Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AnitVirenSoftware hat "Worm/Bot.21504" gefunden (https://www.trojaner-board.de/102816-anitvirensoftware-hat-worm-bot-21504-gefunden.html)

<-IceD@te-> 29.08.2011 10:03
Guten Tag,

der ESET Online Scan ist durch. Dank GPRS-Verbindung... :pfui:

Hier das Ergebnis:

Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# Zeile vom BeitragsAutor entfernt
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-29 08:30:21
# local_time=2011-08-29 10:30:21 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777191 100 0 44058824 44058824 0 0
# compatibility_mode=8192 67108863 100 0 6795 6795 0 0
# scanned=69103
# found=0
# cleaned=0
# scan_time=2221
Sieht ja erstmal gut aus. Kann Entwarnung gegeben werden?

Ich prüfe nun (nach Neustart) nochmal mit Avira AntiVir Professional (Vollversion). Edit: Natürlich inklusive bestehender Internetverbindung!

MfG
Icy

cosinus 29.08.2011 10:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.30 11:34:37 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.08.23 13:07:05 | 000,021,504 | -H-- | C] () -- C:\Programme\Common\dvdaudio.exe
:Files
C:\Programme\Common
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

<-IceD@te-> 29.08.2011 10:19
Hallo cosinus,

Gut, OTL-Fix mache ich.

Soll ich den Avira AntiVir-Scan vorher NICHT durchführen?

Kannst du mir ganz kurz erläutern, was mit dem OTL-FIX gefixt wird (ein wenig hab ich eine Ahnung, bin mir aber nicht sicher)?

Und noch eine Frage: Hat es einen bestimmten Grund, dass wir für den Check gerade ESET Online Scanner genommen haben?

MfG
Icy

cosinus 29.08.2011 10:25
Steht eigentlich da was gefixt wird. Die entsprechenden Reg-Einträge dazu und die damit verknüpften Dateien, also die die in der Zeile jeweils angezeigt werden. Und natürlich wird der Ordner gelöscht, in dem dvdaudio drin war.

ESET benutze ich immer als zusätzliche "Meinung"

<-IceD@te-> 29.08.2011 10:40
Ok, Danke für die Info's. Ich mach' nun den OTL-Fix...

MfG
Icy

Edit: Besser den OTL-Fix im Abgesicherten Modus machen???

cosinus 29.08.2011 10:58
Nein, nutz den abgesicherten Modus nur wenn das nicht geht. Wenn du was im abgesicherten machen sollst, weise ich da schon vorher drauf hin.

<-IceD@te-> 29.08.2011 11:33
Was wird nun eigentlich aus den Dateien, welche AntiVir Prof. in Quarantäne verschoben hat (autorun.exe vom Wechseldatenträger, hdaudio.exe und dvdaudio.exe)?

