| |
| |||||||
Log-Analyse und Auswertung: Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinanderWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2011, 11:31
| #1 |
 |  Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hallo, vorab erstmal die geforderten Logdateien: OLT: OTL logfile created on: 19.10.2011 10:10:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jungle\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,03% Memory free 4,21 Gb Paging File | 2,91 Gb Available in Paging File | 69,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,17 Gb Total Space | 1,06 Gb Free Space | 1,07% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,05 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Computer Name: ALFONS | User Name: jungle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.19 10:04:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jungle\Desktop\OTL.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\herbert\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\herbert\mbamservice.exe PRC - [2011.07.27 22:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.02 05:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2008.01.02 05:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2008.01.02 05:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.11.01 17:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2007.07.27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe PRC - [2007.04.27 10:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.03.28 21:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 21:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe ========== Modules (No Company Name) ========== MOD - [2011.07.25 15:28:19 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.07.25 15:28:19 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2007.05.24 14:41:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.04.27 10:34:24 | 000,103,968 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\herbert\mbamservice.exe -- (MBAMService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.02 05:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2008.01.02 05:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.02 05:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.08.13 11:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.02.28 13:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.28 13:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.02.28 13:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.03 08:22:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.25 16:44:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.03 22:43:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.25 15:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jungle\AppData\Roaming\mozilla\Extensions [2011.07.26 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.27 07:04:21 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.07.26 22:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.10.03 08:22:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\herbert\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\jungle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297BBE9D-515D-415B-BFF4-E0A314CAC283}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F4CD087-49DC-43CD-81DB-A41A18C3D06F}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.19 10:04:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jungle\Desktop\OTL.exe [2011.10.17 12:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.10.17 12:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011.10.15 10:45:30 | 000,000,000 | ---D | C] -- C:\Users\jungle\AppData\Roaming\Avira [2011.10.15 10:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.15 10:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011.10.15 10:43:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.15 10:43:06 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.15 10:43:06 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.15 10:43:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.15 10:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.15 10:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.11 19:13:47 | 000,000,000 | ---D | C] -- C:\Users\jungle\AppData\Roaming\vlc [2011.10.03 22:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.10.03 22:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herbert [2011.10.03 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\herbert [2011.10.03 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\jungle\AppData\Roaming\Malwarebytes [2011.10.03 22:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.03 22:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.03 22:14:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.03 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [1 C:\Users\jungle\*.tmp files -> C:\Users\jungle\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.19 10:16:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 10:16:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 10:04:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jungle\Desktop\OTL.exe [2011.10.19 10:03:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.19 09:55:24 | 000,000,000 | ---- | M] () -- C:\Users\jungle\defogger_reenable [2011.10.19 08:16:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.18 20:29:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.18 20:25:59 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.10.18 20:24:11 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys [2011.10.16 17:31:43 | 000,298,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.15 19:23:56 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.15 19:23:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.15 19:23:56 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.15 19:23:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.15 10:44:28 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.03 20:52:25 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [1 C:\Users\jungle\*.tmp files -> C:\Users\jungle\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.19 09:55:24 | 000,000,000 | ---- | C] () -- C:\Users\jungle\defogger_reenable [2011.10.15 10:44:28 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.03 20:51:40 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys [2011.07.27 23:17:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.27 17:47:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.27 17:47:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.25 19:50:06 | 000,000,680 | ---- | C] () -- C:\Users\jungle\AppData\Local\d3d9caps.dat [2011.07.24 15:28:01 | 000,044,544 | ---- | C] () -- C:\Users\jungle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.27 07:35:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll [2008.02.27 07:35:00 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.27 07:35:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.27 07:34:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.02.27 07:34:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.26 23:52:37 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,298,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.08.09 16:19:58 | 000,000,000 | ---D | M] -- C:\Users\jungle\AppData\Roaming\Amazon [2011.07.25 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\jungle\AppData\Roaming\OpenCandy [2011.07.25 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\jungle\AppData\Roaming\OpenOffice.org [2011.07.25 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\jungle\AppData\Roaming\PCDr [2011.07.25 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\jungle\AppData\Roaming\Thunderbird [2011.10.03 20:52:25 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011.10.18 20:23:04 | 000,022,024 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.18 20:25:59 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.24 15:19:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.07.29 09:07:22 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.24 15:21:07 | 000,000,000 | ---D | M] -- C:\DELL [2008.02.27 07:14:02 | 000,000,000 | ---D | M] -- C:\doctemp [2008.02.26 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2011.07.24 15:11:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.02.27 07:13:58 | 000,000,000 | ---D | M] -- C:\Drivers [2011.07.24 15:22:39 | 000,000,000 | ---D | M] -- C:\Intel [2011.07.27 07:10:43 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.17 12:03:49 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.15 10:42:59 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.07.24 15:11:20 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.19 10:20:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.24 15:18:26 | 000,000,000 | R--D | M] -- C:\Users [2011.10.04 06:22:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.07.25 15:52:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\jungle\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011.07.25 15:52:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2011.07.25 15:52:14 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.02.27 07:21:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\jungle\AppData\Local\Temp\RarSFX2\h\explorer.exe [2008.02.27 07:21:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.07.25 15:52:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\jungle\AppData\Local\Temp\RarSFX2\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\jungle\AppData\Local\Temp\RarSFX2\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-15 17:39:34 < > < End of report > Die anderen Logfiles habe ich als Anhang beigefügt. Der Defogger hat mich nicht zum Neustart aufgefordert - ich habe dann einfach mit OLT weitergemacht, hoffe, das war ok. Zu meinem Problem: Ich hatte kürzlich einen Trojaner auf dem Rechner (oder sowas, jedenfalls ein unerwünschtes Programm). Das Ganze ist aufgetreten, als ich meine externe Festplatte angeschlossen habe - ich weiß nicht, ob es wirklich an der Festplatte lag, würde aber auch gerne diese überprüfen, ohne wieder einen "Befall" zu haben. Es kam eine Fehlermeldung "Scan Disc & Fix" oder so ähnlich - dort gab es auch einen ok-Button zum anklicken (ich weiß ehrlich gesagt nicht genau, ob ich so blöd war da drau zu klicken). Diese Fehlermeldung ist ganz massiv aufgetreten, also so 20 - 30 Fenster auf einmal, ich konnte quasi kaum mehr was machen am Rechner, er ist auch immer wieder unvermittelt runtergefahren. Ich habe dann Malwarebytes heruntergeladen und inzwischen mehrfach ausgeführt - die Logdateien habe ich als Anhang beigefügt (protectionlog und mbamlog). Auch mein Antivir hat in diesem Zeitraum mal was gefunden - hier der Bericht: Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 15. Oktober 2011 10:59 Es wird nach 3395449 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : jungle Computername : ALFONS Versionsinformationen: BUILD.DAT : 12.0.0.855 Bytes 12.10.2011 16:36:00 AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 12:59:38 AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58 LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47 AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 12:59:38 AVREG.DLL : 12.1.0.20 227024 Bytes 11.10.2011 12:59:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09 VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54 VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 12:59:54 VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 12:59:54 VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 12:59:54 VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 12:59:54 VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 12:59:54 VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:59:54 VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 12:59:54 VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57 VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 08:45:59 VBASE017.VDF : 7.11.16.2 2048 Bytes 14.10.2011 08:46:00 VBASE018.VDF : 7.11.16.3 2048 Bytes 14.10.2011 08:46:00 VBASE019.VDF : 7.11.16.4 2048 Bytes 14.10.2011 08:46:00 VBASE020.VDF : 7.11.16.5 2048 Bytes 14.10.2011 08:46:00 VBASE021.VDF : 7.11.16.6 2048 Bytes 14.10.2011 08:46:00 VBASE022.VDF : 7.11.16.7 2048 Bytes 14.10.2011 08:46:00 VBASE023.VDF : 7.11.16.8 2048 Bytes 14.10.2011 08:46:00 VBASE024.VDF : 7.11.16.9 2048 Bytes 14.10.2011 08:46:00 VBASE025.VDF : 7.11.16.10 2048 Bytes 14.10.2011 08:46:00 VBASE026.VDF : 7.11.16.11 2048 Bytes 14.10.2011 08:46:00 VBASE027.VDF : 7.11.16.12 2048 Bytes 14.10.2011 08:46:01 VBASE028.VDF : 7.11.16.13 2048 Bytes 14.10.2011 08:46:01 VBASE029.VDF : 7.11.16.14 2048 Bytes 14.10.2011 08:46:01 VBASE030.VDF : 7.11.16.15 2048 Bytes 14.10.2011 08:46:01 VBASE031.VDF : 7.11.16.18 15360 Bytes 14.10.2011 08:46:01 Engineversion : 8.2.6.84 AEVDF.DLL : 8.1.2.1 106868 Bytes 01.09.2011 21:46:02 AESCRIPT.DLL : 8.1.3.81 467322 Bytes 11.10.2011 12:59:35 AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02 AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.10.11 684408 Bytes 22.09.2011 14:18:45 AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.09.2011 23:17:25 AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 11:41:59 AEHELP.DLL : 8.1.17.7 254327 Bytes 01.09.2011 21:46:01 AEGEN.DLL : 8.1.5.9 401780 Bytes 01.09.2011 21:46:01 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.23.0 196983 Bytes 01.09.2011 21:46:01 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38 AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51 AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00 RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\program files\avira\antivir desktop\alldrives.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 15. Oktober 2011 10:59 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'psqltray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'quickset.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sttray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PCMService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DellWMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'OEM02Mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1274' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\Users\jungle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4fa4c95b-42a3062b [0] Archivtyp: ZIP --> support/Pipe.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 --> support/Socket.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.Q Beginne mit der Suche in 'D:\' <RECOVERY> Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Desinfektion: C:\Users\jungle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4fa4c95b-42a3062b [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.Q [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bc5d1a7.qua' verschoben! Ende des Suchlaufs: Samstag, 15. Oktober 2011 14:25 Benötigte Zeit: 2:23:33 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 27172 Verzeichnisse wurden überprüft 378880 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 378878 Dateien ohne Befall 3073 Archive wurden durchsucht 0 Warnungen 1 Hinweise Nachdem Malwarebytes drübergelaufen war, war der Computer wieder bedienbar, aber der Desktophintergrund schwarz, das Startmenü leer und alle Dateien "weg" (die Festplatte aber noch voll). Ich habe dann rumgegoogelt und "unhide" runtergeladen und ausgeführt. Jetzt sind die Dateien wieder da, allerdings ziemlich durcheinander, der Desktophintergrund ist immer noch schwarz und das Startmenü auch nicht so ganz richtig. Außerdem bin ich mir immer noch unsicher, ob der Rechner jetzt auch wirklich sauber ist. Meine externe Festplatte habe ich seitdem nicht mehr angeschlossen - würde das aber gerne wieder, habe aber Angst, dass der "Befall" von ihr ausgegangen ist und alles wieder von vorne losgeht. Könnt Ihr mir weiterhelfen - wäre toll! Viele Grüße |
|
19.10.2011, 19:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
20.10.2011, 05:33
| #3 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hallo Arne,
__________________hier ist der Inhalt der log.txt: ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=187c392c19fe9c4c87c62ecce9c9b3f9 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-20 01:27:56 # local_time=2011-10-20 03:27:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 382202 382202 0 0 # compatibility_mode=5892 16776573 100 100 31839 156583109 0 0 # compatibility_mode=8192 67108863 100 0 649 649 0 0 # scanned=166619 # found=1 # cleaned=0 # scan_time=23695 C:\Users\jungle\AppData\Local\Temp\jar_cache21868.tmp a variant of Win32/Kryptik.TPC trojan (unable to clean) 00000000000000000000000000000000 I Viele Grüße Janina |
|
