| |
| |||||||
Log-Analyse und Auswertung: Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-VerbindungswünscheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.10.2011, 11:46
| #1 |
 |  Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Hallo, am Donnerstag hat mich diese "Data Restore"-Programm erwischt. Obwohl ich mein System nach der manuellen Entfernung nun wieder zum Laufen gebracht habe, vermute ich, dass noch Spuren vorhanden sind, da alle paar Minuten der Internet Explorer die Verbindung zu obskuren Seiten herstellen will. Da ich Firefox benutze und unerwünschte Verbindungen blockiere, richtet es gerade keinen Schade an, aber natürlich will ich das loswerden. Seitdem ich die Punkte in der Anleitung "Für alle Hilfesuchenden" angewendet habe, sind übrigens die Verbindungsversuche ausgeblieben. Es folgen also OTL.txt, Extras.txt und Gmer.txt sowie drei Scans von MBAM. OTL: OTL logfile created on: 08.10.2011 10:46:02 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 472,44 Mb Available Physical Memory | 46,16% Memory free 2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,89% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 12,15 Gb Free Space | 24,87% Space Free | Partition Type: NTFS Drive E: | 79,16 Gb Total Space | 54,59 Gb Free Space | 68,95% Space Free | Partition Type: NTFS Drive F: | 104,89 Gb Total Space | 92,68 Gb Free Space | 88,35% Space Free | Partition Type: NTFS Drive H: | 65,21 Gb Total Space | 65,14 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.08 10:43:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe PRC - [2011.10.06 21:28:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.06.28 23:12:05 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 21:08:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.06 08:58:03 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.04 00:08:25 | 004,368,952 | ---- | M] (Prevx) -- C:\Programme\Prevx\prevx.exe PRC - [2008.09.06 00:30:04 | 000,952,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.05 11:00:14 | 001,531,904 | -H-- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\Common\RaUI.exe PRC - [2005.11.21 12:34:24 | 000,081,920 | -H-- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2005.11.15 04:07:28 | 000,917,504 | -H-- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe PRC - [2005.11.15 04:07:28 | 000,679,936 | -H-- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.07.12 09:55:26 | 000,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004.08.23 02:00:00 | 001,662,976 | ---- | M] (avm) -- C:\Programme\avmclient\bluefritz.exe PRC - [2004.08.23 02:00:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Programme\avmclient\AvmObex.exe PRC - [2004.08.23 02:00:00 | 000,299,101 | ---- | M] (AVM Berlin) -- C:\Programme\avmclient\avmbtservice.exe PRC - [2004.08.23 02:00:00 | 000,172,032 | ---- | M] (AVM Berlin) -- C:\Programme\avmclient\AvmObexService.exe PRC - [2004.08.23 02:00:00 | 000,135,229 | -H-- | M] (AVM Berlin) -- C:\Programme\avmclient\panapp.exe ========== Modules (No Company Name) ========== MOD - [2011.10.06 21:28:12 | 001,833,944 | -H-- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.11.03 17:52:20 | 000,067,872 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007.11.28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Programme\RALINK\Common\acAuth.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.28 23:12:05 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 21:08:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.05.04 00:08:25 | 004,368,952 | ---- | M] (Prevx) [Auto | Running] -- C:\Programme\Prevx\prevx.exe -- (CSIScanner) SRV - [2005.11.21 12:34:24 | 000,081,920 | -H-- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 11:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2005.11.17 16:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Freenet\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.08.23 02:00:00 | 000,299,101 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmclient\avmbtservice.exe -- (AVM BT Connection Service) SRV - [2004.08.23 02:00:00 | 000,172,032 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmclient\AvmObexService.exe -- (AvmObexService) SRV - [2004.08.23 02:00:00 | 000,135,229 | -H-- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmclient\panapp.exe -- (AVM BT PAN Service) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 23:12:05 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 23:12:05 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.04.05 17:49:20 | 000,281,760 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.04.05 17:49:19 | 000,025,888 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.05.11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 00:08:25 | 000,027,656 | -H-- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec) DRV - [2009.05.04 00:08:25 | 000,022,024 | -H-- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan) DRV - [2009.02.16 23:30:36 | 000,085,969 | -H-- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer) DRV - [2009.02.13 12:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.30 20:16:17 | 000,717,296 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.04.13 20:45:29 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.01.15 21:50:50 | 000,459,520 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006.12.14 01:41:48 | 000,011,984 | -H-- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2005.07.18 14:34:22 | 000,047,744 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial) DRV - [2005.07.18 14:34:20 | 000,015,264 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus) DRV - [2005.07.15 11:40:36 | 003,640,000 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.05.17 11:45:08 | 000,092,800 | RH-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.04.05 21:22:30 | 000,012,928 | RH-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.04.05 21:22:28 | 000,033,536 | RH-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.03.09 16:53:00 | 000,043,008 | -H-- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.12.16 17:55:06 | 000,029,440 | -H-- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser) DRV - [2004.12.14 17:55:22 | 000,009,472 | RH-- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2004.10.14 11:52:28 | 000,004,962 | RH-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2004.08.23 02:00:00 | 000,796,192 | -H-- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bfhubase.sys -- (bfhubase) BlueFRITZ! USB 2.5(WinXP/2000) DRV - [2004.08.23 02:00:00 | 000,374,144 | -H-- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\capi_cip.sys -- (CAPI_CIP) DRV - [2004.08.23 02:00:00 | 000,061,056 | -H-- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmbtser.sys -- (AVMBTSERIAL) DRV - [2004.08.23 02:00:00 | 000,060,032 | -H-- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmbtpar.sys -- (AVMBTPARALLEL) DRV - [2004.08.23 02:00:00 | 000,053,248 | -H-- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.08.23 02:00:00 | 000,049,664 | -H-- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmbtsnd.sys -- (AVMBTSND) DRV - [2004.08.23 02:00:00 | 000,035,914 | -H-- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netbfpan.sys -- (NETBFPAN) DRV - [2004.08.13 04:56:20 | 000,005,810 | RH-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.07.06 20:56:26 | 000,044,544 | -H-- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D) DRV - [2004.03.10 15:31:18 | 000,003,328 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AsInsHelp32.sys -- (ASInsHelp) DRV - [2001.08.17 15:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.06 21:28:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.22 18:46:55 | 000,000,000 | -H-D | M] [2008.08.29 00:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.06.28 23:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\extensions [2010.04.28 21:20:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.18 16:21:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.12.12 22:49:28 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011.05.11 21:22:04 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\extensions\es-es@dictionaries.addons.mozilla.org [2011.03.21 22:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.04.08 20:21:55 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.06 21:28:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.11.18 18:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Programme\mozilla firefox\plugins\npdjvu.dll [2011.10.06 21:28:11 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 21:28:11 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.06 21:28:11 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 21:28:11 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 21:28:11 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 21:28:11 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.12.25 17:50:15 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (avm) O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe (AVM Berlin) O4 - HKLM..\Run: [freenet_MediaSuite] C:\Programme\Freenet\Freenet_Foto\MediaSuite.exe (MAGIX AG) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTune.exe (NVIDIA) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SmartSync - ScheduleSync] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe (Siemens) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O4 - Startup: C:\Dokumente und Einstellungen\Urs\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E08881A7-4A14-4183-92F4-32EF64335910}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.25 17:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.08 10:30:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wise Registry Cleaner [2011.10.08 10:29:53 | 000,000,000 | ---D | C] -- C:\Programme\Wise Registry Cleaner [2011.10.08 10:29:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wise Registry Cleaner [2011.10.08 09:50:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2011.10.08 09:48:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2011.10.08 09:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp [2011.10.08 09:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2011.10.08 09:45:19 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.10.08 09:45:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google [2011.10.07 22:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2011.10.07 22:35:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.10.07 22:35:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.10.07 22:35:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\WORLD OF WARCRAFT [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Winamp [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Spiele [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Real [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Ralink Wireless [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\QuickTime [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Prevx CSI [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Plextor! [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\NVIDIA Corporation [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Mozilla Firefox [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Mobile Phone Manager [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Microsoft Works [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Microsoft Office [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Microsoft Clip Gallery [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Mathematica [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\iTunes [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\ICQ7.5 [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HP [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HijackThis [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FRITZ!DSL [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FRITZ!Box [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\freenet.de [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Firaxis Games [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\ElsterFormular [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Elaborate Bytes [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Avira [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\ASUS [2011.10.07 22:20:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Adobe [2011.10.06 23:46:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011.09.23 22:18:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PReader2 [2011.09.23 22:15:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Deployment [2011.09.23 22:11:46 | 000,000,000 | -H-D | C] -- C:\Programme\Microsoft.NET [2011.09.23 22:05:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\PReader2 [2011.09.23 22:05:31 | 000,000,000 | -H-D | C] -- C:\Programme\PReader2 [2011.09.23 22:05:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\PReader2 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.08 10:45:45 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.10.08 10:40:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.10.08 10:40:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.10.08 10:38:32 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2011.10.08 10:37:58 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2011.10.08 09:56:47 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.10.07 22:25:52 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2011.10.06 21:17:07 | 000,017,555 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.09.28 17:57:24 | 000,520,608 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.09.28 17:57:24 | 000,496,880 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.09.28 17:57:24 | 000,102,412 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.09.28 17:57:24 | 000,085,364 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.09.24 23:03:36 | 000,000,768 | ---- | M] () -- C:\FOXUSER.FPT [2011.09.24 23:03:36 | 000,000,713 | ---- | M] () -- C:\FOXUSER.DBF [2011.09.23 22:16:07 | 000,000,442 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Preader2WPF.appref-ms [2011.09.23 22:05:32 | 000,001,764 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\PR2.