AnitVirenSoftware hat "Worm/Bot.21504" gefunden

<-IceD@te-> · 29.08.2011, 10:03

Guten Tag,

der ESET Online Scan ist durch. Dank GPRS-Verbindung...

Hier das Ergebnis:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# Zeile vom BeitragsAutor entfernt
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-29 08:30:21
# local_time=2011-08-29 10:30:21 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777191 100 0 44058824 44058824 0 0
# compatibility_mode=8192 67108863 100 0 6795 6795 0 0
# scanned=69103
# found=0
# cleaned=0
# scan_time=2221

Sieht ja erstmal gut aus. Kann Entwarnung gegeben werden?

Ich prüfe nun (nach Neustart) nochmal mit Avira AntiVir Professional (Vollversion). Edit: Natürlich inklusive bestehender Internetverbindung!

MfG
Icy

cosinus · 29.08.2011, 10:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.30 11:34:37 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell - "" = AutoRun
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.08.23 13:07:05 | 000,021,504 | -H-- | C] () -- C:\Programme\Common\dvdaudio.exe
:Files
C:\Programme\Common
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

<-IceD@te-> · 29.08.2011, 10:19

Hallo cosinus,

Gut, OTL-Fix mache ich.

Soll ich den Avira AntiVir-Scan vorher NICHT durchführen?

Kannst du mir ganz kurz erläutern, was mit dem OTL-FIX gefixt wird (ein wenig hab ich eine Ahnung, bin mir aber nicht sicher)?

Und noch eine Frage: Hat es einen bestimmten Grund, dass wir für den Check gerade ESET Online Scanner genommen haben?

MfG
Icy

cosinus · 29.08.2011, 10:25

Steht eigentlich da was gefixt wird. Die entsprechenden Reg-Einträge dazu und die damit verknüpften Dateien, also die die in der Zeile jeweils angezeigt werden. Und natürlich wird der Ordner gelöscht, in dem dvdaudio drin war.

ESET benutze ich immer als zusätzliche "Meinung"

<-IceD@te-> · 29.08.2011, 10:40

Ok, Danke für die Info's. Ich mach' nun den OTL-Fix...

MfG
Icy

Edit: Besser den OTL-Fix im Abgesicherten Modus machen???

cosinus · 29.08.2011, 10:58

Nein, nutz den abgesicherten Modus nur wenn das nicht geht. Wenn du was im abgesicherten machen sollst, weise ich da schon vorher drauf hin.

<-IceD@te-> · 29.08.2011, 11:33

Was wird nun eigentlich aus den Dateien, welche AntiVir Prof. in Quarantäne verschoben hat (autorun.exe vom Wechseldatenträger, hdaudio.exe und dvdaudio.exe)?