OTLFix ist durch:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\ not found.
File E:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
File C:\Programme\Common\dvdaudio.exe not found.
========== FILES ==========
C:\Programme\Common\System\Ole DB\resources\1033 folder moved successfully.
C:\Programme\Common\System\Ole DB\resources\1031 folder moved successfully.
C:\Programme\Common\System\Ole DB\resources folder moved successfully.
C:\Programme\Common\System\Ole DB\Data Links folder moved successfully.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
C:\Programme\Common\SWF Studio folder moved successfully.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
C:\Programme\Common\ODBC\Data Sources folder moved successfully.
C:\Programme\Common\ODBC folder moved successfully.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Web Folders\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Folders folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components\10\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components\10 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components folder moved successfully.
C:\Programme\Common\Microsoft Shared\VS7Debug\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VS7Debug folder moved successfully.
C:\Programme\Common\Microsoft Shared\Visual Database Tools\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Visual Database Tools folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\VC folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA\VBA6\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA\VBA6 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Themes\Watermar folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\sumipntg folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Studio folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\strtedge folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\rmnsque folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\ricepapr folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Refined folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Radial folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Quad folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Profile folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Pixel folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Network folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Level folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Layers folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\indust folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\expeditn folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Edge folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Eclipse folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Echo folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\citrus folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Cascade folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\capsules folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\boldstri folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\blueprnt folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\blends folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Axis folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\artsy folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes folder moved successfully.
C:\Programme\Common\Microsoft Shared\TextConv folder moved successfully.
C:\Programme\Common\Microsoft Shared\Stationery folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Snapshot Viewer folder moved successfully.
C:\Programme\Common\Microsoft Shared\Reference Titles folder moved successfully.
C:\Programme\Common\Microsoft Shared\Proof\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Proof folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE12\Cultures folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE12 folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE11\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE11 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Office10\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Office10 folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\MSEnv folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDN folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7\Resources\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7\Resources folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7 folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSClientDataMgr folder moved successfully.
C:\Programme\Common\Microsoft Shared\Information Retrieval folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\3082 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\2052 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1042 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1041 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1040 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1036 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1033 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1028 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help folder moved successfully.
C:\Programme\Common\Microsoft Shared\Grphflt folder moved successfully.
C:\Programme\Common\Microsoft Shared\Euro folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\3082 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\2052 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1042 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1041 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1040 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1036 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1033 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1028 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1025 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Clipart\themes1\lines folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\themes1\bullets folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\themes1 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\cagcat50 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\autoshap folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart folder moved successfully.
C:\Programme\Common\Microsoft Shared\Artgalry folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
C:\Programme\Common\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05 folder moved successfully.
C:\Programme\Common\Java\Update\Base Images\jre1.5.0.b64 folder moved successfully.
C:\Programme\Common\Java\Update\Base Images folder moved successfully.
C:\Programme\Common\Java\Update folder moved successfully.
C:\Programme\Common\Java folder moved successfully.
C:\Programme\Common\InstallShield\WebUpdate folder moved successfully.
C:\Programme\Common\InstallShield\UpdateService folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11\00\Intel32 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11\00 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09\01\Intel32 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09\01 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime folder moved successfully.
C:\Programme\Common\InstallShield\Professional folder moved successfully.
C:\Programme\Common\InstallShield\IScript folder moved successfully.
C:\Programme\Common\InstallShield\Engine\6\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Engine\6 folder moved successfully.
C:\Programme\Common\InstallShield\Engine folder moved successfully.
C:\Programme\Common\InstallShield\Driver\8\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\8 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\1050\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\1050 folder moved successfully.
C:\Programme\Common\InstallShield\Driver folder moved successfully.
C:\Programme\Common\InstallShield folder moved successfully.
C:\Programme\Common\Dienste folder moved successfully.
C:\Programme\Common\Designer folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop\WorkDir folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop\PrivDir folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies\4.0\de folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies\4.0 folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies folder moved successfully.
C:\Programme\Common\Borland Shared\BDS folder moved successfully.
C:\Programme\Common\Borland Shared\BDE folder moved successfully.
C:\Programme\Common\Borland Shared folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\SampleDictionary folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\MSHelp folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash\256Color folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash\16Color folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Icons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards\Small folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards\Large folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\64x64 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\48x48 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\32x32 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\24x24 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\16x16 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\64x64 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\48x48 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\32x32 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\24x24 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\16x16 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations\transparent folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations\fixed folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Default folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Cursors folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Buttons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Backgrnd folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Debugger folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Data folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien folder moved successfully.
C:\Programme\Common\Borland folder moved successfully.
C:\Programme\Common\AVSMedia\MobileUploader folder moved successfully.
C:\Programme\Common\AVSMedia\BurnerService folder moved successfully.
C:\Programme\Common\AVSMedia\ActiveX folder moved successfully.
C:\Programme\Common\AVSMedia folder moved successfully.
C:\Programme\Common\ArcSoft\MPEG Engine folder moved successfully.
C:\Programme\Common\ArcSoft\Connection Service folder moved successfully.
C:\Programme\Common\ArcSoft folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\win folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\Mac folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\Adobe folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\ICU folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt folder moved successfully.
C:\Programme\Common\Adobe folder moved successfully.
Folder move failed. C:\Programme\Common scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: GE
->Temp folder emptied: 23876641 bytes
->Temporary Internet Files folder emptied: 1101850 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27598483 bytes
->Flash cache emptied: 1668 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33474 bytes
 
User: MasterSync
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2215244 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13030 bytes
RecycleBin emptied: 2602220 bytes
 
Total Files Cleaned = 55,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08292011_121557

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Im Common-Verzeichnis steht ja ne ganze Menge drin... Kann es durch das Verschieben zu Problemen kommen?