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.08 10:38:25 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2011.10.08 09:45:26 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.10.08 09:45:26 | 000,001,080 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.10.07 22:25:52 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2011.09.23 23:04:08 | 000,264,480 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1715567821-1060284298-839522115-1003-0.dat [2011.09.23 23:04:07 | 000,150,386 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.09.23 22:17:22 | 000,000,768 | ---- | C] () -- C:\FOXUSER.FPT [2011.09.23 22:17:22 | 000,000,713 | ---- | C] () -- C:\FOXUSER.DBF [2011.09.23 22:16:07 | 000,000,442 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Preader2WPF.appref-ms [2011.09.23 22:05:32 | 000,001,764 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\PR2.lnk [2010.04.05 17:49:19 | 000,281,760 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.04.05 17:49:19 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.10.13 16:40:56 | 000,663,552 | -H-- | C] () -- C:\WINDOWS\System32\pdftotext.exe [2009.02.16 23:30:36 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll [2009.02.16 23:30:36 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe [2009.02.16 23:30:36 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2009.02.16 23:17:21 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.15 00:22:46 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MPQEditor.ini [2008.10.15 20:45:35 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin [2008.09.13 08:15:35 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\Filzip.ini [2008.08.22 00:36:05 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini [2008.03.29 16:50:28 | 000,003,254 | RH-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008.03.29 16:50:28 | 000,000,137 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.03.29 16:50:12 | 000,749,568 | RH-- | C] () -- C:\WINDOWS\System32\agissi.dll [2008.03.29 16:50:03 | 011,206,656 | RH-- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2008.03.29 16:50:03 | 000,241,664 | RH-- | C] () -- C:\WINDOWS\System32\zhhp2600.exe [2008.03.29 16:50:02 | 000,323,584 | RH-- | C] () -- C:\WINDOWS\System32\zshp2600.exe [2008.03.29 16:50:02 | 000,114,688 | RH-- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2008.03.29 16:49:07 | 000,000,631 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2007.05.13 19:33:04 | 000,002,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.03.03 16:40:39 | 000,006,537 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2007.02.16 18:13:00 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2006.08.27 00:23:52 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2006.08.27 00:23:35 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2006.04.15 18:37:26 | 000,006,656 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL [2006.04.07 10:49:52 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tonica.INI [2006.03.26 16:46:32 | 000,000,174 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.03.17 18:14:31 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.03.03 19:14:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI [2006.03.02 22:50:35 | 000,071,958 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2006.02.25 18:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.02.25 18:44:48 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2006.02.25 18:44:44 | 000,003,126 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006.02.25 18:40:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.02.25 18:09:42 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2006.02.25 17:59:32 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.02.25 17:55:25 | 000,024,576 | RH-- | C] () -- C:\WINDOWS\System32\AsIO.dll [2006.02.25 17:55:25 | 000,004,962 | RH-- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2006.02.25 17:55:23 | 000,005,120 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2006.02.25 17:55:23 | 000,003,328 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2006.02.25 17:51:58 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006.02.25 17:51:58 | 000,040,960 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.02.25 17:35:58 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2006.02.25 17:35:41 | 000,005,810 | RH-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006.02.25 17:35:39 | 000,005,880 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006.02.25 17:35:37 | 000,005,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.02.25 17:31:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.02.25 17:27:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.02.25 17:23:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.02.25 17:22:41 | 000,158,752 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.07.18 14:34:22 | 000,047,744 | -H-- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys [2005.07.18 14:34:20 | 000,015,264 | -H-- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys [2004.10.15 11:10:04 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2004.10.11 12:19:00 | 000,092,672 | -H-- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003.02.20 18:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.08.18 14:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 14:00:00 | 000,520,608 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 14:00:00 | 000,496,880 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 14:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 14:00:00 | 000,102,412 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 14:00:00 | 000,085,364 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 14:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 14:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001.08.18 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2007.02.16 18:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2011.04.23 15:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2007.03.03 16:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.10.07 22:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI [2010.04.05 18:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield [2010.11.13 16:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.10.07 23:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahnenblatt [2006.04.07 10:58:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\capella-software [2008.04.30 20:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools [2011.06.23 20:13:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2011.10.08 10:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2011.07.13 23:45:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ [2006.03.21 23:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite [2009.11.11 00:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LogicWeave Software [2007.03.03 16:44:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2008.09.04 20:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\My Games [2007.11.04 18:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2011.09.23 22:18:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PReader2 [2008.06.13 17:08:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer [2010.04.05 18:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ubisoft [2011.10.08 10:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wise Registry Cleaner [2006.09.21 22:06:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\XCPCSync.OEM ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2006.04.15 18:37:29 | 000,000,000 | ---D | M] -- C:\BJPrinter [2011.10.06 23:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.04.01 23:39:16 | 000,000,000 | ---D | M] -- C:\Logs [2006.02.25 18:16:04 | 000,000,000 | ---D | M] -- C:\NVIDIA [2006.06.06 18:01:29 | 000,000,000 | ---D | M] -- C:\Program Files [2011.10.08 10:29:53 | 000,000,000 | R--D | M] -- C:\Programme [2006.04.07 10:57:06 | 000,000,000 | ---D | M] -- C:\Python23 [2006.02.25 17:50:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.05.04 22:00:58 | 000,000,000 | ---D | M] -- C:\rsit [2008.01.07 17:22:10 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2011.10.08 10:47:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2006.02.25 21:26:31 | 000,000,000 | ---D | M] -- C:\Temp [2011.10.08 10:42:08 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 16:05:11 < End of report > Die Anderen Logs sind in der Zip-Datei. Vielen Dank für die Hilfe |
|
08.10.2011, 17:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
08.10.2011, 23:23
| #3 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Hallo Arne, hier ist nun die Log-Datei:
__________________SETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=277ce0bc51b8fc46a341f8fdcc9c88ca # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-08 10:17:06 # local_time=2011-10-09 12:17:06 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775145 100 100 267381 93005445 342735 0 # compatibility_mode=8192 67108863 100 0 247 247 0 0 # scanned=150987 # found=7 # cleaned=0 # scan_time=3345 C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14\6163e64e-68457f27 Java/Agent.DS trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-1f6f4729 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-257c9d94 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-2b5b8f55 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-43c6c06a a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-49b464bf a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\78a7dab-5cd88ccd a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I Grüße |
|
10.10.2011, 11:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.25 17:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.10.2011, 17:35
| #5 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche okay, hier ist nun das Log: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. ========== FILES ========== C:\Dokumente und Einstellungen\Urs\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Dokumente und Einstellungen\Urs\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 5635699 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: *** ->Temp folder emptied: 389001718 bytes ->Temporary Internet Files folder emptied: 9326776 bytes ->Java cache emptied: 4581691 bytes ->FireFox cache emptied: 105273614 bytes ->Flash cache emptied: 1414 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 44780106 bytes RecycleBin emptied: 2310967 bytes Total Files Cleaned = 536,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10102011_182013 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
10.10.2011, 18:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche |
|
10.10.2011, 19:24