OTLFix ist durch:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b38382-de14-11dd-a420-00138f6c4ef8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a0-05b2-11df-a57c-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401f12a5-05b2-11df-a57c-00138f6c4ef8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{846724da-3bcb-11df-a5bd-00138f6c4ef8}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1ec3f7e-1620-11df-a595-00138f6c4ef8}\ not found.
File E:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91a-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91b-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91d-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f572d91e-0b03-11df-a585-00138f6c4ef8}\ not found.
File E:\AutoRun.exe not found.
File C:\Programme\Common\dvdaudio.exe not found.
========== FILES ==========
C:\Programme\Common\System\Ole DB\resources\1033 folder moved successfully.
C:\Programme\Common\System\Ole DB\resources\1031 folder moved successfully.
C:\Programme\Common\System\Ole DB\resources folder moved successfully.
C:\Programme\Common\System\Ole DB\Data Links folder moved successfully.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
C:\Programme\Common\SWF Studio folder moved successfully.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
C:\Programme\Common\ODBC\Data Sources folder moved successfully.
C:\Programme\Common\ODBC folder moved successfully.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Web Folders\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Folders folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components\10\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components\10 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Web Components folder moved successfully.
C:\Programme\Common\Microsoft Shared\VS7Debug\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VS7Debug folder moved successfully.
C:\Programme\Common\Microsoft Shared\Visual Database Tools\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Visual Database Tools folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\VC folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA\VBA6\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA\VBA6 folder moved successfully.
C:\Programme\Common\Microsoft Shared\VBA folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Themes\Watermar folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\sumipntg folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Studio folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\strtedge folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\rmnsque folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\ricepapr folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Refined folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Radial folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Quad folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Profile folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Pixel folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Network folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Level folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Layers folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\indust folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\expeditn folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Edge folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Eclipse folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Echo folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\citrus folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Cascade folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\capsules folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\boldstri folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\blueprnt folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\blends folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\Axis folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes\artsy folder moved successfully.
C:\Programme\Common\Microsoft Shared\Themes folder moved successfully.
C:\Programme\Common\Microsoft Shared\TextConv folder moved successfully.
C:\Programme\Common\Microsoft Shared\Stationery folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Snapshot Viewer folder moved successfully.
C:\Programme\Common\Microsoft Shared\Reference Titles folder moved successfully.
C:\Programme\Common\Microsoft Shared\Proof\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Proof folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE12\Cultures folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE12 folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE11\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\OFFICE11 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Office10\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Office10 folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\MSEnv folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDN folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7\Resources\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7\Resources folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSDesigners7 folder moved successfully.
C:\Programme\Common\Microsoft Shared\MSClientDataMgr folder moved successfully.
C:\Programme\Common\Microsoft Shared\Information Retrieval folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\3082 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\2052 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1042 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1041 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1040 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1036 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1033 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help\1028 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Help folder moved successfully.
C:\Programme\Common\Microsoft Shared\Grphflt folder moved successfully.
C:\Programme\Common\Microsoft Shared\Euro folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\3082 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\2052 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1042 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1041 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1040 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1036 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1033 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1031 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1028 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW\1025 folder moved successfully.
C:\Programme\Common\Microsoft Shared\DW folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
C:\Programme\Common\Microsoft Shared\Clipart\themes1\lines folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\themes1\bullets folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\themes1 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\cagcat50 folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart\autoshap folder moved successfully.
C:\Programme\Common\Microsoft Shared\Clipart folder moved successfully.
C:\Programme\Common\Microsoft Shared\Artgalry folder moved successfully.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
C:\Programme\Common\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05 folder moved successfully.
C:\Programme\Common\Java\Update\Base Images\jre1.5.0.b64 folder moved successfully.
C:\Programme\Common\Java\Update\Base Images folder moved successfully.
C:\Programme\Common\Java\Update folder moved successfully.
C:\Programme\Common\Java folder moved successfully.
C:\Programme\Common\InstallShield\WebUpdate folder moved successfully.
C:\Programme\Common\InstallShield\UpdateService folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11\00\Intel32 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11\00 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\11 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09\01\Intel32 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09\01 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime\09 folder moved successfully.
C:\Programme\Common\InstallShield\Professional\RunTime folder moved successfully.
C:\Programme\Common\InstallShield\Professional folder moved successfully.
C:\Programme\Common\InstallShield\IScript folder moved successfully.
C:\Programme\Common\InstallShield\Engine\6\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Engine\6 folder moved successfully.
C:\Programme\Common\InstallShield\Engine folder moved successfully.
C:\Programme\Common\InstallShield\Driver\8\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\8 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\1050\Intel 32 folder moved successfully.
C:\Programme\Common\InstallShield\Driver\1050 folder moved successfully.
C:\Programme\Common\InstallShield\Driver folder moved successfully.
C:\Programme\Common\InstallShield folder moved successfully.
C:\Programme\Common\Dienste folder moved successfully.
C:\Programme\Common\Designer folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop\WorkDir folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop\PrivDir folder moved successfully.
C:\Programme\Common\Borland Shared\Database Desktop folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies\4.0\de folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies\4.0 folder moved successfully.
C:\Programme\Common\Borland Shared\BDS\Shared Assemblies folder moved successfully.
C:\Programme\Common\Borland Shared\BDS folder moved successfully.
C:\Programme\Common\Borland Shared\BDE folder moved successfully.
C:\Programme\Common\Borland Shared folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\SampleDictionary folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\MSHelp folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash\256Color folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash\16Color folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Splash folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Icons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards\Small folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards\Large folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Wizards folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\64x64 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\48x48 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\32x32 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\24x24 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG\16x16 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\PNG folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\64x64 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\48x48 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\32x32 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\24x24 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP\16x16 folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons\BMP folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Icons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations\transparent folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations\fixed folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX\Animations folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\GlyFX folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Default folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Cursors folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Buttons folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images\Backgrnd folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Images folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Debugger folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien\Data folder moved successfully.
C:\Programme\Common\Borland Gemeinsame Dateien folder moved successfully.
C:\Programme\Common\Borland folder moved successfully.
C:\Programme\Common\AVSMedia\MobileUploader folder moved successfully.
C:\Programme\Common\AVSMedia\BurnerService folder moved successfully.
C:\Programme\Common\AVSMedia\ActiveX folder moved successfully.
C:\Programme\Common\AVSMedia folder moved successfully.
C:\Programme\Common\ArcSoft\MPEG Engine folder moved successfully.
C:\Programme\Common\ArcSoft\Connection Service folder moved successfully.
C:\Programme\Common\ArcSoft folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\win folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\Mac folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings\Adobe folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\Mappings folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode\ICU folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt\Unicode folder moved successfully.
C:\Programme\Common\Adobe\TypeSpt folder moved successfully.
C:\Programme\Common\Adobe folder moved successfully.
Folder move failed. C:\Programme\Common scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: GE
->Temp folder emptied: 23876641 bytes
->Temporary Internet Files folder emptied: 1101850 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27598483 bytes
->Flash cache emptied: 1668 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33474 bytes
 