20.10.2011, 13:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2011.07.27 22:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.10.15 10:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
:Files
C:\Users\jungle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.10.2011, 05:48
| #5 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hier ist das Logfile: All processes killed ========== OTL ========== No active process named Updater.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully. C:\Programme\Dell\BAE\BAE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Programme\Ask.com\Updater\Updater.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. C:\Program Files\Ask.com\Updater folder moved successfully. C:\Program Files\Ask.com\assets\oobe folder moved successfully. C:\Program Files\Ask.com\assets folder moved successfully. C:\Program Files\Ask.com folder moved successfully. ========== FILES ========== C:\Users\jungle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 80055 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jungle ->Temp folder emptied: 404503345 bytes ->Temporary Internet Files folder emptied: 13525695 bytes ->Java cache emptied: 1202392 bytes ->FireFox cache emptied: 288567517 bytes ->Flash cache emptied: 11993 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 709968 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 64994322 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 738,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 10202011_231308 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Viele Grüße |
|
21.10.2011, 13:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander |
|
21.10.2011, 16:50
| #7 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hallo, hier ist das Log - das ging ja ziemlich schnell: 17:44:28.0919 4916 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48 17:44:29.0323 4916 ============================================================ 17:44:29.0324 4916 Current date / time: 2011/10/21 17:44:29.0323 17:44:29.0324 4916 SystemInfo: 17:44:29.0324 4916 17:44:29.0324 4916 OS Version: 6.0.6002 ServicePack: 2.0 17:44:29.0325 4916 Product type: Workstation 17:44:29.0325 4916 ComputerName: ALFONS 17:44:29.0326 4916 UserName: jungle 17:44:29.0326 4916 Windows directory: C:\Windows 17:44:29.0326 4916 System windows directory: C:\Windows 17:44:29.0326 4916 Processor architecture: Intel x86 17:44:29.0326 4916 Number of processors: 2 17:44:29.0326 4916 Page size: 0x1000 17:44:29.0326 4916 Boot type: Normal boot 17:44:29.0326 4916 ============================================================ 17:44:30.0747 4916 Initialize success 17:44:39.0375 2100 ============================================================ 17:44:39.0375 2100 Scan started 17:44:39.0375 2100 Mode: Manual; SigCheck; TDLFS; 17:44:39.0375 2100 ============================================================ 17:44:40.0132 2100 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 17:44:40.0676 2100 ACPI - ok 17:44:40.0862 2100 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 17:44:40.0974 2100 adp94xx - ok 17:44:41.0186 2100 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 17:44:41.0255 2100 adpahci - ok 17:44:41.0363 2100 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 17:44:41.0412 2100 adpu160m - ok 17:44:41.0529 2100 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 17:44:41.0580 2100 adpu320 - ok 17:44:41.0808 2100 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 17:44:41.0891 2100 AFD - ok 17:44:42.0036 2100 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 17:44:42.0090 2100 agp440 - ok 17:44:42.0161 2100 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 17:44:42.0211 2100 aic78xx - ok 17:44:42.0354 2100 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys 17:44:42.0409 2100 aliide - ok 17:44:42.0461 2100 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 17:44:42.0509 2100 amdagp - ok 17:44:42.0649 2100 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys 17:44:42.0694 2100 amdide - ok 17:44:42.0772 2100 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 17:44:42.0985 2100 AmdK7 - ok 17:44:43.0090 2100 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 17:44:43.0306 2100 AmdK8 - ok 17:44:43.0518 2100 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 17:44:43.0570 2100 arc - ok 17:44:43.0616 2100 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 17:44:43.0669 2100 arcsas - ok 17:44:43.0836 2100 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 17:44:43.0954 2100 AsyncMac - ok 17:44:44.0013 2100 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 17:44:44.0075 2100 atapi - ok 17:44:44.0224 2100 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 17:44:44.0433 2100 avgntflt - ok 17:44:44.0523 2100 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys 17:44:44.0577 2100 avipbb - ok 17:44:44.0688 2100 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 17:44:44.0729 2100 avkmgr - ok 17:44:44.0866 2100 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys 17:44:44.0932 2100 b57nd60x - ok 17:44:45.0106 2100 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 17:44:45.0238 2100 Beep - ok 17:44:45.0291 2100 blbdrive - ok 17:44:45.0407 2100 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 17:44:45.0470 2100 bowser - ok 17:44:45.0573 2100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 17:44:45.0669 2100 BrFiltLo - ok 17:44:45.0746 2100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 