| #7 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Hier nun der Scan von Kapersky: 20:19:48.0968 3872 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06 20:19:50.0968 3872 ============================================================ 20:19:50.0968 3872 Current date / time: 2011/10/10 20:19:50.0968 20:19:50.0968 3872 SystemInfo: 20:19:50.0968 3872 20:19:50.0968 3872 OS Version: 5.1.2600 ServicePack: 3.0 20:19:50.0968 3872 Product type: Workstation 20:19:50.0968 3872 ComputerName: URSPC 20:19:50.0968 3872 UserName: Urs 20:19:50.0968 3872 Windows directory: C:\WINDOWS 20:19:50.0968 3872 System windows directory: C:\WINDOWS 20:19:50.0968 3872 Processor architecture: Intel x86 20:19:50.0968 3872 Number of processors: 1 20:19:50.0968 3872 Page size: 0x1000 20:19:50.0968 3872 Boot type: Normal boot 20:19:50.0968 3872 ============================================================ 20:19:51.0406 3872 Initialize success 20:20:19.0046 3028 ============================================================ 20:20:19.0046 3028 Scan started 20:20:19.0046 3028 Mode: Manual; SigCheck; TDLFS; 20:20:19.0046 3028 ============================================================ 20:20:19.0218 3028 Abiosdsk - ok 20:20:19.0234 3028 abp480n5 - ok 20:20:19.0281 3028 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:20:19.0875 3028 ACPI - ok 20:20:19.0953 3028 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:20:20.0046 3028 ACPIEC - ok 20:20:20.0093 3028 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys 20:20:20.0093 3028 actser ( UnsignedFile.Multi.Generic ) - warning 20:20:20.0093 3028 actser - detected UnsignedFile.Multi.Generic (1) 20:20:20.0109 3028 adpu160m - ok 20:20:20.0156 3028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:20:20.0265 3028 aec - ok 20:20:20.0312 3028 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:20:20.0328 3028 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:20:20.0328 3028 AegisP - detected UnsignedFile.Multi.Generic (1) 20:20:20.0375 3028 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 20:20:20.0421 3028 AFD - ok 20:20:20.0437 3028 Aha154x - ok 20:20:20.0453 3028 aic78u2 - ok 20:20:20.0468 3028 aic78xx - ok 20:20:20.0578 3028 ALCXWDM (69dee6c352f8dcb1725bd0f974c76f79) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 20:20:20.0812 3028 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning 20:20:20.0812 3028 ALCXWDM - detected UnsignedFile.Multi.Generic (1) 20:20:20.0843 3028 AliIde - ok 20:20:20.0859 3028 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 20:20:20.0890 3028 AmdK8 - ok 20:20:20.0906 3028 amsint - ok 20:20:20.0937 3028 asc - ok 20:20:20.0953 3028 asc3350p - ok 20:20:20.0968 3028 asc3550 - ok 20:20:21.0000 3028 ASInsHelp (33c171de483ee145f31234d93b078919) C:\WINDOWS\system32\drivers\AsInsHelp32.sys 20:20:21.0000 3028 ASInsHelp ( UnsignedFile.Multi.Generic ) - warning 20:20:21.0000 3028 ASInsHelp - detected UnsignedFile.Multi.Generic (1) 20:20:21.0031 3028 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys 20:20:21.0046 3028 AsIO ( UnsignedFile.Multi.Generic ) - warning 20:20:21.0046 3028 AsIO - detected UnsignedFile.Multi.Generic (1) 20:20:21.0093 3028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:20:21.0187 3028 AsyncMac - ok 20:20:21.0218 3028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:20:21.0312 3028 atapi - ok 20:20:21.0328 3028 Atdisk - ok 20:20:21.0375 3028 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 20:20:21.0546 3028 atksgt - ok 20:20:21.0625 3028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:20:21.0734 3028 Atmarpc - ok 20:20:21.0765 3028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:20:21.0875 3028 audstub - ok 20:20:21.0921 3028 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 20:20:21.0921 3028 avgio - ok 20:20:21.0968 3028 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 20:20:21.0968 3028 avgntflt - ok 20:20:22.0000 3028 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 20:20:22.0000 3028 avipbb - ok 20:20:22.0046 3028 AVMBTPARALLEL (6a759d41c97fcdc6ba27fa7f2f26ec49) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys 20:20:22.0046 3028 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0046 3028 AVMBTPARALLEL - detected UnsignedFile.Multi.Generic (1) 20:20:22.0078 3028 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys 20:20:22.0093 3028 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0093 3028 AVMBTSERIAL - detected UnsignedFile.Multi.Generic (1) 20:20:22.0125 3028 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys 20:20:22.0125 3028 AVMBTSND ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0125 3028 AVMBTSND - detected UnsignedFile.Multi.Generic (1) 20:20:22.0156 3028 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 20:20:22.0156 3028 AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0156 3028 AVMCOWAN - detected UnsignedFile.Multi.Generic (1) 20:20:22.0203 3028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:20:22.0312 3028 Beep - ok 20:20:22.0375 3028 bfhubase (df8a22a4ef54f393c5960bbfed560a59) C:\WINDOWS\system32\DRIVERS\bfhubase.sys 20:20:22.0421 3028 bfhubase ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0421 3028 bfhubase - detected UnsignedFile.Multi.Generic (1) 20:20:22.0453 3028 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys 20:20:22.0484 3028 CAPI_CIP ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0484 3028 CAPI_CIP - detected UnsignedFile.Multi.Generic (1) 20:20:22.0515 3028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:20:22.0640 3028 cbidf2k - ok 20:20:22.0656 3028 cd20xrnt - ok 20:20:22.0687 3028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:20:22.0812 3028 Cdaudio - ok 20:20:22.0843 3028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:20:22.0937 3028 Cdfs - ok 20:20:22.0984 3028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:20:23.0078 3028 Cdrom - ok 20:20:23.0093 3028 Changer - ok 20:20:23.0125 3028 CmdIde - ok 20:20:23.0156 3028 Cpqarray - ok 20:20:23.0171 3028 dac2w2k - ok 20:20:23.0187 3028 dac960nt - ok 20:20:23.0234 3028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:20:23.0328 3028 Disk - ok 20:20:23.0390 3028 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 20:20:23.0531 3028 dmboot - ok 20:20:23.0562 3028 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 20:20:23.0671 3028 dmio - ok 20:20:23.0703 3028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:20:23.0828 3028 dmload - ok 20:20:23.0859 3028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:20:23.0953 3028 DMusic - ok 20:20:23.0968 3028 dpti2o - ok 20:20:24.0015 3028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:20:24.0093 3028 drmkaud - ok 20:20:24.0140 3028 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys 20:20:24.0140 3028 EIO ( UnsignedFile.Multi.Generic ) - warning 20:20:24.0140 3028 EIO - detected UnsignedFile.Multi.Generic (1) 20:20:24.0187 3028 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 20:20:24.0187 3028 ElbyCDIO - ok 20:20:24.0218 3028 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 20:20:24.0218 3028 ElbyDelay - ok 20:20:24.0250 3028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:20:24.0359 3028 Fastfat - ok 20:20:24.0390 3028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:20:24.0484 3028 Fdc - ok 20:20:24.0515 3028 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 20:20:24.0625 3028 Fips - ok 20:20:24.0656 3028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:20:24.0750 3028 Flpydisk - ok 20:20:24.0781 3028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:20:24.0890 3028 FltMgr - ok 20:20:24.0921 3028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:20:25.0015 3028 Fs_Rec - ok 20:20:25.0046 3028 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:20:25.0171 3028 Ftdisk - ok 20:20:25.0187 3028 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 20:20:25.0281 3028 gameenum - ok 20:20:25.0328 3028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 20:20:25.0328 3028 GEARAspiWDM - ok 20:20:25.0359 3028 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys 20:20:25.0375 3028 gmer ( UnsignedFile.Multi.Generic ) - warning 20:20:25.0375 3028 gmer - detected UnsignedFile.Multi.Generic (1) 20:20:25.0406 3028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:20:25.0484 3028 Gpc - ok 20:20:25.0515 3028 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:20:25.0625 3028 hidusb - ok 20:20:25.0640 3028 hpn - ok 20:20:25.0656 3028 hpt3xx - ok 20:20:25.0687 3028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:20:25.0750 3028 HTTP - ok 20:20:25.0765 3028 i2omgmt - ok 20:20:25.0796 3028 i2omp - ok 20:20:25.0828 3028 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:20:25.0921 3028 i8042prt - ok 20:20:25.0968 3028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:20:26.0078 3028 Imapi - ok 20:20:26.0093 3028 ini910u - ok 20:20:26.0109 3028 IntelIde - ok 20:20:26.0156 3028 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:20:26.0250 3028 ip6fw - ok 20:20:26.0281 3028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:20:26.0406 3028 IpFilterDriver - ok 20:20:26.0437 3028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:20:26.0515 3028 IpInIp - ok 20:20:26.0546 3028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:20:26.0640 3028 IpNat - ok 20:20:26.0671 3028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:20:26.0781 3028 IPSec - ok 20:20:26.0812 3028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:20:26.0906 3028 IRENUM - ok 20:20:26.0937 3028 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:20:27.0031 3028 isapnp - ok 20:20:27.0062 3028 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:20:27.0140 3028 Kbdclass - ok 20:20:27.0187 3028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:20:27.0281 3028 kmixer - ok 20:20:27.0312 3028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:20:27.0375 3028 KSecDD - ok 20:20:27.0390 3028 lbrtfdc - ok 20:20:27.0421 3028 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20:20:27.0437 3028 lirsgt - ok 20:20:27.0453 3028 LMouKE - ok 20:20:27.0484 3028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:20:27.0593 3028 mnmdd - ok 20:20:27.0640 3028 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 20:20:27.0718 3028 Modem - ok 20:20:27.0750 3028 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:20:27.0843 3028 Mouclass - ok 20:20:27.0875 3028 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:20:28.0000 3028 mouhid - ok 20:20:28.0031 3028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:20:28.0125 3028 MountMgr - ok 20:20:28.0140 3028 mraid35x - ok 20:20:28.0187 3028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:20:28.0281 3028 MRxDAV - ok 20:20:28.0328 3028 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:20:28.0406 3028 MRxSmb - ok 20:20:28.0437 3028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:20:28.0531 3028 Msfs - ok 20:20:28.0562 3028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:20:28.0656 3028 MSKSSRV - ok 20:20:28.0687 3028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:20:28.0765 3028 MSPCLOCK - ok 20:20:28.0796 3028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:20:28.0890 3028 MSPQM - ok 20:20:28.0921 3028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:20:29.0015 3028 mssmbios - ok 20:20:29.0046 3028 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 20:20:29.0140 3028 ms_mpu401 - ok 20:20:29.0171 3028 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 20:20:29.0187 3028 MTsensor - ok 20:20:29.0218 3028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:20:29.0250 3028 Mup - ok 20:20:29.0296 3028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:20:29.0390 3028 NDIS - ok 20:20:29.0421 3028 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:20:29.0468 3028 NdisTapi - ok 20:20:29.0500 3028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:20:29.0593 3028 Ndisuio - ok 20:20:29.0625 3028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:20:29.0718 3028 NdisWan - ok 20:20:29.0750 3028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:20:29.0781 3028 NDProxy - ok 20:20:29.0812 3028 NETBFPAN (518c22c02da275cb30d5beb58786129f) C:\WINDOWS\system32\DRIVERS\netbfpan.sys 20:20:29.0828 3028 NETBFPAN ( UnsignedFile.Multi.Generic ) - warning 20:20:29.0828 3028 NETBFPAN - detected UnsignedFile.Multi.Generic (1) 20:20:29.0859 3028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:20:29.0953 3028 NetBIOS - ok 20:20:29.0984 3028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:20:30.0093 3028 NetBT - ok 20:20:30.0140 3028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:20:30.0234 3028 Npfs - ok 20:20:30.0281 3028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:20:30.0406 3028 Ntfs - ok 20:20:30.0453 3028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:20:30.0546 3028 Null - ok 20:20:30.0671 3028 nv (6e626f7316df8c3e672baf8df6acb9b9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 20:20:30.0859 3028 nv - ok 20:20:30.0890 3028 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys 20:20:30.0921 3028 nvata - ok 20:20:30.0953 3028 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 20:20:30.0968 3028 NVENETFD - ok 20:20:31.0015 3028 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 20:20:31.0031 3028 nvnetbus - ok 20:20:31.0062 3028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:20:31.0171 3028 NwlnkFlt - ok 20:20:31.0203 3028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:20:31.0296 3028 NwlnkFwd - ok 20:20:31.0343 3028 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 20:20:31.0437 3028 Parport - ok 20:20:31.0468 3028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:20:31.0546 3028 PartMgr - ok 20:20:31.0562 3028 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 20:20:31.0671 3028 ParVdm - ok 20:20:31.0687 3028 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 20:20:31.0796 3028 PCI - ok 20:20:31.0812 3028 PCIDump - ok 20:20:31.0843 3028 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:20:31.0937 3028 PCIIde - ok 20:20:31.0968 3028 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:20:32.0062 3028 Pcmcia - ok 20:20:32.0078 3028 PDCOMP - ok 20:20:32.0093 3028 PDFRAME - ok 20:20:32.0109 3028 PDRELI - ok 20:20:32.0125 3028 PDRFRAME - ok 20:20:32.0140 3028 perc2 - ok 20:20:32.0156 3028 perc2hib - ok 20:20:32.0218 3028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:20:32.0312 3028 PptpMiniport - ok 20:20:32.0343 3028 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 20:20:32.0437 3028 Processor - ok 20:20:32.0468 3028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:20:32.0562 3028 PSched - ok 20:20:32.0625 3028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:20:32.0718 3028 Ptilink - ok 20:20:32.0750 3028 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:20:32.0765 3028 PxHelp20 - ok 20:20:32.0781 3028 pxscan (a5b3922b9f821fc8ff2821423e40026c) C:\WINDOWS\system32\drivers\pxscan.sys 20:20:32.0781 3028 pxscan - ok 20:20:32.0812 3028 pxsec (6613bbed3b306aee00d8a7b8d4cad5cd) C:\WINDOWS\system32\drivers\pxsec.sys 