User: MasterSync
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2215244 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13030 bytes
RecycleBin emptied: 2602220 bytes
 
Total Files Cleaned = 55,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08292011_121557

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\System scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\TTS scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon\1033 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft\Lexicon scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\SpeechEngines scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries\Resources scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap\Binaries scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\MSSoap scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\_vti_bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\servsupp scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_aut scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi\_vti_adm scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\isapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots\vinavbar scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bots scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\bin scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admisapi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi\scripts scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40\admcgi scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions\40 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\web server extensions scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\VGX scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Triedit scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech\1031 scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\Speech scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\MSInfo scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared\DAO scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common\Microsoft Shared scheduled to be moved on reboot.
Folder move failed. C:\Programme\Common scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Im Common-Verzeichnis steht ja ne ganze Menge drin... Kann es durch das Verschieben zu Problemen kommen?

MfG
Icy

cosinus · 29.08.2011, 12:07

Hm, fällt mir auch gerad auf. Naja, notfalls kannste das Verzeichnis ja wiederherstellen,

Zitat:

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

<-IceD@te-> · 29.08.2011, 12:35

Done...

Code:

ATTFilter

2011/08/29 13:25:14.0562 3948	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 13:25:14.0625 3948	================================================================================
2011/08/29 13:25:14.0625 3948	SystemInfo:
2011/08/29 13:25:14.0625 3948	
2011/08/29 13:25:14.0625 3948	OS Version: 5.1.2600 ServicePack: 2.0
2011/08/29 13:25:14.0625 3948	Product type: Workstation
2011/08/29 13:25:14.0625 3948	ComputerName: JUSTIER
2011/08/29 13:25:14.0625 3948	UserName: GE
2011/08/29 13:25:14.0625 3948	Windows directory: C:\WINDOWS
2011/08/29 13:25:14.0625 3948	System windows directory: C:\WINDOWS
2011/08/29 13:25:14.0625 3948	Processor architecture: Intel x86
2011/08/29 13:25:14.0625 3948	Number of processors: 1
2011/08/29 13:25:14.0625 3948	Page size: 0x1000
2011/08/29 13:25:14.0625 3948	Boot type: Normal boot
2011/08/29 13:25:14.0625 3948	================================================================================
2011/08/29 13:25:15.0921 3948	Initialize success
2011/08/29 13:25:20.0984 4036	================================================================================
2011/08/29 13:25:20.0984 4036	Scan started
2011/08/29 13:25:20.0984 4036	Mode: Manual; 
2011/08/29 13:25:20.0984 4036	================================================================================
2011/08/29 13:25:22.0046 4036	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/29 13:25:22.0125 4036	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/29 13:25:22.0281 4036	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/08/29 13:25:22.0375 4036	Afc             (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/08/29 13:25:22.0453 4036	AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/29 13:25:22.0765 4036	ALCXWDM         (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/29 13:25:23.0046 4036	AmdK8           (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/29 13:25:23.0359 4036	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/29 13:25:23.0437 4036	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/29 13:25:23.0531 4036	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/29 13:25:23.0609 4036	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/29 13:25:23.0734 4036	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/08/29 13:25:23.0828 4036	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/29 13:25:23.0953 4036	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/29 13:25:24.0031 4036	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/29 13:25:24.0109 4036	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/29 13:25:24.0187 4036	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/29 13:25:24.0328 4036	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/29 13:25:24.0421 4036	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/29 13:25:24.0500 4036	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/29 13:25:24.0703 4036	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys
2011/08/29 13:25:25.0000 4036	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/29 13:25:25.0093 4036	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/29 13:25:25.0218 4036	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/29 13:25:25.0312 4036	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/29 13:25:25.0406 4036	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/29 13:25:25.0531 4036	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/29 13:25:25.0625 4036	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/29 13:25:25.0703 4036	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/29 13:25:25.0781 4036	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/29 13:25:25.0890 4036	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/29 13:25:26.0000 4036	FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/29 13:25:26.0078 4036	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/29 13:25:26.0203 4036	FTDIBUS         (7d1a4851c3daa76b0b82af5f73479e8c) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/29 13:25:26.0296 4036	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/29 13:25:26.0375 4036	FTSER2K         (90570ec16c55548e3565ac8599939063) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/29 13:25:26.0453 4036	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/29 13:25:26.0531 4036	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/29 13:25:26.0656 4036	HTTP            (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/29 13:25:26.0890 4036	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/29 13:25:26.0984 4036	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/29 13:25:27.0125 4036	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/29 13:25:27.0187 4036	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/29 13:25:27.0265 4036	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/29 13:25:27.0328 4036	IpNat           (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/29 13:25:27.0390 4036	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/29 13:25:27.0453 4036	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/29 13:25:27.0531 4036	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/29 13:25:27.0578 4036	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/29 13:25:27.0671 4036	kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/29 13:25:27.0750 4036	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/29 13:25:27.0921 4036	MBAMProtector   (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/29 13:25:28.0015 4036	mf              (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/08/29 13:25:28.0093 4036	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/29 13:25:28.0171 4036	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/29 13:25:28.0281 4036	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/29 13:25:28.0343 4036	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/29 13:25:28.0437 4036	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/29 13:25:28.0531 4036	MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/29 13:25:28.0593 4036	MRxSmb          (1b9329a08b56963db7f36b1a364d63ac) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/29 13:25:28.0640 4036	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/29 13:25:28.0734 4036	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/29 13:25:28.0812 4036	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/29 13:25:28.0890 4036	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/29 13:25:28.0984 4036	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/29 13:25:29.0062 4036	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/29 13:25:29.0156 4036	Mup             (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/29 13:25:29.0218 4036	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/29 13:25:29.0296 4036	ndc             (263bdcc8d239483c773c1f944dc704af) C:\WINDOWS\System32\Drivers\ndc.sys
2011/08/29 13:25:29.0406 4036	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/29 13:25:29.0500 4036	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/29 13:25:29.0578 4036	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/29 13:25:29.0687 4036	Ndisuio         (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/29 13:25:29.0796 4036	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/29 13:25:29.0906 4036	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/29 13:25:29.0968 4036	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/29 13:25:30.0031 4036	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/29 13:25:30.0109 4036	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/29 13:25:30.0203 4036	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/29 13:25:30.0312 4036	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/29 13:25:30.0500 4036	nv              (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/29 13:25:30.0703 4036	NVENETFD        (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/29 13:25:30.0796 4036	nvnetbus        (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/29 13:25:30.0906 4036	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/29 13:25:30.0984 4036	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/29 13:25:31.0093 4036	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/29 13:25:31.0171 4036	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/29 13:25:31.0234 4036	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/29 13:25:31.0343 4036	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/29 13:25:31.0437 4036	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/29 13:25:31.0531 4036	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/29 13:25:31.0937 4036	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/29 13:25:31.0984 4036	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/29 13:25:32.0046 4036	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/29 13:25:32.0109 4036	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/29 13:25:32.0406 4036	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/29 13:25:32.0468 4036	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/29 13:25:32.0531 4036	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/29 13:25:32.0593 4036	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/29 13:25:32.0671 4036	Rdbss           (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/29 13:25:32.0734 4036	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/29 13:25:32.0859 4036	RDPWD           (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/29 13:25:32.0953 4036	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/29 13:25:33.0078 4036	Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/29 13:25:33.0171 4036	Ser2pl          (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/08/29 13:25:33.0250 4036	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/29 13:25:33.0296 4036	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/29 13:25:33.0359 4036	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/29 13:25:33.0484 4036	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/29 13:25:33.0609 4036	splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/29 13:25:33.0687 4036	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/29 13:25:33.0765 4036	Srv             (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/29 13:25:33.0890 4036	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/29 13:25:33.0984 4036	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/29 13:25:34.0078 4036	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/29 13:25:34.0156 4036	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/29 13:25:34.0406 4036	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/29 13:25:34.0515 4036	Tcpip           (63fdfea54eb53de2d863ee454937ce1e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/29 13:25:34.0625 4036	Tcpip6          (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/08/29 13:25:34.0734 4036	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/29 13:25:34.0828 4036	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/29 13:25:34.0937 4036	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/29 13:25:35.0062 4036	tunmp           (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/29 13:25:35.0140 4036	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/29 13:25:35.0281 4036	Update          (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/29 13:25:35.0375 4036	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/29 13:25:35.0453 4036	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/29 13:25:35.0515 4036	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/29 13:25:35.0578 4036	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/29 13:25:35.0640 4036	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/29 13:25:35.0765 4036	usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/08/29 13:25:35.0875 4036	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/29 13:25:35.0968 4036	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/29 13:25:36.0109 4036	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/29 13:25:36.0187 4036	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/29 13:25:36.0312 4036	wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/29 13:25:36.0406 4036	WinDriver       (d8ab83200e425dad81579ea7067507c5) C:\WINDOWS\system32\Drivers\windrvr.sys
2011/08/29 13:25:36.0546 4036	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/29 13:25:36.0625 4036	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/29 13:25:36.0687 4036	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/29 13:25:36.0812 4036	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/29 13:25:36.0906 4036	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/29 13:25:37.0000 4036	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/08/29 13:25:37.0140 4036	MBR (0x1B8)     (5ef6a0e06c9acb51baa834c56e2bac68) \Device\Harddisk1\DR2
2011/08/29 13:25:38.0046 4036	Boot (0x1200)   (72f9231fd04ff69dcb44088b513e7ab4) \Device\Harddisk0\DR0\Partition0
2011/08/29 13:25:38.0046 4036	================================================================================
2011/08/29 13:25:38.0046 4036	Scan finished
2011/08/29 13:25:38.0046 4036	================================================================================
2011/08/29 13:25:38.0062 4020	Detected object count: 0
2011/08/29 13:25:38.0062 4020	Actual detected object count: 0