MfG
Icy

cosinus 29.08.2011 12:07
Hm, fällt mir auch gerad auf. Naja, notfalls kannste das Verzeichnis ja wiederherstellen,

Zitat:
Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

<-IceD@te-> 29.08.2011 12:35
Done... :)

Code:
2011/08/29 13:25:14.0562 3948        TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 13:25:14.0625 3948        ================================================================================
2011/08/29 13:25:14.0625 3948        SystemInfo:
2011/08/29 13:25:14.0625 3948       
2011/08/29 13:25:14.0625 3948        OS Version: 5.1.2600 ServicePack: 2.0
2011/08/29 13:25:14.0625 3948        Product type: Workstation
2011/08/29 13:25:14.0625 3948        ComputerName: JUSTIER
2011/08/29 13:25:14.0625 3948        UserName: GE
2011/08/29 13:25:14.0625 3948        Windows directory: C:\WINDOWS
2011/08/29 13:25:14.0625 3948        System windows directory: C:\WINDOWS
2011/08/29 13:25:14.0625 3948        Processor architecture: Intel x86
2011/08/29 13:25:14.0625 3948        Number of processors: 1
2011/08/29 13:25:14.0625 3948        Page size: 0x1000
2011/08/29 13:25:14.0625 3948        Boot type: Normal boot
2011/08/29 13:25:14.0625 3948        ================================================================================
2011/08/29 13:25:15.0921 3948        Initialize success
2011/08/29 13:25:20.0984 4036        ================================================================================
2011/08/29 13:25:20.0984 4036        Scan started
2011/08/29 13:25:20.0984 4036        Mode: Manual;
2011/08/29 13:25:20.0984 4036        ================================================================================
2011/08/29 13:25:22.0046 4036        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/29 13:25:22.0125 4036        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/29 13:25:22.0281 4036        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/08/29 13:25:22.0375 4036        Afc            (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/08/29 13:25:22.0453 4036        AFD            (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/29 13:25:22.0765 4036        ALCXWDM        (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/29 13:25:23.0046 4036        AmdK8          (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/29 13:25:23.0359 4036        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/29 13:25:23.0437 4036        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/29 13:25:23.0531 4036        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/29 13:25:23.0609 4036        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/29 13:25:23.0734 4036        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/08/29 13:25:23.0828 4036        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/29 13:25:23.0953 4036        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/29 13:25:24.0031 4036        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/29 13:25:24.0109 4036        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/29 13:25:24.0187 4036        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/29 13:25:24.0328 4036        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/29 13:25:24.0421 4036        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/29 13:25:24.0500 4036        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/29 13:25:24.0703 4036        cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys
2011/08/29 13:25:25.0000 4036        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/29 13:25:25.0093 4036        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/29 13:25:25.0218 4036        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/29 13:25:25.0312 4036        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/29 13:25:25.0406 4036        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/29 13:25:25.0531 4036        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/29 13:25:25.0625 4036        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/29 13:25:25.0703 4036        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/29 13:25:25.0781 4036        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/29 13:25:25.0890 4036        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/29 13:25:26.0000 4036        FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/29 13:25:26.0078 4036        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/29 13:25:26.0203 4036        FTDIBUS        (7d1a4851c3daa76b0b82af5f73479e8c) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/29 13:25:26.0296 4036        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/29 13:25:26.0375 4036        FTSER2K        (90570ec16c55548e3565ac8599939063) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/29 13:25:26.0453 4036        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/29 13:25:26.0531 4036        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/29 13:25:26.0656 4036        HTTP            (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/29 13:25:26.0890 4036        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/29 13:25:26.0984 4036        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/29 13:25:27.0125 4036        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/29 13:25:27.0187 4036        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/29 13:25:27.0265 4036        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/29 13:25:27.0328 4036        IpNat          (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/29 13:25:27.0390 4036        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/29 13:25:27.0453 4036        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/29 13:25:27.0531 4036        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/29 13:25:27.0578 4036        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/29 13:25:27.0671 4036        kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/29 13:25:27.0750 4036        KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/29 13:25:27.0921 4036        MBAMProtector  (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/29 13:25:28.0015 4036        mf              (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/08/29 13:25:28.0093 4036        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/29 13:25:28.0171 4036        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/29 13:25:28.0281 4036        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/29 13:25:28.0343 4036        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/29 13:25:28.0437 4036        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/29 13:25:28.0531 4036        MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/29 13:25:28.0593 4036        MRxSmb          (1b9329a08b56963db7f36b1a364d63ac) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/29 13:25:28.0640 4036        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/29 13:25:28.0734 4036        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/29 13:25:28.0812 4036        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/29 13:25:28.0890 4036        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/29 13:25:28.0984 4036        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/29 13:25:29.0062 4036        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/29 13:25:29.0156 4036        Mup            (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/29 13:25:29.0218 4036        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/29 13:25:29.0296 4036        ndc            (263bdcc8d239483c773c1f944dc704af) C:\WINDOWS\System32\Drivers\ndc.sys