20:20:32.0828 3028 pxsec - ok 20:20:32.0828 3028 ql1080 - ok 20:20:32.0859 3028 Ql10wnt - ok 20:20:32.0875 3028 ql12160 - ok 20:20:32.0890 3028 ql1240 - ok 20:20:32.0906 3028 ql1280 - ok 20:20:32.0921 3028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:20:33.0015 3028 RasAcd - ok 20:20:33.0046 3028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:20:33.0156 3028 Rasl2tp - ok 20:20:33.0187 3028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:20:33.0296 3028 RasPppoe - ok 20:20:33.0312 3028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:20:33.0421 3028 Raspti - ok 20:20:33.0453 3028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:20:33.0562 3028 Rdbss - ok 20:20:33.0609 3028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:20:33.0718 3028 RDPCDD - ok 20:20:33.0750 3028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:20:33.0828 3028 rdpdr - ok 20:20:33.0875 3028 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:20:33.0921 3028 RDPWD - ok 20:20:33.0953 3028 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:20:34.0046 3028 redbook - ok 20:20:34.0109 3028 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 20:20:34.0156 3028 RT73 - ok 20:20:34.0187 3028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:20:34.0281 3028 Secdrv - ok 20:20:34.0328 3028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:20:34.0421 3028 serenum - ok 20:20:34.0453 3028 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 20:20:34.0546 3028 Serial - ok 20:20:34.0609 3028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:20:34.0718 3028 Sfloppy - ok 20:20:34.0734 3028 Simbad - ok 20:20:34.0781 3028 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 20:20:34.0875 3028 SONYPVU1 - ok 20:20:34.0890 3028 Sparrow - ok 20:20:34.0921 3028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:20:35.0015 3028 splitter - ok 20:20:35.0062 3028 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys 20:20:35.0093 3028 sptd - ok 20:20:35.0125 3028 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 20:20:35.0218 3028 sr - ok 20:20:35.0265 3028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:20:35.0312 3028 Srv - ok 20:20:35.0359 3028 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 20:20:35.0359 3028 ssmdrv - ok 20:20:35.0406 3028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:20:35.0500 3028 swenum - ok 20:20:35.0531 3028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:20:35.0625 3028 swmidi - ok 20:20:35.0656 3028 symc810 - ok 20:20:35.0671 3028 symc8xx - ok 20:20:35.0687 3028 sym_hi - ok 20:20:35.0703 3028 sym_u3 - ok 20:20:35.0734 3028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:20:35.0828 3028 sysaudio - ok 20:20:35.0875 3028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:20:35.0937 3028 Tcpip - ok 20:20:35.0968 3028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:20:36.0046 3028 TDPIPE - ok 20:20:36.0078 3028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:20:36.0171 3028 TDTCP - ok 20:20:36.0187 3028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:20:36.0281 3028 TermDD - ok 20:20:36.0296 3028 TosIde - ok 20:20:36.0343 3028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:20:36.0437 3028 Udfs - ok 20:20:36.0453 3028 ultra - ok 20:20:36.0500 3028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:20:36.0625 3028 Update - ok 20:20:36.0671 3028 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:20:36.0703 3028 USBAAPL - ok 20:20:36.0718 3028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:20:36.0812 3028 usbccgp - ok 20:20:36.0828 3028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:20:36.0921 3028 usbehci - ok 20:20:36.0953 3028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:20:37.0046 3028 usbhub - ok 20:20:37.0062 3028 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:20:37.0156 3028 usbohci - ok 20:20:37.0171 3028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:20:37.0265 3028 usbscan - ok 20:20:37.0281 3028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:20:37.0390 3028 USBSTOR - ok 20:20:37.0406 3028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:20:37.0515 3028 VgaSave - ok 20:20:37.0531 3028 ViaIde - ok 20:20:37.0562 3028 Video3D (9fe6c63d22abfea5c1d2b3efb9d31619) C:\WINDOWS\system32\Drivers\Video3D.sys 20:20:37.0562 3028 Video3D ( UnsignedFile.Multi.Generic ) - warning 20:20:37.0562 3028 Video3D - detected UnsignedFile.Multi.Generic (1) 20:20:37.0625 3028 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 20:20:37.0718 3028 VolSnap - ok 20:20:37.0734 3028 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys 20:20:37.0750 3028 vsbus ( UnsignedFile.Multi.Generic ) - warning 20:20:37.0750 3028 vsbus - detected UnsignedFile.Multi.Generic (1) 20:20:37.0765 3028 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys 20:20:37.0781 3028 vserial ( UnsignedFile.Multi.Generic ) - warning 20:20:37.0781 3028 vserial - detected UnsignedFile.Multi.Generic (1) 20:20:37.0812 3028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:20:37.0921 3028 Wanarp - ok 20:20:37.0937 3028 WDICA - ok 20:20:37.0968 3028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:20:38.0062 3028 wdmaud - ok 20:20:38.0140 3028 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:20:38.0234 3028 WS2IFSL - ok 20:20:38.0265 3028 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 20:20:38.0265 3028 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected 20:20:38.0265 3028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 20:20:38.0328 3028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:20:38.0328 3028 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:20:38.0343 3028 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5 20:20:39.0125 3028 \Device\Harddisk1\DR5 - ok 20:20:39.0125 3028 Boot (0x1200) (02f7a4fbad29d4378c821fa6c87c4b87) \Device\Harddisk0\DR0\Partition0 20:20:39.0125 3028 \Device\Harddisk0\DR0\Partition0 - ok 20:20:39.0140 3028 Boot (0x1200) (3ca5b144f95fb8b71ddd270010ab1228) \Device\Harddisk0\DR0\Partition1 20:20:39.0140 3028 \Device\Harddisk0\DR0\Partition1 - ok 20:20:39.0156 3028 Boot (0x1200) (329bca23c13db9b98324a0b39965945e) \Device\Harddisk0\DR0\Partition2 20:20:39.0156 3028 \Device\Harddisk0\DR0\Partition2 - ok 20:20:39.0187 3028 Boot (0x1200) (3056a26256512c2bb2c2c02d06012044) \Device\Harddisk0\DR0\Partition3 20:20:39.0187 3028 \Device\Harddisk0\DR0\Partition3 - ok 20:20:39.0187 3028 Boot (0x1200) (2346a0bd4febf05682828353f12a2f57) \Device\Harddisk1\DR5\Partition0 20:20:39.0187 3028 \Device\Harddisk1\DR5\Partition0 - ok 20:20:39.0187 3028 ============================================================ 20:20:39.0187 3028 Scan finished 20:20:39.0187 3028 ============================================================ 20:20:39.0343 2588 Detected object count: 19 20:20:39.0343 2588 Actual detected object count: 19 20:21:17.0656 2588 actser ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0656 2588 actser ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0656 2588 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0656 2588 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 ASInsHelp ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 ASInsHelp ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 AVMBTSND ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 AVMBTSND ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 AVMCOWAN ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 bfhubase ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 bfhubase ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 CAPI_CIP ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 CAPI_CIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 EIO ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 gmer ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 gmer ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0671 2588 NETBFPAN ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0671 2588 NETBFPAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0687 2588 Video3D ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0687 2588 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0687 2588 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0687 2588 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0687 2588 vserial ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:17.0687 2588 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:17.0750 2588 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot 20:21:17.0750 2588 \Device\Harddisk0\DR0 - ok 20:21:17.0750 2588 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure 20:21:17.0750 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:21:17.0750 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip |
|
11.10.2011, 09:46
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-VerbindungswünscheZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2011, 16:53
| #9 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Jetzt das neue Log: 17:49:11.0187 3584 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06 17:49:13.0187 3584 ============================================================ 17:49:13.0187 3584 Current date / time: 2011/10/11 17:49:13.0187 17:49:13.0187 3584 SystemInfo: 17:49:13.0187 3584 17:49:13.0187 3584 OS Version: 5.1.2600 ServicePack: 3.0 17:49:13.0187 3584 Product type: Workstation 17:49:13.0187 3584 ComputerName: URSPC 17:49:13.0187 3584 UserName: Urs 17:49:13.0187 3584 Windows directory: C:\WINDOWS 17:49:13.0187 3584 System windows directory: C:\WINDOWS 17:49:13.0187 3584 Processor architecture: Intel x86 17:49:13.0187 3584 Number of processors: 1 17:49:13.0187 3584 Page size: 0x1000 17:49:13.0187 3584 Boot type: Normal boot 17:49:13.0187 3584 ============================================================ 17:49:13.0468 3584 Initialize success 17:49:43.0062 2344 ============================================================ 17:49:43.0062 2344 Scan started 17:49:43.0062 2344 Mode: Manual; SigCheck; TDLFS; 17:49:43.0062 2344 ============================================================ 17:49:43.0171 2344 Abiosdsk - ok 17:49:43.0187 2344 abp480n5 - ok 17:49:43.0234 2344 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:49:43.0453 2344 ACPI - ok 17:49:43.0500 2344 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:49:43.0625 2344 ACPIEC - ok 17:49:43.0656 2344 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys 17:49:43.0671 2344 actser ( UnsignedFile.Multi.Generic ) - warning 17:49:43.0671 2344 actser - detected UnsignedFile.Multi.Generic (1) 17:49:43.0687 2344 adpu160m - ok 17:49:43.0734 2344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:49:43.0828 2344 aec - ok 17:49:43.0875 2344 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 17:49:43.0890 2344 AegisP ( UnsignedFile.Multi.Generic ) - warning 17:49:43.0890 2344 AegisP - detected UnsignedFile.Multi.Generic (1) 17:49:43.0921 2344 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 17:49:43.0968 2344 AFD - ok 17:49:43.0984 2344 Aha154x - ok 17:49:44.0000 2344 aic78u2 - ok 17:49:44.0015 2344 aic78xx - ok 17:49:44.0125 2344 ALCXWDM (69dee6c352f8dcb1725bd0f974c76f79) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 17:49:44.0312 2344 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning 17:49:44.0312 2344 ALCXWDM - detected UnsignedFile.Multi.Generic (1) 17:49:44.0343 2344 AliIde - ok 17:49:44.0359 2344 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 17:49:44.0390 2344 AmdK8 - ok 17:49:44.0406 2344 amsint - ok 17:49:44.0437 2344 asc - ok 17:49:44.0453 2344 asc3350p - ok 17:49:44.0468 2344 asc3550 - ok 17:49:44.0484 2344 ASInsHelp (33c171de483ee145f31234d93b078919) C:\WINDOWS\system32\drivers\AsInsHelp32.sys 17:49:44.0500 2344 ASInsHelp ( UnsignedFile.Multi.Generic ) - warning 17:49:44.0500 2344 ASInsHelp - detected UnsignedFile.Multi.Generic (1) 17:49:44.0531 2344 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys 17:49:44.0546 2344 AsIO ( UnsignedFile.Multi.Generic ) - warning 17:49:44.0546 2344 AsIO - detected UnsignedFile.Multi.Generic (1) 17:49:44.0625 2344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:49:44.0703 2344 AsyncMac - ok 17:49:44.0734 2344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:49:44.0843 2344 atapi - ok 17:49:44.0859 2344 Atdisk - ok 17:49:44.0906 2344 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 17:49:44.0953 2344 atksgt - ok 17:49:44.0968 2344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:49:45.0078 2344 Atmarpc - ok 17:49:45.0109 2344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:49:45.0218 2344 audstub - ok 17:49:45.0281 2344 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 17:49:45.0281 2344 avgio - ok 17:49:45.0328 2344 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:49:45.0328 2344 avgntflt - ok 17:49:45.0359 2344 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:49:45.0375 2344 avipbb - ok 17:49:45.0421 2344 AVMBTPARALLEL (6a759d41c97fcdc6ba27fa7f2f26ec49) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys 17:49:45.0437 2344 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0437 2344 AVMBTPARALLEL - detected UnsignedFile.Multi.Generic (1) 17:49:45.0453 2344 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys 17:49:45.0468 2344 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0468 2344 AVMBTSERIAL - detected UnsignedFile.Multi.Generic (1) 17:49:45.0484 