Kann ich unhide auch prophylaktisch ausführen oder birgt das Risiken? Ich weiß nämlich nicht, ob da was fehlt. Niemand hier hat einen vollständigen Überblick, was auf dem WurmPC Alles drauf sein müsste...

Was wird nun aus den Dateien, welche AntiVir in Quarantäne verschoben hat?

MfG
Icy

cosinus · 29.08.2011, 12:37

Zitat:

Kann ich unhide auch prophylaktisch ausführen oder birgt das Risiken?

Nein, wenn nichts vermisst wird, lässt du es sein. Unhide setzt auch nur die Attribute zurück, falls diese so gesetzt sind, dass die eigenen Datein versteckt sind.

Zitat:

Was wird nun aus den Dateien, welche AntiVir in Quarantäne verschoben hat?

Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

<-IceD@te-> · 29.08.2011, 12:49

Zitat:

Zitat von cosinus

Du weißt, was eine Quarantäne ist?

Hmm, denke schon - mein Verständnis davon sieht so aus: Der Schädling (eine Datei) wird umbenannt (Name und Erweiterung) und in einen anderen Ordner verschoben... Wenn ich den Ursprungsordner und Dateinamen kenne, könnte ich den Schädling wieder aktivieren...
Recht so?

Zitat:

Zitat von cosinus

Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Auch klar soweit - Danke nochmal für den Hinweis. In meinem Fall sind das doch Alles neu angelegte, schädliche Dateien ohne weitere Funktionen gewesen, oder? Zumindest die von AntiVir Kaltgestellten. Deswegen dachte ich diese zu löschen wäre sinnvoll... Wozu sollte der Datenmüll noch auf der Platte rumhocken, dachte ich!?!