17:44:45.0840 2100 BrFiltUp - ok 17:44:45.0967 2100 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 17:44:46.0182 2100 Brserid - ok 17:44:46.0281 2100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 17:44:46.0492 2100 BrSerWdm - ok 17:44:46.0597 2100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 17:44:46.0813 2100 BrUsbMdm - ok 17:44:46.0893 2100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 17:44:47.0101 2100 BrUsbSer - ok 17:44:47.0246 2100 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 17:44:47.0461 2100 BTHMODEM - ok 17:44:47.0697 2100 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 17:44:47.0823 2100 cdfs - ok 17:44:47.0913 2100 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 17:44:48.0007 2100 cdrom - ok 17:44:48.0156 2100 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 17:44:48.0374 2100 circlass - ok 17:44:48.0454 2100 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 17:44:48.0526 2100 CLFS - ok 17:44:48.0738 2100 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 17:44:48.0858 2100 CmBatt - ok 17:44:48.0903 2100 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys 17:44:48.0967 2100 cmdide - ok 17:44:49.0130 2100 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 17:44:49.0186 2100 Compbatt - ok 17:44:49.0247 2100 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 17:44:49.0297 2100 crcdisk - ok 17:44:49.0418 2100 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 17:44:49.0629 2100 Crusoe - ok 17:44:49.0862 2100 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 17:44:49.0948 2100 DfsC - ok 17:44:50.0154 2100 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 17:44:50.0210 2100 disk - ok 17:44:50.0413 2100 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 17:44:50.0518 2100 drmkaud - ok 17:44:50.0615 2100 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 17:44:50.0723 2100 DXGKrnl - ok 17:44:50.0865 2100 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys 17:44:51.0089 2100 e1express - ok 17:44:51.0277 2100 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 17:44:51.0483 2100 E1G60 - ok 17:44:51.0873 2100 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 17:44:51.0934 2100 Ecache - ok 17:44:52.0198 2100 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 17:44:52.0261 2100 elxstor - ok 17:44:52.0493 2100 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 17:44:52.0567 2100 exfat - ok 17:44:52.0645 2100 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 17:44:52.0757 2100 fastfat - ok 17:44:52.0880 2100 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 17:44:53.0091 2100 fdc - ok 17:44:53.0199 2100 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 17:44:53.0256 2100 FileInfo - ok 17:44:53.0409 2100 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 17:44:53.0523 2100 Filetrace - ok 17:44:53.0877 2100 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 17:44:54.0088 2100 flpydisk - ok 17:44:54.0358 2100 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 17:44:54.0423 2100 FltMgr - ok 17:44:54.0633 2100 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 17:44:54.0723 2100 Fs_Rec - ok 17:44:54.0837 2100 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 17:44:54.0885 2100 gagp30kx - ok 17:44:55.0270 2100 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 17:44:55.0359 2100 HdAudAddService - ok 17:44:55.0514 2100 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:44:55.0656 2100 HDAudBus - ok 17:44:55.0732 2100 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 17:44:55.0945 2100 HidBth - ok 17:44:56.0067 2100 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 17:44:56.0298 2100 HidIr - ok 17:44:56.0438 2100 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 17:44:56.0530 2100 HidUsb - ok 17:44:56.0657 2100 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 17:44:56.0705 2100 HpCISSs - ok 17:44:56.0815 2100 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 17:44:56.0926 2100 HTTP - ok 17:44:57.0065 2100 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 17:44:57.0118 2100 i2omp - ok 17:44:57.0423 2100 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 17:44:57.0516 2100 i8042prt - ok 17:44:58.0166 2100 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys 17:44:58.0224 2100 iaStor - ok 17:44:58.0393 2100 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 17:44:58.0453 2100 iaStorV - ok 17:44:58.0682 2100 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:44:58.0856 2100 igfx - ok 17:44:58.0995 2100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 17:44:59.0048 2100 iirsp - ok 17:44:59.0171 2100 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys 17:44:59.0223 2100 intelide - ok 17:44:59.0357 2100 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 17:44:59.0471 2100 intelppm - ok 17:44:59.0882 2100 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:44:59.0997 2100 IpFilterDriver - ok 17:45:00.0100 2100 IpInIp - ok 17:45:00.0164 2100 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 17:45:00.0367 2100 IPMIDRV - ok 17:45:00.0556 2100 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 17:45:00.0673 2100 IPNAT - ok 17:45:00.0726 2100 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 17:45:00.0843 2100 IRENUM - ok 17:45:00.0958 2100 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 17:45:01.0004 2100 isapnp - ok 17:45:01.0073 2100 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 17:45:01.0139 2100 iScsiPrt - ok 17:45:01.0274 