2344 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys 17:49:45.0500 2344 AVMBTSND ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0500 2344 AVMBTSND - detected UnsignedFile.Multi.Generic (1) 17:49:45.0531 2344 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 17:49:45.0546 2344 AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0546 2344 AVMCOWAN - detected UnsignedFile.Multi.Generic (1) 17:49:45.0609 2344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:49:45.0734 2344 Beep - ok 17:49:45.0765 2344 bfhubase (df8a22a4ef54f393c5960bbfed560a59) C:\WINDOWS\system32\DRIVERS\bfhubase.sys 17:49:45.0828 2344 bfhubase ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0828 2344 bfhubase - detected UnsignedFile.Multi.Generic (1) 17:49:45.0859 2344 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys 17:49:45.0906 2344 CAPI_CIP ( UnsignedFile.Multi.Generic ) - warning 17:49:45.0906 2344 CAPI_CIP - detected UnsignedFile.Multi.Generic (1) 17:49:45.0937 2344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:49:46.0046 2344 cbidf2k - ok 17:49:46.0062 2344 cd20xrnt - ok 17:49:46.0093 2344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:49:46.0234 2344 Cdaudio - ok 17:49:46.0265 2344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:49:46.0359 2344 Cdfs - ok 17:49:46.0406 2344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:49:46.0500 2344 Cdrom - ok 17:49:46.0515 2344 Changer - ok 17:49:46.0562 2344 CmdIde - ok 17:49:46.0609 2344 Cpqarray - ok 17:49:46.0640 2344 dac2w2k - ok 17:49:46.0656 2344 dac960nt - ok 17:49:46.0703 2344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:49:46.0796 2344 Disk - ok 17:49:46.0843 2344 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 17:49:47.0000 2344 dmboot - ok 17:49:47.0031 2344 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 17:49:47.0140 2344 dmio - ok 17:49:47.0171 2344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:49:47.0296 2344 dmload - ok 17:49:47.0328 2344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:49:47.0421 2344 DMusic - ok 17:49:47.0453 2344 dpti2o - ok 17:49:47.0484 2344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:49:47.0578 2344 drmkaud - ok 17:49:47.0609 2344 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys 17:49:47.0625 2344 EIO ( UnsignedFile.Multi.Generic ) - warning 17:49:47.0625 2344 EIO - detected UnsignedFile.Multi.Generic (1) 17:49:47.0687 2344 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 17:49:47.0703 2344 ElbyCDIO - ok 17:49:47.0718 2344 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 17:49:47.0734 2344 ElbyDelay - ok 17:49:47.0781 2344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:49:47.0890 2344 Fastfat - ok 17:49:47.0937 2344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 17:49:48.0046 2344 Fdc - ok 17:49:48.0078 2344 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 17:49:48.0187 2344 Fips - ok 17:49:48.0218 2344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 17:49:48.0328 2344 Flpydisk - ok 17:49:48.0359 2344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:49:48.0468 2344 FltMgr - ok 17:49:48.0500 2344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:49:48.0625 2344 Fs_Rec - ok 17:49:48.0671 2344 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:49:48.0796 2344 Ftdisk - ok 17:49:48.0828 2344 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 17:49:48.0921 2344 gameenum - ok 17:49:48.0984 2344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 17:49:48.0984 2344 GEARAspiWDM - ok 17:49:49.0031 2344 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys 17:49:49.0046 2344 gmer ( UnsignedFile.Multi.Generic ) - warning 17:49:49.0046 2344 gmer - detected UnsignedFile.Multi.Generic (1) 17:49:49.0093 2344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:49:49.0281 2344 Gpc - ok 17:49:49.0343 2344 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:49:49.0453 2344 hidusb - ok 17:49:49.0468 2344 hpn - ok 17:49:49.0484 2344 hpt3xx - ok 17:49:49.0531 2344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:49:49.0578 2344 HTTP - ok 17:49:49.0640 2344 i2omgmt - ok 17:49:49.0656 2344 i2omp - ok 17:49:49.0718 2344 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:49:49.0859 2344 i8042prt - ok 17:49:49.0906 2344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:49:50.0078 2344 Imapi - ok 17:49:50.0109 2344 ini910u - ok 17:49:50.0140 2344 IntelIde - ok 17:49:50.0187 2344 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:49:50.0328 2344 ip6fw - ok 17:49:50.0375 2344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:49:50.0562 2344 IpFilterDriver - ok 17:49:50.0625 2344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:49:50.0765 2344 IpInIp - ok 17:49:50.0812 2344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:49:50.0953 2344 IpNat - ok 17:49:50.0984 2344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:49:51.0125 2344 IPSec - ok 17:49:51.0171 2344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:49:51.0265 2344 IRENUM - ok 17:49:51.0296 2344 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:49:51.0390 2344 isapnp - ok 17:49:51.0421 2344 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:49:51.0515 2344 Kbdclass - ok 17:49:51.0546 2344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:49:51.0640 2344 kmixer - ok 17:49:51.0687 2344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 17:49:51.0734 2344 KSecDD - ok 17:49:51.0750 2344 lbrtfdc - ok 17:49:51.0796 2344 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 17:49:51.0796 2344 lirsgt - ok 17:49:51.0812 2344 LMouKE - ok 17:49:51.0859 2344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:49:51.0984 2344 mnmdd - ok 17:49:52.0015 2344 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 17:49:52.0125 2344 Modem - ok 17:49:52.0140 2344 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:49:52.0250 2344 Mouclass - ok 17:49:52.0281 2344 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:49:52.0406 2344 mouhid - ok 17:49:52.0453 2344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:49:52.0546 2344 MountMgr - ok 17:49:52.0593 2344 mraid35x - ok 17:49:52.0640 2344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:49:52.0750 2344 MRxDAV - ok 17:49:52.0796 2344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:49:52.0875 2344 MRxSmb - ok 17:49:52.0953 2344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:49:53.0046 2344 Msfs - ok 17:49:53.0093 2344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:49:53.0187 2344 MSKSSRV - ok 17:49:53.0218 2344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:49:53.0312 2344 MSPCLOCK - ok 17:49:53.0343 2344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:49:53.0437 2344 MSPQM - ok 17:49:53.0468 2344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:49:53.0562 2344 mssmbios - ok 17:49:53.0625 2344 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 17:49:53.0750 2344 ms_mpu401 - ok 17:49:53.0765 2344 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 17:49:53.0781 2344 MTsensor - ok 17:49:53.0812 2344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 17:49:53.0843 2344 Mup - ok 17:49:53.0890 2344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:49:53.0984 2344 NDIS - ok 17:49:54.0031 2344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:49:54.0062 2344 NdisTapi - ok 17:49:54.0109 2344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:49:54.0203 2344 Ndisuio - ok 17:49:54.0250 2344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:49:54.0343 2344 NdisWan - ok 17:49:54.0375 2344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 17:49:54.0421 2344 NDProxy - ok 17:49:54.0453 2344 NETBFPAN (518c22c02da275cb30d5beb58786129f) C:\WINDOWS\system32\DRIVERS\netbfpan.sys 17:49:54.0453 2344 NETBFPAN ( UnsignedFile.Multi.Generic ) - warning 17:49:54.0468 2344 NETBFPAN - detected UnsignedFile.Multi.Generic (1) 17:49:54.0500 2344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:49:54.0593 2344 NetBIOS - ok 17:49:54.0640 2344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:49:54.0734 2344 NetBT - ok 17:49:54.0796 2344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:49:54.0890 2344 Npfs - ok 17:49:54.0937 2344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:49:55.0062 2344 Ntfs - ok 17:49:55.0093 2344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:49:55.0203 2344 Null - ok 17:49:55.0296 2344 nv (6e626f7316df8c3e672baf8df6acb9b9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:49:55.0500 2344 nv - ok 17:49:55.0531 2344 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys 17:49:55.0546 2344 nvata - ok 17:49:55.0609 2344 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 17:49:55.0640 2344 NVENETFD - ok 17:49:55.0687 2344 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 17:49:55.0703 2344 nvnetbus - ok 17:49:55.0734 2344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:49:55.0843 2344 NwlnkFlt - ok 17:49:55.0875 2344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:49:55.0984 2344 NwlnkFwd - ok 17:49:56.0031 2344 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 17:49:56.0125 2344 Parport - ok 17:49:56.0156 2344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:49:56.0250 2344 PartMgr - ok 17:49:56.0281 2344 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 17:49:56.0390 2344 ParVdm - ok 17:49:56.0421 2344 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 17:49:56.0515 2344 PCI - ok 17:49:56.0531 2344 PCIDump - ok 17:49:56.0562 2344 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:49:56.0687 2344 PCIIde - ok 17:49:56.0718 2344 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:49:56.0812 2344 Pcmcia - ok 17:49:56.0828 2344 PDCOMP - ok 17:49:56.0843 2344 PDFRAME - ok 17:49:56.0859 2344 PDRELI - ok 17:49:56.0890 2344 PDRFRAME - ok 17:49:56.0906 2344 perc2 - ok 17:49:56.0921 2344 perc2hib - ok 17:49:56.0984 2344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:49:57.0078 2344 PptpMiniport - ok 17:49:57.0109 2344 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 17:49:57.0203 2344 Processor - ok 17:49:57.0234 2344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:49:57.0312 2344 PSched - ok 17:49:57.0359 2344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:49:57.0453 2344 Ptilink - ok 17:49:57.0484 2344 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:49:57.0500 2344 PxHelp20 - ok 17:49:57.0515 2344 pxscan (a5b3922b9f821fc8ff2821423e40026c) C:\WINDOWS\system32\drivers\pxscan.sys 17:49:57.0531 2344 pxscan - ok 17:49:57.0578 2344 pxsec (6613bbed3b306aee00d8a7b8d4cad5cd) C:\WINDOWS\system32\drivers\pxsec.sys 17:49:57.0593 2344 pxsec - ok 17:49:57.0609 2344 ql1080 - ok 17:49:57.0625 2344 Ql10wnt - ok 17:49:57.0656 2344 ql12160 - ok 17:49:57.0671 2344 ql1240 - ok 17:49:57.0687 2344 ql1280 - ok 17:49:57.0718 2344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:49:57.0812 2344 RasAcd - ok 17:49:57.0843 2344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:49:57.0953 2344 Rasl2tp - ok 17:49:57.0984 2344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:49:58.0093 2344 RasPppoe - ok 17:49:58.0140 2344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:49:58.0234 2344 Raspti - ok 17:49:58.0281 2344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:49:58.0375 2344 Rdbss - ok 17:49:58.0406 2344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:49:58.0500 2344 RDPCDD - ok 17:49:58.0546 2344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:49:58.0656 2344 rdpdr - ok 17:49:58.0703 2344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 17:49:58.0734 2344 RDPWD - ok 17:49:58.0781 2344 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:49:58.0875 2344 redbook - ok 17:49:58.0937 2344 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 17:49:59.0000 2344 RT73 - ok 17:49:59.0031 2344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:49:59.0125 2344 Secdrv - ok 17:49:59.0171 2344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:49:59.0265 2344 serenum - ok 17:49:59.0296 2344 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 17:49:59.0390 2344 Serial - ok 17:49:59.0453 2344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:49:59.0546 2344 Sfloppy - ok 17:49:59.0609 2344 Simbad - ok 17:49:59.0671 2344 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 17:49:59.0765 2344 SONYPVU1 - ok 17:49:59.0796 2344 Sparrow - ok 17:49:59.0828 2344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:49:59.0921 2344 splitter - ok 17:49:59.0968 2344 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys 17:50:00.0015 2344 sptd - ok 17:50:00.0046 2344 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 17:50:00.0156 2344 sr - ok 17:50:00.0187 2344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 17:50:00.0250 2344 Srv - ok 17:50:00.0296 2344 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:50:00.0296 2344 ssmdrv - ok 17:50:00.0343 2344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:50:00.0453 2344 swenum - ok 17:50:00.0484 2344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:50:00.0578 2344 swmidi - ok 17:50:00.0609 2344 symc810 - ok 17:50:00.0625 2344 symc8xx - ok 17:50:00.0640 2344 sym_hi - ok 17:50:00.0656 2344 sym_u3 - ok 17:50:00.0703 2344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:50:00.0796 2344 sysaudio - ok 17:50:00.0828 