Können wir nun Entwarnung für den WurmPC geben und ihn wieder PC nennen???

cosinus · 29.08.2011, 12:59

Zitat:

Wenn ich den Ursprungsordner und Dateinamen kenne, könnte ich den Schädling wieder aktivieren...

Ist doch arg konstruiert, von alleine stellt sich nichts aus der Q wieder her. Es ist übertrieben hysterisch, sofort alles aus der Q zu verbannen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

<-IceD@te-> · 29.08.2011, 13:13

Ich glaub' ich hab' es langsam kapiert: Wenn du auf eine Frage nicht antwortest, dann nicht weil du sie überlesen hast, sondern weil die Frage irgendwie überflüssig ist oder sich durch deine nächste Antwort von selbst beantwortet... right?

ComboFix ist in Arbeit....

cosinus · 29.08.2011, 13:34

Ja, so in etwa...vieles ergibt sich und ich will mir nicht ständig die Finger wundtippen. Manchmal weise ich aber auch darauf hin, dass man manche Sachen lieber nach der Bereinigung klären will

<-IceD@te-> · 29.08.2011, 14:39

So, CF ist nun auch durch:

Code:

ATTFilter

ComboFix 11-08-29.01 - GE 29.08.2011  14:52:41.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.959.569 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\GE\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\GE\WINDOWS
C:\ipconfig.txt
c:\windows\IsUn0407.exe
c:\windows\system32\system32
c:\windows\system32\system32\bcbsmp35.bpl
c:\windows\system32\system32\borlndmm.dll
c:\windows\system32\system32\cp3240mt.dll
c:\windows\system32\system32\qrpt35.bpl
c:\windows\system32\system32\vcl35.bpl
c:\windows\system32\system32\vcldb35.bpl
c:\windows\system32\system32\vclx35.bpl
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDriver
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-28 bis 2011-08-29  ))))))))))))))))))))))))))))))
.
.
2011-08-29 10:15 . 2011-08-29 10:15	--------	d-----w-	C:\_OTL
2011-08-29 06:00 . 2011-08-29 06:00	--------	d-----w-	c:\programme\ESET
2011-08-29 05:47 . 2011-08-29 05:47	16856	----a-w-	c:\programme\Mozilla Firefox\plugin-container.exe
2011-08-29 05:47 . 2011-08-29 05:47	719832	----a-w-	c:\programme\Mozilla Firefox\mozcpp19.dll
2011-08-29 05:30 . 2011-08-29 05:30	--------	d-----w-	c:\dokumente und einstellungen\GE\Lokale Einstellungen\Anwendungsdaten\updater4g
2011-08-29 05:29 . 2011-08-29 05:30	--------	d-----w-	c:\dokumente und einstellungen\GE\Anwendungsdaten\XSManager
2011-08-29 05:29 . 2010-03-19 15:15	313104	----a-r-	c:\windows\updater4g.exe
2011-08-29 05:29 . 2010-03-19 15:14	161040	----a-r-	c:\windows\starter4g.exe
2011-08-29 05:29 . 2010-03-19 15:13	145680	----a-r-	c:\windows\service4g.exe
2011-08-29 05:29 . 2011-08-29 05:29	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\XSManager
2011-08-29 05:28 . 2008-10-31 14:19	103424	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2011-08-29 05:28 . 2011-08-29 05:28	--------	d-----w-	c:\programme\XSManager
2011-08-26 13:18 . 2011-08-26 13:18	--------	d-----w-	c:\dokumente und einstellungen\GE\Anwendungsdaten\Malwarebytes
2011-08-26 12:36 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-26 12:36 . 2011-08-26 12:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-08-26 12:36 . 2011-08-26 14:22	--------	d-----w-	c:\programme\MalwarebytesAM
2011-08-26 12:36 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-23 13:02 . 2011-08-26 13:03	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2011-08-17 05:59 . 2011-08-17 05:59	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 06:46 . 2010-04-06 09:19	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-08-24 06:46 . 2010-04-06 09:19	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-08-24 06:46 . 2010-04-06 09:19	82952	----a-w-	c:\windows\system32\drivers\avfwim.sys
2011-08-24 06:46 . 2010-04-06 09:19	106904	----a-w-	c:\windows\system32\drivers\avfwot.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2006-01-12 . 09948E79FB7E232EA8DA7B6E14550589 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58	333192	----a-w-	c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Malwarebytes' Anti-Malware"="c:\programme\MalwarebytesAM\mbamgui.exe" [2011-07-06 449584]
"starter4g"="c:\windows\starter4g.exe" [2010-03-19 161040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\AutorunsDisabled
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEN Taskbar Client]
2003-11-20 01:00	106496	----a-w-	c:\programme\KEN!\kentbcli.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-10-10 13:49	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42	90112	------r-	c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-05 06:57	68856	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Hummingbird\\Connectivity\\7.11\\Exceed\\exceed.exe"=
"c:\\Programme\\KEN!\\kentbcli.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Borland\\BDS\\4.0\\RaveReports\\Rave.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:172.16.10.0/255.255.255.0,172.16.30.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"3197:TCP"= 3197:TCP:xbdgyaiw
.
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [06.04.2010 11:19 340136]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.04.2010 11:19 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [06.04.2010 11:19 428200]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 KEN Client Service;AVM KEN Klient;c:\programme\KEN!\kencli.exe [17.03.2006 08:32 49204]
R2 MBAMService;MBAMService;c:\programme\MalwarebytesAM\mbamservice.exe [26.08.2011 14:36 366640]
R2 ndc;AVM KEN CAPI;c:\windows\system32\drivers\ndc.sys [17.03.2006 08:32 57664]
R2 WTGService;WTGService;c:\programme\XSManager\WTGService.exe [29.08.2011 07:28 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [29.08.2011 07:29 145680]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [29.08.2011 07:28 103424]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.08.2011 14:36 22712]
S2 btyxuqfev;Security Time;c:\windows\system32\svchost.exe -k netsvcs [04.08.2004 12:00 14336]
S3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys --> c:\windows\system32\Drivers\ov550i.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
btyxuqfev
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{1E7AAA65-8F0C-4DF1-8194-08DCE847C535}: NameServer = 172.16.10.23
FF - ProfilePath - c:\dokumente und einstellungen\GE\Anwendungsdaten\Mozilla\Firefox\Profiles\2qi6siok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AVM KEN! - c:\windows\ISUN0407.EXE
AddRemove-EAGLE 4.09 - c:\windows\unin0407.exe
AddRemove-G-MW - c:\windows\unin0407.exe
AddRemove-Installation PC-Software TG uni 1 - c:\windows\unin0407.exe
AddRemove-Kali_Tg - c:\windows\unin0407.exe
AddRemove-TG_ uni_1 - c:\windows\unin0407.exe
AddRemove-TG_TE - c:\windows\unin0407.exe
AddRemove-Borland C++Builder 3 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-29 15:01
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Hummingbird\Connectivity\7.11\HostExplorer\Ftp\heshell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\programme\Firebird\Firebird_1_5\bin\fbserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-29  15:04:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-29 13:04
.
Vor Suchlauf: 24 Verzeichnis(se), 26.928.197.632 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 26.817.474.560 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 45AC7A5C2552021B5CBBA43FF231FCB9

