w-        c:\users\Manuel\AppData\Local\LogMeIn Hamachi
2012-03-01 16:11 . 2012-03-01 16:11        --------        d-----w-        c:\users\Manuel\AppData\Local\Downloaded Installations
2012-03-01 00:06 . 2012-03-01 00:06        --------        d-----w-        c:\program files (x86)\Midway Home Entertainment
2012-02-29 20:39 . 2012-02-29 22:09        --------        d-----w-        c:\users\Manuel\AppData\Roaming\DarknessII
2012-02-29 20:11 . 2012-03-04 19:09        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2012-02-29 19:14 . 2012-02-29 19:18        --------        d-----w-        c:\program files\Common Files\Adobe
2012-02-29 19:12 . 2012-02-29 19:12        --------        d-----w-        c:\program files (x86)\Adobe Media Player
2012-02-29 19:09 . 2012-03-07 05:38        --------        d-----w-        c:\program files (x86)\Common Files\Adobe AIR
2012-02-29 03:04 . 2012-02-29 03:04        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Serif
2012-02-29 02:59 . 2012-02-29 02:59        --------        d-----w-        c:\program files (x86)\Serif
2012-02-27 02:30 . 2012-03-01 20:05        --------        d-----w-        c:\users\Manuel\VirtualBox VMs
2012-02-27 02:16 . 2012-03-06 23:01        --------        d-----w-        c:\users\Manuel\.VirtualBox
2012-02-27 02:15 . 2011-12-19 12:45        224048        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2012-02-27 02:14 . 2011-12-19 12:45        130864        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2012-02-27 02:14 . 2012-02-27 02:14        --------        d-----w-        c:\program files\Oracle
2012-02-27 01:11 . 2012-02-27 01:11        --------        d-----w-        c:\program files (x86)\WinSCP
2012-02-26 20:19 . 2001-08-12 13:38        --------        d-----w-        c:\windows\system32\software.lc
2012-02-26 20:19 . 2001-07-13 10:59        32768        ----a-w-        c:\windows\system32\UUDECODE.EXE
2012-02-26 20:19 . 1998-12-08 15:28        24576        ----a-w-        c:\windows\system32\UUENCODE.EXE
2012-02-26 14:42 . 2012-02-26 14:42        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Canneverbe Limited
2012-02-26 14:42 . 2012-02-26 14:42        --------        d-----w-        c:\programdata\Canneverbe Limited
2012-02-26 14:42 . 2012-02-26 14:42        --------        d-----w-        c:\program files (x86)\CDBurnerXP
2012-02-24 21:42 . 2012-02-24 21:42        60        ----a-w-        c:\users\Manuel\update.bat
2012-02-24 20:38 . 2012-02-25 00:49        --------        d-----w-        c:\program files (x86)\Valve
2012-02-24 08:38 . 2012-02-24 08:38        --------        d-----w-        c:\programdata\ATI
2012-02-24 08:21 . 2012-02-24 08:21        --------        d-----w-        C:\AMD
2012-02-24 08:16 . 2012-02-24 08:16        --------        d-----w-        c:\programdata\EA Core
2012-02-24 08:16 . 2012-02-24 10:04        --------        d-----w-        c:\programdata\EA Logs
2012-02-24 08:15 . 2012-02-24 08:15        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2012-02-24 08:13 . 2012-02-24 08:13        --------        d-----w-        c:\programdata\NVIDIA
2012-02-24 06:51 . 2012-03-02 01:11        --------        d-----w-        c:\program files (x86)\Battlelog Web Plugins
2012-02-24 01:27 . 2012-02-24 01:27        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Thunderbird
2012-02-24 01:27 . 2012-02-24 01:27        --------        d-----w-        c:\users\Manuel\AppData\Local\Thunderbird
2012-02-24 01:26 . 2012-02-24 01:26        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2012-02-23 22:41 . 2012-03-07 15:04        --------        d-----w-        c:\users\Manuel\AppData\Roaming\UseNeXT
2012-02-23 22:41 . 2012-02-23 22:41        --------        d-----w-        c:\program files (x86)\UseNeXT
2012-02-23 15:40 . 2012-02-23 15:40        --------        d-----w-        c:\programdata\Blizzard Entertainment
2012-02-23 04:42 . 2012-02-23 04:42        --------        d-----w-        c:\users\Manuel\AppData\Local\Apps
2012-02-23 04:42 . 2012-02-29 20:53        --------        d-----w-        c:\users\Manuel\AppData\Local\Deployment
2012-02-23 02:28 . 2012-02-24 10:30        --------        d-----w-        c:\users\Manuel\AppData\Roaming\FileZilla
2012-02-23 02:27 . 2012-02-23 02:28        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client
2012-02-22 22:05 . 2012-02-22 22:05        --------        d-----w-        c:\program files (x86)\Intelore
2012-02-22 21:00 . 2012-02-22 21:00        --------        d-----w-        c:\program files (x86)\OpenVPN
2012-02-22 02:32 . 2012-02-22 03:12        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-21 23:32 . 2012-02-21 23:32        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-21 23:32 . 2012-03-02 01:10        --------        d-----w-        c:\program files (x86)\DAEMON Tools Toolbar
2012-02-21 23:32 . 2012-02-21 23:33        --------        d-----w-        c:\program files (x86)\DAEMON Tools Lite
2012-02-21 20:25 . 2012-03-04 17:48        --------        d-----w-        c:\programdata\boost_interprocess