2344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:50:00.0890 2344 Tcpip - ok 17:50:00.0937 2344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:50:01.0031 2344 TDPIPE - ok 17:50:01.0062 2344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:50:01.0140 2344 TDTCP - ok 17:50:01.0171 2344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:50:01.0265 2344 TermDD - ok 17:50:01.0296 2344 TosIde - ok 17:50:01.0328 2344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:50:01.0421 2344 Udfs - ok 17:50:01.0453 2344 ultra - ok 17:50:01.0500 2344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:50:01.0625 2344 Update - ok 17:50:01.0671 2344 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 17:50:01.0718 2344 USBAAPL - ok 17:50:01.0734 2344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:50:01.0828 2344 usbccgp - ok 17:50:01.0875 2344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:50:01.0968 2344 usbehci - ok 17:50:01.0984 2344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:50:02.0078 2344 usbhub - ok 17:50:02.0109 2344 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:50:02.0203 2344 usbohci - ok 17:50:02.0218 2344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:50:02.0312 2344 usbscan - ok 17:50:02.0328 2344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:50:02.0421 2344 USBSTOR - ok 17:50:02.0453 2344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:50:02.0531 2344 VgaSave - ok 17:50:02.0562 2344 ViaIde - ok 17:50:02.0625 2344 Video3D (9fe6c63d22abfea5c1d2b3efb9d31619) C:\WINDOWS\system32\Drivers\Video3D.sys 17:50:02.0625 2344 Video3D ( UnsignedFile.Multi.Generic ) - warning 17:50:02.0625 2344 Video3D - detected UnsignedFile.Multi.Generic (1) 17:50:02.0671 2344 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 17:50:02.0765 2344 VolSnap - ok 17:50:02.0796 2344 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys 17:50:02.0812 2344 vsbus ( UnsignedFile.Multi.Generic ) - warning 17:50:02.0812 2344 vsbus - detected UnsignedFile.Multi.Generic (1) 17:50:02.0828 2344 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys 17:50:02.0843 2344 vserial ( UnsignedFile.Multi.Generic ) - warning 17:50:02.0843 2344 vserial - detected UnsignedFile.Multi.Generic (1) 17:50:02.0890 2344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:50:03.0000 2344 Wanarp - ok 17:50:03.0015 2344 WDICA - ok 17:50:03.0046 2344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:50:03.0156 2344 wdmaud - ok 17:50:03.0218 2344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:50:03.0312 2344 WS2IFSL - ok 17:50:03.0343 2344 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 17:50:03.0468 2344 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 17:50:03.0468 2344 \Device\Harddisk0\DR0 - detected TDSS File System (1) 17:50:03.0468 2344 Boot (0x1200) (02f7a4fbad29d4378c821fa6c87c4b87) \Device\Harddisk0\DR0\Partition0 17:50:03.0468 2344 \Device\Harddisk0\DR0\Partition0 - ok 17:50:03.0515 2344 Boot (0x1200) (3ca5b144f95fb8b71ddd270010ab1228) \Device\Harddisk0\DR0\Partition1 17:50:03.0515 2344 \Device\Harddisk0\DR0\Partition1 - ok 17:50:03.0531 2344 Boot (0x1200) (329bca23c13db9b98324a0b39965945e) \Device\Harddisk0\DR0\Partition2 17:50:03.0531 2344 \Device\Harddisk0\DR0\Partition2 - ok 17:50:03.0562 2344 Boot (0x1200) (3056a26256512c2bb2c2c02d06012044) \Device\Harddisk0\DR0\Partition3 17:50:03.0578 2344 \Device\Harddisk0\DR0\Partition3 - ok 17:50:03.0578 2344 ============================================================ 17:50:03.0578 2344 Scan finished 17:50:03.0578 2344 ============================================================ 17:50:03.0687 1780 Detected object count: 18 17:50:03.0687 1780 Actual detected object count: 18 17:50:27.0687 1780 C:\WINDOWS\system32\drivers\actser.sys - copied to quarantine 17:50:27.0687 1780 actser ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:27.0734 1780 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine 17:50:27.0734 1780 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:27.0937 1780 C:\WINDOWS\system32\drivers\ALCXWDM.SYS - copied to quarantine 17:50:27.0937 1780 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:27.0968 1780 C:\WINDOWS\system32\drivers\AsInsHelp32.sys - copied to quarantine 17:50:27.0968 1780 ASInsHelp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0000 1780 C:\WINDOWS\system32\drivers\AsIO.sys - copied to quarantine 17:50:28.0000 1780 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0046 1780 C:\WINDOWS\system32\DRIVERS\avmbtpar.sys - copied to quarantine 17:50:28.0046 1780 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0062 1780 C:\WINDOWS\system32\DRIVERS\avmbtser.sys - copied to quarantine 17:50:28.0062 1780 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0093 1780 C:\WINDOWS\system32\drivers\avmbtsnd.sys - copied to quarantine 17:50:28.0093 1780 AVMBTSND ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0109 1780 C:\WINDOWS\system32\DRIVERS\avmcowan.sys - copied to quarantine 17:50:28.0109 1780 AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0171 1780 C:\WINDOWS\system32\DRIVERS\bfhubase.sys - copied to quarantine 17:50:28.0171 1780 bfhubase ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0203 1780 C:\WINDOWS\system32\DRIVERS\capi_cip.sys - copied to quarantine 17:50:28.0203 1780 CAPI_CIP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0234 1780 C:\WINDOWS\system32\drivers\EIO.sys - copied to quarantine 17:50:28.0234 1780 EIO ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0265 1780 C:\WINDOWS\system32\DRIVERS\gmer.sys - copied to quarantine 17:50:28.0265 1780 gmer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0312 1780 C:\WINDOWS\system32\DRIVERS\netbfpan.sys - copied to quarantine 17:50:28.0312 1780 NETBFPAN ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0343 1780 C:\WINDOWS\system32\Drivers\Video3D.sys - copied to quarantine 17:50:28.0343 1780 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0375 1780 C:\WINDOWS\system32\DRIVERS\vsb.sys - copied to quarantine 17:50:28.0375 1780 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0406 1780 C:\WINDOWS\system32\DRIVERS\vserial.sys - copied to quarantine 17:50:28.0406 1780 vserial ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 17:50:28.0453 1780 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine 17:50:28.0453 1780 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine 17:50:28.0453 1780 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine 17:50:28.0468 1780 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine 17:50:28.0468 1780 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine 17:50:28.0468 1780 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine 17:50:28.0468 1780 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine 17:50:28.0468 1780 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine 17:50:28.0531 1780 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 17:50:28.0531 1780 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 17:50:28.0531 1780 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 17:50:28.0531 1780 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 17:50:28.0593 1780 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine 17:50:28.0609 1780 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine 17:50:28.0609 1780 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine 17:50:28.0609 1780 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine 17:50:28.0671 1780 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine 17:50:28.0671 1780 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine 17:50:28.0687 1780 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine 17:50:28.0703 1780 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine 17:50:28.0703 1780 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine 17:50:28.0703 1780 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine |
|
11.10.2011, 17:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Warum kopierst du denn jetzt alles in die Quarantäne?? Ich hab doch extra nur bestimmte Einträge zitiert, darauf bezog sich das Entfernen!! Und Entfernen bedeutet NICHT in die Q zu kopieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2011, 17:05
| #11 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Okay, dann habe ich dich falsch verstanden ... Der neue Scan sieht so aus: 18:54:46.0156 2720 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06 18:54:47.0578 2720 ============================================================ 18:54:47.0578 2720 Current date / time: 2011/10/11 18:54:47.0578 18:54:47.0578 2720 SystemInfo: 18:54:47.0578 2720 18:54:47.0578 2720 OS Version: 5.1.2600 ServicePack: 3.0 18:54:47.0578 2720 Product type: Workstation 18:54:47.0578 2720 ComputerName: URSPC 18:54:47.0578 2720 UserName: Urs 18:54:47.0578 2720 Windows directory: C:\WINDOWS 18:54:47.0578 2720 System windows directory: C:\WINDOWS 18:54:47.0578 2720 Processor architecture: Intel x86 18:54:47.0578 2720 Number of processors: 1 18:54:47.0578 2720 Page size: 0x1000 18:54:47.0578 2720 Boot type: Normal boot 18:54:47.0578 2720 ============================================================ 18:54:47.0875 2720 Initialize success 18:55:11.0984 3264 ============================================================ 18:55:11.0984 3264 Scan started 18:55:11.0984 3264 Mode: Manual; SigCheck; TDLFS; 18:55:11.0984 3264 ============================================================ 18:55:12.0125 3264 Abiosdsk - ok 18:55:12.0156 3264 abp480n5 - ok 18:55:12.0203 3264 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:55:12.0390 3264 ACPI - ok 18:55:12.0421 3264 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:55:12.0531 3264 ACPIEC - ok 18:55:12.0562 3264 actser (6463d1db354b13e6ced4d67f6e4910f4) C:\WINDOWS\system32\drivers\actser.sys 18:55:12.0578 3264 actser ( UnsignedFile.Multi.Generic ) - warning 18:55:12.0578 3264 actser - detected UnsignedFile.Multi.Generic (1) 18:55:12.0609 3264 adpu160m - ok 18:55:12.0656 3264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:55:12.0750 3264 aec - ok 18:55:12.0781 3264 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 18:55:12.0781 3264 AegisP ( UnsignedFile.Multi.Generic ) - warning 18:55:12.0781 3264 AegisP - detected UnsignedFile.Multi.Generic (1) 18:55:12.0828 3264 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 18:55:12.0828 3264 AFD - ok 18:55:12.0843 3264 Aha154x - ok 18:55:12.0859 3264 aic78u2 - ok 18:55:12.0890 3264 aic78xx - ok 18:55:12.0984 3264 ALCXWDM (69dee6c352f8dcb1725bd0f974c76f79) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 18:55:13.0125 3264 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning 18:55:13.0125 3264 ALCXWDM - detected UnsignedFile.Multi.Generic (1) 18:55:13.0156 3264 AliIde - ok 18:55:13.0171 3264 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 18:55:13.0187 3264 AmdK8 - ok 18:55:13.0203 3264 amsint - ok 18:55:13.0234 3264 asc - ok 18:55:13.0250 3264 asc3350p - ok 18:55:13.0265 3264 asc3550 - ok 18:55:13.0296 3264 ASInsHelp (33c171de483ee145f31234d93b078919) C:\WINDOWS\system32\drivers\AsInsHelp32.sys 18:55:13.0296 3264 ASInsHelp ( UnsignedFile.Multi.Generic ) - warning 18:55:13.0296 3264 ASInsHelp - detected UnsignedFile.Multi.Generic (1) 18:55:13.0328 3264 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys 18:55:13.0343 3264 AsIO ( UnsignedFile.Multi.Generic ) - warning 18:55:13.0343 3264 AsIO - detected UnsignedFile.Multi.Generic (1) 18:55:13.0375 3264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:55:13.0484 3264 AsyncMac - ok 18:55:13.0515 3264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:55:13.0609 3264 atapi - ok 18:55:13.0625 3264 Atdisk - ok 18:55:13.0656 3264 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 18:55:13.0687 3264 atksgt - ok 18:55:13.0718 3264 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:55:13.0812 3264 Atmarpc - ok 18:55:13.0859 3264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:55:13.0968 3264 audstub - ok 18:55:14.0015 3264 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 18:55:14.0015 3264 avgio - ok 18:55:14.0046 3264 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:55:14.0062 3264 avgntflt - ok 18:55:14.0078 3264 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:55:14.0093 3264 avipbb - ok 18:55:14.0140 3264 AVMBTPARALLEL (6a759d41c97fcdc6ba27fa7f2f26ec49) C:\WINDOWS\system32\DRIVERS\avmbtpar.sys 18:55:14.0140 3264 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0140 3264 AVMBTPARALLEL - detected UnsignedFile.Multi.Generic (1) 18:55:14.0171 3264 AVMBTSERIAL (4bb8956474c4770083f4f50a51f26bcf) C:\WINDOWS\system32\DRIVERS\avmbtser.sys 18:55:14.0187 3264 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0187 3264 AVMBTSERIAL - detected UnsignedFile.Multi.Generic (1) 18:55:14.0203 3264 AVMBTSND (e22454df488d6d38d2a9cc4926f331bb) C:\WINDOWS\system32\drivers\avmbtsnd.sys 18:55:14.0218 3264 AVMBTSND ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0218 3264 AVMBTSND - detected UnsignedFile.Multi.Generic (1) 18:55:14.0234 3264 AVMCOWAN (b092b71977cceb0f66fea6773ff23cb3) C:\WINDOWS\system32\DRIVERS\avmcowan.sys 18:55:14.0265 3264 AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0265 3264 AVMCOWAN - detected UnsignedFile.Multi.Generic (1) 18:55:14.0296 3264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:55:14.0406 3264 Beep - ok 18:55:14.0437 3264 