2011/08/29 13:25:29.0406 4036        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/29 13:25:29.0500 4036        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/29 13:25:29.0578 4036        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/29 13:25:29.0687 4036        Ndisuio        (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/29 13:25:29.0796 4036        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/29 13:25:29.0906 4036        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/29 13:25:29.0968 4036        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/29 13:25:30.0031 4036        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/29 13:25:30.0109 4036        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/29 13:25:30.0203 4036        Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/29 13:25:30.0312 4036        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/29 13:25:30.0500 4036        nv              (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/29 13:25:30.0703 4036        NVENETFD        (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/29 13:25:30.0796 4036        nvnetbus        (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/29 13:25:30.0906 4036        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/29 13:25:30.0984 4036        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/29 13:25:31.0093 4036        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/29 13:25:31.0171 4036        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/29 13:25:31.0234 4036        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/29 13:25:31.0343 4036        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/29 13:25:31.0437 4036        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/29 13:25:31.0531 4036        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/29 13:25:31.0937 4036        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/29 13:25:31.0984 4036        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/29 13:25:32.0046 4036        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/29 13:25:32.0109 4036        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/29 13:25:32.0406 4036        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/29 13:25:32.0468 4036        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/29 13:25:32.0531 4036        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/29 13:25:32.0593 4036        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/29 13:25:32.0671 4036        Rdbss          (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/29 13:25:32.0734 4036        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/29 13:25:32.0859 4036        RDPWD          (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/29 13:25:32.0953 4036        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/29 13:25:33.0078 4036        Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/29 13:25:33.0171 4036        Ser2pl          (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/08/29 13:25:33.0250 4036        serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/29 13:25:33.0296 4036        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/29 13:25:33.0359 4036        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/29 13:25:33.0484 4036        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/29 13:25:33.0609 4036        splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/29 13:25:33.0687 4036        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/29 13:25:33.0765 4036        Srv            (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/29 13:25:33.0890 4036        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/29 13:25:33.0984 4036        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/29 13:25:34.0078 4036        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/29 13:25:34.0156 4036        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/29 13:25:34.0406 4036        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/29 13:25:34.0515 4036        Tcpip          (63fdfea54eb53de2d863ee454937ce1e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/29 13:25:34.0625 4036        Tcpip6          (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/29 13:25:34.0734 4036        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/29 13:25:34.0828 4036        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/29 13:25:34.0937 4036        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/29 13:25:35.0062 4036        tunmp          (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/29 13:25:35.0140 4036        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/29 13:25:35.0281 4036        Update          (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/29 13:25:35.0375 4036        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/29 13:25:35.0453 4036        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/29 13:25:35.0515 4036        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/29 13:25:35.0578 4036        usbohci        (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/29 13:25:35.0640 4036        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/29 13:25:35.0765 4036        usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/08/29 13:25:35.0875 4036        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/29 13:25:35.0968 4036        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/29 13:25:36.0109 4036        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/29 13:25:36.0187 4036        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/29 13:25:36.0312 4036        wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/29 13:25:36.0406 4036        WinDriver      (d8ab83200e425dad81579ea7067507c5) C:\WINDOWS\system32\Drivers\windrvr.sys
2011/08/29 13:25:36.0546 4036        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/29 13:25:36.0625 4036        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/29 13:25:36.0687 4036        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/29 13:25:36.0812 4036        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/29 13:25:36.0906 4036        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/29 13:25:37.0000 4036        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/08/29 13:25:37.0140 4036        MBR (0x1B8)    (5ef6a0e06c9acb51baa834c56e2bac68) \Device\Harddisk1\DR2
2011/08/29 13:25:38.0046 4036        Boot (0x1200)  (72f9231fd04ff69dcb44088b513e7ab4) \Device\Harddisk0\DR0\Partition0
2011/08/29 13:25:38.0046 4036        ================================================================================
2011/08/29 13:25:38.0046 4036        Scan finished
2011/08/29 13:25:38.0046 4036        ================================================================================
2011/08/29 13:25:38.0062 4020        Detected object count: 0
2011/08/29 13:25:38.0062 4020        Actual detected object count: 0

Kann ich unhide auch prophylaktisch ausführen oder birgt das Risiken? Ich weiß nämlich nicht, ob da was fehlt. Niemand hier hat einen vollständigen Überblick, was auf dem WurmPC Alles drauf sein müsste...