2100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 17:45:01.0323 2100 iteatapi - ok 17:45:01.0356 2100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 17:45:01.0400 2100 iteraid - ok 17:45:01.0459 2100 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 17:45:01.0512 2100 kbdclass - ok 17:45:01.0626 2100 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys 17:45:01.0824 2100 kbdhid - ok 17:45:01.0920 2100 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 17:45:02.0019 2100 KSecDD - ok 17:45:02.0196 2100 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 17:45:02.0321 2100 lltdio - ok 17:45:02.0491 2100 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 17:45:02.0537 2100 LSI_FC - ok 17:45:02.0638 2100 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 17:45:02.0685 2100 LSI_SAS - ok 17:45:02.0754 2100 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 17:45:02.0800 2100 LSI_SCSI - ok 17:45:02.0941 2100 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 17:45:03.0066 2100 luafv - ok 17:45:03.0114 2100 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 17:45:03.0163 2100 MBAMProtector - ok 17:45:03.0305 2100 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 17:45:03.0358 2100 megasas - ok 17:45:03.0446 2100 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 17:45:03.0562 2100 Modem - ok 17:45:03.0720 2100 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 17:45:03.0834 2100 monitor - ok 17:45:03.0916 2100 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 17:45:03.0992 2100 mouclass - ok 17:45:04.0093 2100 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 17:45:04.0212 2100 mouhid - ok 17:45:04.0294 2100 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 17:45:04.0359 2100 MountMgr - ok 17:45:04.0466 2100 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 17:45:04.0514 2100 mpio - ok 17:45:04.0599 2100 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 17:45:04.0691 2100 mpsdrv - ok 17:45:04.0816 2100 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 17:45:04.0862 2100 Mraid35x - ok 17:45:04.0953 2100 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 17:45:05.0020 2100 MRxDAV - ok 17:45:05.0132 2100 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:45:05.0237 2100 mrxsmb - ok 17:45:05.0325 2100 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:45:05.0398 2100 mrxsmb10 - ok 17:45:05.0526 2100 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:45:05.0587 2100 mrxsmb20 - ok 17:45:05.0655 2100 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys 17:45:05.0700 2100 msahci - ok 17:45:05.0836 2100 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 17:45:05.0886 2100 msdsm - ok 17:45:05.0999 2100 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 17:45:06.0114 2100 Msfs - ok 17:45:06.0261 2100 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 17:45:06.0307 2100 msisadrv - ok 17:45:06.0411 2100 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 17:45:06.0526 2100 MSKSSRV - ok 17:45:06.0674 2100 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 17:45:06.0788 2100 MSPCLOCK - ok 17:45:06.0839 2100 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 17:45:06.0954 2100 MSPQM - ok 17:45:07.0097 2100 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 17:45:07.0160 2100 MsRPC - ok 17:45:07.0252 2100 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 17:45:07.0299 2100 mssmbios - ok 17:45:07.0434 2100 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 17:45:07.0546 2100 MSTEE - ok 17:45:07.0618 2100 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 17:45:07.0685 2100 Mup - ok 17:45:07.0834 2100 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 17:45:07.0903 2100 NativeWifiP - ok 17:45:08.0020 2100 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 17:45:08.0126 2100 NDIS - ok 17:45:08.0278 2100 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 17:45:08.0368 2100 NdisTapi - ok 17:45:08.0444 2100 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 17:45:08.0557 2100 Ndisuio - ok 17:45:08.0691 2100 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:45:08.0784 2100 NdisWan - ok 17:45:08.0866 2100 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 17:45:08.0959 2100 NDProxy - ok 17:45:09.0106 2100 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 17:45:09.0224 2100 NetBIOS - ok 17:45:09.0308 2100 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 17:45:09.0405 2100 netbt - ok 17:45:09.0682 2100 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys 17:45:09.0901 2100 NETw4v32 - ok 17:45:10.0033 2100 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 17:45:10.0078 2100 nfrd960 - ok 17:45:10.0165 2100 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 17:45:10.0258 2100 Npfs - ok 17:45:10.0414 2100 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 17:45:10.0530 2100 nsiproxy - ok 17:45:10.0652 2100 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 17:45:10.0787 2100 Ntfs - ok 17:45:10.0916 2100 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 17:45:11.0115 2100 ntrigdigi - ok 17:45:11.0200 2100 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 17:45:11.0316 2100 Null - ok 17:45:11.0453 2100 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 17:45:11.0503 2100 nvraid - ok 17:45:11.0552 2100 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 17:45:11.0596 2100 nvstor - ok 17:45:11.0650 2100 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 17:45:11.0698 2100 nv_agp - ok 17:45:11.0804 2100 NwlnkFlt - ok 