bfhubase (df8a22a4ef54f393c5960bbfed560a59) C:\WINDOWS\system32\DRIVERS\bfhubase.sys 18:55:14.0484 3264 bfhubase ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0484 3264 bfhubase - detected UnsignedFile.Multi.Generic (1) 18:55:14.0531 3264 CAPI_CIP (600fe1fc7f063398e56fbce22488b108) C:\WINDOWS\system32\DRIVERS\capi_cip.sys 18:55:14.0546 3264 CAPI_CIP ( UnsignedFile.Multi.Generic ) - warning 18:55:14.0546 3264 CAPI_CIP - detected UnsignedFile.Multi.Generic (1) 18:55:14.0625 3264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:55:14.0734 3264 cbidf2k - ok 18:55:14.0765 3264 cd20xrnt - ok 18:55:14.0781 3264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:55:14.0906 3264 Cdaudio - ok 18:55:14.0937 3264 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:55:15.0046 3264 Cdfs - ok 18:55:15.0078 3264 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:55:15.0171 3264 Cdrom - ok 18:55:15.0187 3264 Changer - ok 18:55:15.0218 3264 CmdIde - ok 18:55:15.0250 3264 Cpqarray - ok 18:55:15.0265 3264 dac2w2k - ok 18:55:15.0281 3264 dac960nt - ok 18:55:15.0328 3264 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:55:15.0421 3264 Disk - ok 18:55:15.0468 3264 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 18:55:15.0593 3264 dmboot - ok 18:55:15.0625 3264 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 18:55:15.0718 3264 dmio - ok 18:55:15.0750 3264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:55:15.0859 3264 dmload - ok 18:55:15.0890 3264 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:55:15.0984 3264 DMusic - ok 18:55:16.0000 3264 dpti2o - ok 18:55:16.0046 3264 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:55:16.0125 3264 drmkaud - ok 18:55:16.0156 3264 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys 18:55:16.0171 3264 EIO ( UnsignedFile.Multi.Generic ) - warning 18:55:16.0171 3264 EIO - detected UnsignedFile.Multi.Generic (1) 18:55:16.0203 3264 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 18:55:16.0218 3264 ElbyCDIO - ok 18:55:16.0250 3264 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 18:55:16.0250 3264 ElbyDelay - ok 18:55:16.0296 3264 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:55:16.0390 3264 Fastfat - ok 18:55:16.0437 3264 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 18:55:16.0531 3264 Fdc - ok 18:55:16.0593 3264 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 18:55:16.0703 3264 Fips - ok 18:55:16.0734 3264 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 18:55:16.0812 3264 Flpydisk - ok 18:55:16.0859 3264 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:55:16.0937 3264 FltMgr - ok 18:55:16.0984 3264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:55:17.0093 3264 Fs_Rec - ok 18:55:17.0125 3264 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:55:17.0234 3264 Ftdisk - ok 18:55:17.0250 3264 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 18:55:17.0343 3264 gameenum - ok 18:55:17.0390 3264 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 18:55:17.0390 3264 GEARAspiWDM - ok 18:55:17.0421 3264 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys 18:55:17.0437 3264 gmer ( UnsignedFile.Multi.Generic ) - warning 18:55:17.0437 3264 gmer - detected UnsignedFile.Multi.Generic (1) 18:55:17.0468 3264 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:55:17.0562 3264 Gpc - ok 18:55:17.0609 3264 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:55:17.0703 3264 hidusb - ok 18:55:17.0718 3264 hpn - ok 18:55:17.0750 3264 hpt3xx - ok 18:55:17.0781 3264 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:55:17.0796 3264 HTTP - ok 18:55:17.0828 3264 i2omgmt - ok 18:55:17.0843 3264 i2omp - ok 18:55:17.0875 3264 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:55:17.0968 3264 i8042prt - ok 18:55:18.0015 3264 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:55:18.0109 3264 Imapi - ok 18:55:18.0140 3264 ini910u - ok 18:55:18.0156 3264 IntelIde - ok 18:55:18.0187 3264 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:55:18.0281 3264 ip6fw - ok 18:55:18.0312 3264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:55:18.0437 3264 IpFilterDriver - ok 18:55:18.0468 3264 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:55:18.0562 3264 IpInIp - ok 18:55:18.0625 3264 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:55:18.0703 3264 IpNat - ok 18:55:18.0750 3264 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:55:18.0843 3264 IPSec - ok 18:55:18.0875 3264 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:55:18.0968 3264 IRENUM - ok 18:55:19.0015 3264 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:55:19.0109 3264 isapnp - ok 18:55:19.0140 3264 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:55:19.0234 3264 Kbdclass - ok 18:55:19.0265 3264 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:55:19.0359 3264 kmixer - ok 18:55:19.0390 3264 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:55:19.0406 3264 KSecDD - ok 18:55:19.0421 3264 lbrtfdc - ok 18:55:19.0468 3264 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 18:55:19.0484 3264 lirsgt - ok 18:55:19.0500 3264 LMouKE - ok 18:55:19.0546 3264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:55:19.0656 3264 mnmdd - ok 18:55:19.0687 3264 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 18:55:19.0781 3264 Modem - ok 18:55:19.0796 3264 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:55:19.0890 3264 Mouclass - ok 18:55:19.0921 3264 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:55:20.0031 3264 mouhid - ok 18:55:20.0078 3264 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:55:20.0171 3264 MountMgr - ok 18:55:20.0187 3264 mraid35x - ok 18:55:20.0218 3264 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:55:20.0312 3264 MRxDAV - ok 18:55:20.0359 3264 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:55:20.0375 3264 MRxSmb - ok 18:55:20.0406 3264 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:55:20.0500 3264 Msfs - ok 18:55:20.0546 3264 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:55:20.0625 3264 MSKSSRV - ok 18:55:20.0656 3264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:55:20.0750 3264 MSPCLOCK - ok 18:55:20.0781 3264 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:55:20.0875 3264 MSPQM - ok 18:55:20.0906 3264 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:55:20.0984 3264 mssmbios - ok 18:55:21.0015 3264 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 18:55:21.0125 3264 ms_mpu401 - ok 18:55:21.0156 3264 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 18:55:21.0171 3264 MTsensor - ok 18:55:21.0203 3264 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:55:21.0218 3264 Mup - ok 18:55:21.0265 3264 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:55:21.0359 3264 NDIS - ok 18:55:21.0390 3264 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:55:21.0406 3264 NdisTapi - ok 18:55:21.0437 3264 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:55:21.0531 3264 Ndisuio - ok 18:55:21.0593 3264 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:55:21.0687 3264 NdisWan - ok 18:55:21.0718 3264 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:55:21.0718 3264 NDProxy - ok 18:55:21.0750 3264 NETBFPAN (518c22c02da275cb30d5beb58786129f) C:\WINDOWS\system32\DRIVERS\netbfpan.sys 18:55:21.0750 3264 NETBFPAN ( UnsignedFile.Multi.Generic ) - warning 18:55:21.0750 3264 NETBFPAN - detected UnsignedFile.Multi.Generic (1) 18:55:21.0796 3264 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:55:21.0875 3264 NetBIOS - ok 18:55:21.0921 3264 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:55:22.0000 3264 NetBT - ok 18:55:22.0062 3264 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:55:22.0140 3264 Npfs - ok 18:55:22.0187 3264 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:55:22.0281 3264 Ntfs - ok 18:55:22.0328 3264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:55:22.0421 3264 Null - ok 18:55:22.0500 3264 nv (6e626f7316df8c3e672baf8df6acb9b9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:55:22.0640 3264 nv - ok 18:55:22.0687 3264 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys 18:55:22.0687 3264 nvata - ok 18:55:22.0718 3264 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 18:55:22.0734 3264 NVENETFD - ok 18:55:22.0765 3264 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 18:55:22.0765 3264 nvnetbus - ok 18:55:22.0796 3264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:55:22.0906 3264 NwlnkFlt - ok 18:55:22.0921 3264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:55:23.0015 3264 NwlnkFwd - ok 18:55:23.0046 3264 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 18:55:23.0140 3264 Parport - ok 18:55:23.0171 3264 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:55:23.0265 3264 PartMgr - ok 18:55:23.0281 3264 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 18:55:23.0375 3264 ParVdm - ok 18:55:23.0406 3264 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 18:55:23.0484 3264 PCI - ok 18:55:23.0500 3264 PCIDump - ok 18:55:23.0546 3264 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:55:23.0625 3264 PCIIde - ok 18:55:23.0656 3264 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:55:23.0750 3264 Pcmcia - ok 18:55:23.0765 3264 PDCOMP - ok 18:55:23.0781 3264 PDFRAME - ok 18:55:23.0796 3264 PDRELI - ok 18:55:23.0812 3264 PDRFRAME - ok 18:55:23.0828 3264 perc2 - ok 18:55:23.0843 3264 perc2hib - ok 18:55:23.0906 3264 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:55:24.0000 3264 PptpMiniport - ok 18:55:24.0015 3264 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 18:55:24.0109 3264 Processor - ok 18:55:24.0140 3264 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:55:24.0218 3264 PSched - ok 18:55:24.0250 3264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:55:24.0343 3264 Ptilink - ok 18:55:24.0375 3264 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:55:24.0390 3264 PxHelp20 - ok 18:55:24.0421 3264 pxscan (a5b3922b9f821fc8ff2821423e40026c) C:\WINDOWS\system32\drivers\pxscan.sys 18:55:24.0421 3264 pxscan - ok 18:55:24.0453 3264 pxsec (6613bbed3b306aee00d8a7b8d4cad5cd) C:\WINDOWS\system32\drivers\pxsec.sys 18:55:24.0468 3264 pxsec - ok 18:55:24.0484 3264 ql1080 - ok 18:55:24.0500 3264 Ql10wnt - ok 18:55:24.0515 3264 ql12160 - ok 18:55:24.0531 3264 ql1240 - ok 18:55:24.0546 3264 ql1280 - ok 18:55:24.0609 3264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:55:24.0703 3264 RasAcd - ok 18:55:24.0750 3264 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:55:24.0828 3264 Rasl2tp - ok 18:55:24.0875 3264 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:55:24.0953 3264 RasPppoe - ok 18:55:24.0968 3264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:55:25.0062 3264 Raspti - ok 18:55:25.0109 3264 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:55:25.0187 3264 Rdbss - ok 18:55:25.0203 3264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:55:25.0296 3264 RDPCDD - ok 18:55:25.0343 3264 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:55:25.0437 3264 rdpdr - ok 18:55:25.0468 3264 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 18:55:25.0484 3264 RDPWD - ok 18:55:25.0515 3264 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:55:25.0609 3264 redbook - ok 18:55:25.0671 3264 RT73 (c7bcf9808e2a1b4cabe16ff7fbce5fab) C:\WINDOWS\system32\DRIVERS\rt73.sys 18:55:25.0687 3264 RT73 - ok 18:55:25.0734 3264 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:55:25.0812 3264 Secdrv - ok 18:55:25.0859 3264 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:55:25.0937 3264 serenum - ok 18:55:25.0968 3264 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 18:55:26.0062 3264 Serial - ok 18:55:26.0125 3264 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:55:26.0203 3264 Sfloppy - ok 18:55:26.0218 3264 Simbad - ok 18:55:26.0265 3264 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 18:55:26.0343 3264 SONYPVU1 - ok 18:55:26.0359 3264 Sparrow - ok 18:55:26.0390 3264 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:55:26.0484 3264 splitter - ok 18:55:26.0531 3264 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys 18:55:26.0562 3264 sptd - ok 18:55:26.0625 3264 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 18:55:26.0703 3264 sr - ok 18:55:26.0750 3264 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:55:26.0765 3264 Srv - ok 18:55:26.0796 3264 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:55:26.0812 3264 ssmdrv - ok 18:55:26.0843 3264 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:55:26.0937 3264 swenum - ok 18:55:26.0953 3264 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:55:27.0046 3264 swmidi - ok 18:55:27.0062 3264 symc810 - ok 18:55:27.0078 3264 symc8xx - ok 18:55:27.0109 3264 sym_hi - ok 18:55:27.0125 3264 sym_u3 - ok 18:55:27.0140 3264 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:55:27.0234 3264 sysaudio - ok 18:55:27.0265 3264 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:55:27.0281 3264 Tcpip - ok 18:55:27.0296 3264 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:55:27.0390 3264 TDPIPE - ok 18:55:27.0421 3264 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:55:27.0500 3264 TDTCP - ok 18:55:27.0531 3264 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:55:27.0609 3264 TermDD - ok 18:55:27.0640 3264 TosIde - ok 18:55:27.0687 3264 