Was wird nun aus den Dateien, welche AntiVir in Quarantäne verschoben hat?


MfG
Icy

cosinus 29.08.2011 12:37
Zitat:
Kann ich unhide auch prophylaktisch ausführen oder birgt das Risiken?
Nein, wenn nichts vermisst wird, lässt du es sein. Unhide setzt auch nur die Attribute zurück, falls diese so gesetzt sind, dass die eigenen Datein versteckt sind.

Zitat:
Was wird nun aus den Dateien, welche AntiVir in Quarantäne verschoben hat?
Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

<-IceD@te-> 29.08.2011 12:49
Zitat:
Zitat von cosinus
Du weißt, was eine Quarantäne ist?
Hmm, denke schon - mein Verständnis davon sieht so aus: Der Schädling (eine Datei) wird umbenannt (Name und Erweiterung) und in einen anderen Ordner verschoben... Wenn ich den Ursprungsordner und Dateinamen kenne, könnte ich den Schädling wieder aktivieren...
Recht so?

Zitat:
Zitat von cosinus
Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
Auch klar soweit - Danke nochmal für den Hinweis. In meinem Fall sind das doch Alles neu angelegte, schädliche Dateien ohne weitere Funktionen gewesen, oder? Zumindest die von AntiVir Kaltgestellten. Deswegen dachte ich diese zu löschen wäre sinnvoll... Wozu sollte der Datenmüll noch auf der Platte rumhocken, dachte ich!?!

Können wir nun Entwarnung für den WurmPC geben und ihn wieder PC nennen???

cosinus 29.08.2011 12:59
Zitat:
Wenn ich den Ursprungsordner und Dateinamen kenne, könnte ich den Schädling wieder aktivieren...
Ist doch arg konstruiert, von alleine stellt sich nichts aus der Q wieder her. Es ist übertrieben hysterisch, sofort alles aus der Q zu verbannen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

<-IceD@te-> 29.08.2011 13:13
Ich glaub' ich hab' es langsam kapiert: Wenn du auf eine Frage nicht antwortest, dann nicht weil du sie überlesen hast, sondern weil die Frage irgendwie überflüssig ist oder sich durch deine nächste Antwort von selbst beantwortet... right? :daumenhoc

ComboFix ist in Arbeit....

cosinus 29.08.2011 13:34
Ja, so in etwa...vieles ergibt sich und ich will mir nicht ständig die Finger wundtippen. Manchmal weise ich aber auch darauf hin, dass man manche Sachen lieber nach der Bereinigung klären will ;)

<-IceD@te-> 29.08.2011 14:39
So, CF ist nun auch durch:

Code:
ComboFix 11-08-29.01 - GE 29.08.2011  14:52:41.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.959.569 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\GE\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\GE\WINDOWS
C:\ipconfig.txt
c:\windows\IsUn0407.exe
c:\windows\system32\system32
c:\windows\system32\system32\bcbsmp35.bpl
c:\windows\system32\system32\borlndmm.dll
c:\windows\system32\system32\cp3240mt.dll
c:\windows\system32\system32\qrpt35.bpl
c:\windows\system32\system32\vcl35.bpl
c:\windows\system32\system32\vcldb35.bpl
c:\windows\system32\system32\vclx35.bpl
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDriver
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-07-28 bis 2011-08-29  ))))))))))))))))))))))))))))))
.
.
2011-08-29 10:15 . 2011-08-29 10:15        --------        d-----w-        C:\_OTL
2011-08-29 06:00 . 2011-08-29 06:00        --------        d-----w-        c:\programme\ESET
2011-08-29 05:47 . 2011-08-29 05:47        16856        ----a-w-        c:\programme\Mozilla Firefox\plugin-container.exe
2011-08-29 05:47 . 2011-08-29 05:47        719832        ----a-w-        c:\programme\Mozilla Firefox\mozcpp19.dll
2011-08-29 05:30 . 2011-08-29 05:30        --------        d-----w-        c:\dokumente und einstellungen\GE\Lokale Einstellungen\Anwendungsdaten\updater4g
2011-08-29 05:29 . 2011-08-29 05:30        --------        d-----w-        c:\dokumente und einstellungen\GE\Anwendungsdaten\XSManager
2011-08-29 05:29 . 2010-03-19 15:15        313104        ----a-r-        c:\windows\updater4g.exe
2011-08-29 05:29 . 2010-03-19 15:14        161040        ----a-r-        c:\windows\starter4g.exe
2011-08-29 05:29 . 2010-03-19 15:13        145680        ----a-r-        c:\windows\service4g.exe
2011-08-29 05:29 . 2011-08-29 05:29        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\XSManager
2011-08-29 05:28 . 2008-10-31 14:19        103424        ----a-w-        c:\windows\system32\drivers\cmnsusbser.sys
2011-08-29 05:28 . 2011-08-29 05:28        --------        d-----w-        c:\programme\XSManager
2011-08-26 13:18 . 2011-08-26 13:18        --------        d-----w-        c:\dokumente und einstellungen\GE\Anwendungsdaten\Malwarebytes
2011-08-26 12:36 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-26 12:36 . 2011-08-26 12:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-08-26 12:36 . 2011-08-26 14:22        --------        d-----w-        c:\programme\MalwarebytesAM
2011-08-26 12:36 . 2011-07-06 17:52        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-08-23 13:02 . 2011-08-26 13:03        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2011-08-17 05:59 . 2011-08-17 05:59        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 06:46 . 2010-04-06 09:19        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-08-24 06:46 . 2010-04-06 09:19        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-08-24 06:46 . 2010-04-06 09:19        82952        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2011-08-24 06:46 . 2010-04-06 09:19        106904        ----a-w-        c:\windows\system32\drivers\avfwot.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2006-01-12 . 09948E79FB7E232EA8DA7B6E14550589 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58        333192        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Malwarebytes' Anti-Malware"="c:\programme\MalwarebytesAM\mbamgui.exe" [2011-07-06 449584]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\AutorunsDisabled
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEN Taskbar Client]
2003-11-20 01:00        106496        ----a-w-        c:\programme\KEN!\kentbcli.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-10 13:49        86016        ----a-w-        c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42        90112        ------r-        c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-05 06:57        68856        ----a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Hummingbird\\Connectivity\\7.11\\Exceed\\exceed.exe"=
"c:\\Programme\\KEN!\\kentbcli.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Borland\\BDS\\4.0\\RaveReports\\Rave.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"3197:TCP"= 3197:TCP:xbdgyaiw
.
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [06.04.2010 11:19 340136]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.04.2010 11:19 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [06.04.2010 11:19 428200]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 KEN Client Service;AVM KEN Klient;c:\programme\KEN!\kencli.exe [17.03.2006 08:32 49204]
R2 MBAMService;MBAMService;c:\programme\MalwarebytesAM\mbamservice.exe [26.08.2011 14:36 366640]
R2 ndc;AVM KEN CAPI;c:\windows\system32\drivers\ndc.sys [17.03.2006 08:32 57664]
R2 WTGService;WTGService;c:\programme\XSManager\WTGService.exe [29.08.2011 07:28 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [29.08.2011 07:29 145680]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [29.08.2011 07:28 103424]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.08.2011 14:36 22712]
S2 btyxuqfev;Security Time;c:\windows\system32\svchost.exe -k netsvcs [04.08.2004 12:00 14336]
S3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys --> c:\windows\system32\Drivers\ov550i.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
btyxuqfev
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{1E7AAA65-8F0C-4DF1-8194-08DCE847C535}: NameServer = 172.16.10.23
FF - ProfilePath - c:\dokumente und einstellungen\GE\Anwendungsdaten\Mozilla\Firefox\Profiles\2qi6siok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AVM KEN! - c:\windows\ISUN0407.EXE
AddRemove-EAGLE 4.09 - c:\windows\unin0407.exe
AddRemove-G-MW - c:\windows\unin0407.exe
AddRemove-Installation PC-Software TG uni 1 - c:\windows\unin0407.exe
AddRemove-Kali_Tg - c:\windows\unin0407.exe
AddRemove-TG_ uni_1 - c:\windows\unin0407.exe
AddRemove-TG_TE - c:\windows\unin0407.exe
AddRemove-Borland C++Builder 3 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-29 15:01
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Hummingbird\Connectivity\7.11\HostExplorer\Ftp\heshell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-29  15:04:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-29 13:04
.
Vor Suchlauf: 24 Verzeichnis(se), 26.928.197.632 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 26.817.474.560 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 45AC7A5C2552021B5CBBA43FF231FCB9
StandBy...


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:43 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131