2012-02-21 20:10 . 2012-03-05 00:58        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Screaming Bee
2012-02-21 20:10 . 2012-02-21 20:11        --------        d-----w-        c:\programdata\Screaming Bee
2012-02-21 20:08 . 2012-02-21 20:08        --------        d-----w-        c:\users\Manuel\AppData\Local\Windows Live
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 05:39 . 2012-01-28 16:12        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 05:27 . 2012-01-31 17:43        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-02-28 15:39 . 2012-01-31 19:32        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-02-28 15:39 . 2012-01-31 19:28        282864        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-02-28 15:38 . 2012-01-31 19:28        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-02-24 09:52 . 2012-01-31 19:28        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-01-29 04:10 . 2012-01-28 15:29        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-28 16:56 . 2012-01-28 16:56        53248        ----a-r-        c:\users\Manuel\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-18 05:44 . 2012-01-18 05:44        540960        ----a-w-        c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 05:44 . 2012-01-18 05:44        545056        ----a-w-        c:\windows\SysWow64\LVUI2.dll
2012-01-18 05:44 . 2012-01-18 05:44        561440        ----a-w-        c:\windows\system32\LVUIRC64.dll
2012-01-18 05:44 . 2012-01-18 05:44        4865568        ----a-w-        c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 05:44 . 2012-01-18 05:44        769312        ----a-w-        c:\windows\system32\LVUI64.dll
2012-01-18 05:44 . 2012-01-18 05:44        351136        ----a-w-        c:\windows\system32\drivers\lvrs64.sys
2012-01-18 05:44 . 2012-01-18 05:44        307488        ----a-w-        c:\windows\SysWow64\lvcodec2.dll
2012-01-18 05:44 . 2012-01-18 05:44        263456        ----a-w-        c:\windows\system32\lvco13311044.dll
2012-01-18 05:44 . 2012-01-18 05:44        176416        ----a-w-        c:\windows\system32\lvcod64.dll
2012-01-18 05:44 . 2012-01-18 05:44        25632        ----a-w-        c:\windows\system32\drivers\lvbflt64.sys
2012-01-18 05:44 . 2012-01-18 05:44        336408        ----a-w-        c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44        336408        ----a-w-        c:\windows\system32\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44        10920984        ----a-w-        c:\windows\SysWow64\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44        10920984        ----a-w-        c:\windows\system32\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44        104472        ----a-w-        c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 05:44 . 2012-01-18 05:44        104472        ----a-w-        c:\windows\system32\LogiDPPApp.exe
2011-12-19 12:45 . 2011-12-19 12:45        146736        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 12:43 . 2011-12-19 12:43        320816        ----a-w-        c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 12:43 . 2011-12-19 12:43        165680        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-15 17:29 . 2011-12-15 17:29        31232        ----a-w-        c:\windows\system32\drivers\tap0901.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84B.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 ArchiCrypt Sichere Loeschzonen;ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice;c:\program files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [2010-05-04 312032]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SASDIFSV
*Deregistered* - ArchiCryptInjector
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 10806816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Manuel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Manuel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\34nask8m.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 14823d1c00000000000000ffd3fc8b8d
FF - user.js: extensions.BabylonToolbar_i.hardId - 14823d1c00000000000000ffd3fc8b8d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15400
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\server\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
  57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
  5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
  e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7b,8a,a4,41,66,fa,cc,01
.
[HKEY_USERS\S-1-5-21-129560445-3818396582-2292848211-1001\Software\SecuROM\License information*]
"datasecu"=hex:61,3b,44,e9,3b,02,14,c3,02,f9,33,8d,06,9f,a0,44,04,ac,ea,91,f1,
  91,26,2f,95,50,95,34,ea,71,02,0e,a1,2c,52,4e,75,b3,cf,48,fa,25,3c,81,64,d1,\
"rkeysecu"=hex:f4,2d,bc,4e,07,00,56,80,ae,94,46,f3,cf,01,cc,35
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-07  16:20:49
ComboFix-quarantined-files.txt  2012-03-07 15:20
.
Vor Suchlauf: 11 Verzeichnis(se), 24.830.599.168 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.446.562.304 Bytes frei
.
- - End Of File - - 888849A5728AB6FC01524D307880250D
--- --- ---