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:55:27.0765 3264 Udfs - ok 18:55:27.0796 3264 ultra - ok 18:55:27.0937 3264 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:55:28.0046 3264 Update - ok 18:55:28.0109 3264 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 18:55:28.0125 3264 USBAAPL - ok 18:55:28.0203 3264 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:55:28.0296 3264 usbccgp - ok 18:55:28.0500 3264 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:55:28.0593 3264 usbehci - ok 18:55:28.0656 3264 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:55:28.0734 3264 usbhub - ok 18:55:28.0781 3264 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 18:55:28.0875 3264 usbohci - ok 18:55:28.0953 3264 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:55:29.0031 3264 usbscan - ok 18:55:29.0078 3264 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:55:29.0156 3264 USBSTOR - ok 18:55:29.0187 3264 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:55:29.0265 3264 VgaSave - ok 18:55:29.0281 3264 ViaIde - ok 18:55:29.0328 3264 Video3D (9fe6c63d22abfea5c1d2b3efb9d31619) C:\WINDOWS\system32\Drivers\Video3D.sys 18:55:29.0328 3264 Video3D ( UnsignedFile.Multi.Generic ) - warning 18:55:29.0328 3264 Video3D - detected UnsignedFile.Multi.Generic (1) 18:55:29.0359 3264 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 18:55:29.0437 3264 VolSnap - ok 18:55:29.0468 3264 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys 18:55:29.0468 3264 vsbus ( UnsignedFile.Multi.Generic ) - warning 18:55:29.0468 3264 vsbus - detected UnsignedFile.Multi.Generic (1) 18:55:29.0500 3264 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys 18:55:29.0500 3264 vserial ( UnsignedFile.Multi.Generic ) - warning 18:55:29.0500 3264 vserial - detected UnsignedFile.Multi.Generic (1) 18:55:29.0546 3264 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:55:29.0625 3264 Wanarp - ok 18:55:29.0640 3264 WDICA - ok 18:55:29.0671 3264 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:55:29.0765 3264 wdmaud - ok 18:55:29.0828 3264 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:55:29.0921 3264 WS2IFSL - ok 18:55:29.0953 3264 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 18:55:30.0062 3264 \Device\Harddisk0\DR0 - ok 18:55:30.0078 3264 Boot (0x1200) (02f7a4fbad29d4378c821fa6c87c4b87) \Device\Harddisk0\DR0\Partition0 18:55:30.0078 3264 \Device\Harddisk0\DR0\Partition0 - ok 18:55:30.0109 3264 Boot (0x1200) (3ca5b144f95fb8b71ddd270010ab1228) \Device\Harddisk0\DR0\Partition1 18:55:30.0109 3264 \Device\Harddisk0\DR0\Partition1 - ok 18:55:30.0125 3264 Boot (0x1200) (329bca23c13db9b98324a0b39965945e) \Device\Harddisk0\DR0\Partition2 18:55:30.0125 3264 \Device\Harddisk0\DR0\Partition2 - ok 18:55:30.0156 3264 Boot (0x1200) (3056a26256512c2bb2c2c02d06012044) \Device\Harddisk0\DR0\Partition3 18:55:30.0156 3264 \Device\Harddisk0\DR0\Partition3 - ok 18:55:30.0156 3264 ============================================================ 18:55:30.0156 3264 Scan finished 18:55:30.0156 3264 ============================================================ 18:55:30.0265 3272 Detected object count: 17 18:55:30.0265 3272 Actual detected object count: 17 18:55:41.0312 3272 actser ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0312 3272 actser ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0312 3272 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0312 3272 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0312 3272 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0312 3272 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0312 3272 ASInsHelp ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 ASInsHelp ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 AVMBTPARALLEL ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 AVMBTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 AVMBTSND ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 AVMBTSND ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 AVMCOWAN ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 bfhubase ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 bfhubase ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 CAPI_CIP ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 CAPI_CIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 EIO ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 gmer ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 gmer ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 NETBFPAN ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 NETBFPAN ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 Video3D ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0328 3272 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0328 3272 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:55:41.0343 3272 vserial ( UnsignedFile.Multi.Generic ) - skipped by user 18:55:41.0343 3272 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip Gibt es eine Möglichkeit, die Sachen aus der Quarantäne zu entfernen? Geändert von Urmel1980 (11.10.2011 um 18:00 Uhr) |
|
14.10.2011, 15:12
| #12 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Hallo Arne, gibt es noch etwas, was ich tun kann? |
|
16.10.2011, 12:46
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Das sind Fehlalarme, bitte NICHTS mit dem TDSS-Killer entfernen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.10.2011, 22:15
| #14 |
| | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Hallo Arne, hier ist nun das ComboFix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-16.02 - Urs 16.10.2011 23:04:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.532 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Urs\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Urs\WINDOWS
c:\programme\messenger\msmsgsin.exe
c:\programme\msn\msncorefiles\custdial.dll
c:\programme\msn\msncorefiles\logonmgr.dll
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0407.exe
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-16 bis 2011-10-16 ))))))))))))))))))))))))))))))
.
.
2011-10-14 21:42 . 2011-10-14 21:42 -------- d-----w- c:\dokumente und einstellungen\Urs\Anwendungsdaten\Avira
2011-10-14 21:42 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-14 21:42 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-14 21:42 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-14 21:42 . 2011-10-14 21:42 -------- d-----w- c:\programme\Avira
2011-10-14 21:42 . 2011-10-14 21:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-10-11 15:50 . 2011-10-11 15:50 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-10 16:20 . 2011-10-10 16:20 -------- d-----w- C:\_OTL
2011-10-08 21:17 . 2011-10-08 21:17 -------- d-----w- c:\programme\ESET
2011-10-08 08:30 . 2011-10-08 08:30 -------- d-----w- c:\dokumente und einstellungen\Urs\Anwendungsdaten\Wise Registry Cleaner
2011-10-08 08:29 . 2011-10-08 08:29 -------- d-----w- c:\programme\Wise Registry Cleaner
2011-10-08 07:50 . 2011-10-08 07:50 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2011-10-08 07:45 . 2011-10-08 07:50 -------- d-----w- c:\dokumente und einstellungen\Urs\Lokale Einstellungen\Anwendungsdaten\Temp
2011-10-08 07:45 . 2011-10-08 07:45 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2011-10-08 07:45 . 2011-10-08 09:20 -------- d-----w- c:\programme\Google
2011-10-08 07:45 . 2011-10-08 08:26 -------- d-----w- c:\dokumente und einstellungen\Urs\Lokale Einstellungen\Anwendungsdaten\Google
2011-10-07 20:36 . 2011-10-07 20:36 -------- d-----w- c:\dokumente und einstellungen\Urs\Anwendungsdaten\Malwarebytes
2011-10-07 20:35 . 2011-10-07 20:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-10-07 20:35 . 2011-10-07 20:35 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-10-06 21:09 . 2011-10-06 21:12 -------- d-----w- c:\dokumente und einstellungen\Administrator
2011-09-23 20:18 . 2011-09-23 20:18 -------- d-----w- c:\dokumente und einstellungen\Urs\Anwendungsdaten\PReader2
2011-09-23 20:15 . 2011-09-23 20:16 -------- d-----w- c:\dokumente und einstellungen\Urs\Lokale Einstellungen\Anwendungsdaten\Deployment
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\programme\Microsoft.NET
2011-09-23 20:05 . 2011-09-23 20:41 -------- d-----w- c:\programme\PReader2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 20:56 . 2006-03-21 21:27 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-10-04 20:08 . 2011-05-18 15:14 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:11 . 2001-08-18 12:00 604160 ---ha-w- c:\windows\system32\crypt32.dll
2011-10-06 19:28 . 2011-03-22 16:46 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"NVIDIA nTune"="c:\programme\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"nwiz"="nwiz.exe" [2004-12-15 1490944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"AVMBlueClient"="c:\programme\avmclient\bluefritz.exe" [2004-08-23 1662976]
"AVMBLUEOBEX"="c:\programme\avmclient\AvmObex.exe" [2004-08-23 364544]
"freenet_MediaSuite"="c:\programme\Freenet\Freenet_Foto\MediaSuite.exe" [2006-04-11 294912]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\dokumente und einstellungen\Urs\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-11-4 917504]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-11-4 679936]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-14 110592]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Ralink Wireless Utility.lnk - c:\programme\RALINK\Common\RaUI.exe [2008-10-15 1531904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\programme\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Civilization 4\\Civilization4.exe"=
"e:\\World of Warcraft\\WoW-1.9.0-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-deDE-downloader.exe"=
"e:\\Warcraft III\\Warcraft III.exe"=
"e:\\Warcraft III\\war3.exe"=
"e:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-deDE-downloader.exe"=
"e:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-deDE-patch-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.3-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-deDE-downloader.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"e:\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"e:\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Programme\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Programme\\Mathematica\\7.0\\math.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ\\ICQ6.5\\ICQ.exe"=
"e:\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"e:\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"e:\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"c:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [16.02.2009 23:17 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [18.04.2009 21:38 27656]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.10.2011 23:42 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.10.2011 23:42 86224]
R2 AVM BT Connection Service;AVM BT Connection Service;c:\programme\avmclient\avmbtservice.exe [23.08.2004 02:00 299101]
R2 AVM BT PAN Service;AVM BT PAN Service;c:\programme\avmclient\panapp.exe [23.08.2004 02:00 135229]
R2 AvmObexService;AVM BT OBEX Service;c:\programme\avmclient\AvmObexService.exe [23.08.2004 02:00 172032]
R2 CSIScanner;CSIScanner;c:\programme\Prevx\prevx.exe [16.02.2009 23:17 4368952]
R3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;c:\windows\system32\drivers\avmbtpar.sys [23.08.2004 02:00 60032]
R3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;c:\windows\system32\drivers\avmbtser.sys [23.08.2004 02:00 61056]
R3 AVMBTSND;AVM Bluetooth Audio Driver;c:\windows\system32\drivers\avmbtsnd.sys [23.08.2004 02:00 49664]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmcowan.sys [23.08.2004 02:00 53248]
R3 bfhubase;BlueFRITZ! USB 2.5(WinXP/2000);c:\windows\system32\drivers\bfhubase.sys [23.08.2004 02:00 796192]
R3 CAPI_CIP;AVM Bluetooth CAPI-Controller;c:\windows\system32\drivers\capi_cip.sys [23.08.2004 02:00 374144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Freenet\Common\Database\bin\fbserver.exe [03.03.2007 16:43 1527900]
S3 NETBFPAN;AVM Bluetooth Netzwerkadapter;c:\windows\system32\drivers\netbfpan.sys [23.08.2004 02:00 35914]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.04.2008 20:16 717296]
.
Inhalt des "geplante Tasks" Ordners
.
2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
LSP: c:\programme\FRITZ!DSL\sarah.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Urs\Anwendungsdaten\Mozilla\Firefox\Profiles\us9n8x1q.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-tonica 6.0 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-16 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-16 23:10:17
ComboFix-quarantined-files.txt 2011-10-16 21:10
.
Vor Suchlauf: 14 Verzeichnis(se), 12.200.849.408 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.178.198.528 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1B2DB8DBBD3005E648A738651534CEE2
|
|
17.10.2011, 17:01
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Log nach Entfernen von "Data Restore" wegen wiederkehrender IE-Verbindungswünsche |
| .com, 0x00000001, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, data restore, desktop, dsl, einstellungen, entfernen, explorer, firefox, format, hijack, ie-verbindungen, internet, internet explorer, intranet, logfile, mozilla, object, plug-in, realtek, registry, rundll, seiten, software, system, usb, version=1.0 |
Linear-Darstellung