StandBy...

29.08.2011, 10:25	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AnitVirenSoftware hat "Worm/Bot.21504" gefunden Steht eigentlich da was gefixt wird. Die entsprechenden Reg-Einträge dazu und die damit verknüpften Dateien, also die die in der Zeile jeweils angezeigt werden. Und natürlich wird der Ordner gelöscht, in dem dvdaudio drin war. ESET benutze ich immer als zusätzliche "Meinung" __________________ Logfiles bitte immer in CODE-Tags posten

29.08.2011, 10:58	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AnitVirenSoftware hat "Worm/Bot.21504" gefunden Nein, nutz den abgesicherten Modus nur wenn das nicht geht. Wenn du was im abgesicherten machen sollst, weise ich da schon vorher drauf hin. __________________ --> AnitVirenSoftware hat "Worm/Bot.21504" gefunden

29.08.2011, 13:34	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AnitVirenSoftware hat "Worm/Bot.21504" gefunden Ja, so in etwa...vieles ergibt sich und ich will mir nicht ständig die Finger wundtippen. Manchmal weise ich aber auch darauf hin, dass man manche Sachen lieber nach der Bereinigung klären will __________________ Logfiles bitte immer in CODE-Tags posten

AnitVirenSoftware hat "Worm/Bot.21504" gefunden

Plagegeister aller Art und deren Bekämpfung: AnitVirenSoftware hat "Worm/Bot.21504" gefunden