cosinus 07.03.2012 16:31
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

xan1m0rphx 07.03.2012 16:46
ASWMbr logfiles:

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 16:41:06
-----------------------------
16:41:06.971    OS Version: Windows x64 6.1.7600
16:41:06.971    Number of processors: 4 586 0x202
16:41:06.973    ComputerName: UNKNOWN  UserName: Manuel
16:41:08.642    Initialize success
16:42:12.903    AVAST engine defs: 12030700
16:43:22.651    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:43:22.657    Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 11
16:43:22.675    Disk 0 MBR read successfully
16:43:22.679    Disk 0 MBR scan
16:43:22.686    Disk 0 unknown MBR code
16:43:22.698    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS              100 MB offset 2048
16:43:22.710    Disk 0 Partition 2 00    07    HPFS/NTFS            250354 MB offset 206848
16:43:22.738    Disk 0 Partition 3 00    07    HPFS/NTFS F™öcO*?\  206000 MB offset 512931840
16:43:22.749    Disk 0 Partition - 00    0F Extended LBA            20482 MB offset 934819840
16:43:22.769    Disk 0 scanning C:\Windows\system32\drivers
16:43:22.775    Service scanning
16:43:54.702    Modules scanning
16:43:54.712    Disk 0 trace - called modules:
16:43:54.746    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:43:54.763    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050f5060]
16:43:54.777    3 CLASSPNP.SYS[fffff88001dd143f] -> nt!IofCallDriver -> [0xfffffa80049afbf0]
16:43:54.793    5 ACPI.sys[fffff880017a8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004987680]
16:43:56.647    AVAST engine scan C:\Windows
16:43:56.682    AVAST engine scan C:\Windows\system32
16:43:56.703    AVAST engine scan C:\Windows\system32\drivers
16:43:56.719    AVAST engine scan C:\Users\Manuel
16:43:56.736    AVAST engine scan C:\ProgramData
16:43:56.754    Scan finished successfully
16:45:23.140    Disk 0 MBR has been saved successfully to "C:\Users\Manuel\Desktop\MBR.dat"
16:45:23.153    The log file has been saved successfully to "C:\Users\Manuel\Desktop\aswMBR.txt"

xan1m0rphx 07.03.2012 19:18
Liste der Anhänge anzeigen (Anzahl: 1)
Eine frage nebenbei habe eben mal meinen Netzwerkmonitor beobachtet, in kaspersky.

Und hab folgenden Eintrag gefunden:
JRE-6U31-WINDOWS-I586.exe

Siehe anhang, hat das etwas zu bedeuten?

cosinus 07.03.2012 23:00
Zitat:
Siehe anhang, hat das etwas zu bedeuten?
Ist das Forum ein Ersatz-Google oder was hat das zu bedeuten?!
Einmal diesen Dateinamen bei Google und schon weiß jeder was das ist!

xan1m0rphx 08.03.2012 15:53
Ist es jetzt so schlimm das ich nachgefragt habe was das für eine .exe ist? o.O
Entschuldige das sie vill. einen schlechten tag hatten aber ich vertraue ihnen, deshalb fragte ich nacht dann Unterlasse ich dies nun.

Wie sieht es aus wegen den awmbr logs?
Und wie sehen die weiteren Schritte aus, sollte ich meine passwörter ändern?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:29 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20