17:45:11.0833 2100 NwlnkFwd - ok 17:45:11.0893 2100 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 17:45:11.0950 2100 OEM02Dev - ok 17:45:12.0073 2100 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 17:45:12.0120 2100 OEM02Vfx - ok 17:45:12.0222 2100 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 17:45:12.0317 2100 ohci1394 - ok 17:45:12.0440 2100 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 17:45:12.0642 2100 Parport - ok 17:45:12.0766 2100 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 17:45:12.0820 2100 partmgr - ok 17:45:12.0917 2100 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 17:45:13.0117 2100 Parvdm - ok 17:45:13.0250 2100 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 17:45:13.0311 2100 pci - ok 17:45:13.0396 2100 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 17:45:13.0447 2100 pciide - ok 17:45:13.0521 2100 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 17:45:13.0575 2100 pcmcia - ok 17:45:13.0708 2100 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 17:45:13.0957 2100 PEAUTH - ok 17:45:14.0242 2100 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 17:45:14.0359 2100 PptpMiniport - ok 17:45:14.0417 2100 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 17:45:14.0619 2100 Processor - ok 17:45:14.0804 2100 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 17:45:14.0897 2100 PSched - ok 17:45:14.0954 2100 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 17:45:14.0993 2100 PxHelp20 - ok 17:45:15.0168 2100 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 17:45:15.0294 2100 ql2300 - ok 17:45:15.0425 2100 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 17:45:15.0473 2100 ql40xx - ok 17:45:15.0555 2100 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 17:45:15.0619 2100 QWAVEdrv - ok 17:45:15.0831 2100 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 17:45:16.0163 2100 R300 - ok 17:45:16.0334 2100 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 17:45:16.0454 2100 RasAcd - ok 17:45:16.0540 2100 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:45:16.0657 2100 Rasl2tp - ok 17:45:16.0820 2100 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 17:45:16.0912 2100 RasPppoe - ok 17:45:16.0985 2100 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 17:45:17.0062 2100 RasSstp - ok 17:45:17.0223 2100 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 17:45:17.0323 2100 rdbss - ok 17:45:17.0395 2100 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:45:17.0508 2100 RDPCDD - ok 17:45:17.0658 2100 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys 17:45:17.0719 2100 rdpdr - ok 17:45:17.0772 2100 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 17:45:17.0885 2100 RDPENCDD - ok 17:45:18.0062 2100 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 17:45:18.0161 2100 RDPWD - ok 17:45:18.0241 2100 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 17:45:18.0311 2100 rimmptsk - ok 17:45:18.0424 2100 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 17:45:18.0488 2100 rimsptsk - ok 17:45:18.0519 2100 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 17:45:18.0576 2100 rismxdp - ok 17:45:18.0741 2100 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 17:45:18.0857 2100 rspndr - ok 17:45:18.0946 2100 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 17:45:18.0994 2100 sbp2port - ok 17:45:19.0196 2100 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 17:45:19.0288 2100 sdbus - ok 17:45:19.0353 2100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:45:19.0555 2100 secdrv - ok 17:45:19.0699 2100 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 17:45:19.0896 2100 Serenum - ok 17:45:19.0972 2100 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 17:45:20.0202 2100 Serial - ok 17:45:20.0283 2100 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 17:45:20.0397 2100 sermouse - ok 17:45:20.0588 2100 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 17:45:20.0677 2100 sffdisk - ok 17:45:20.0732 2100 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 17:45:20.0801 2100 sffp_mmc - ok 17:45:20.0933 2100 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 17:45:21.0025 2100 sffp_sd - ok 17:45:21.0077 2100 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 17:45:21.0281 2100 sfloppy - ok 17:45:21.0434 2100 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 17:45:21.0483 2100 sisagp - ok 17:45:21.0530 2100 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 17:45:21.0576 2100 SiSRaid2 - ok 17:45:21.0705 2100 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 17:45:21.0753 2100 SiSRaid4 - ok 17:45:21.0849 2100 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 17:45:21.0939 2100 Smb - ok 17:45:22.0097 2100 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 17:45:22.0145 2100 spldr - ok 17:45:22.0270 2100 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 17:45:22.0363 2100 srv - ok 17:45:22.0521 2100 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 17:45:22.0607 2100 srv2 - ok 17:45:22.0656 2100 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 17:45:22.0719 2100 srvnet - ok 17:45:22.0877 2100 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 17:45:22.0916 2100 ssmdrv - ok 17:45:23.0006 2100 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 17:45:23.0079 2100 STHDA - ok 17:45:23.0253 2100 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 17:45:23.0299 2100 swenum - ok 17:45:23.0372 2100 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 17:45:23.0417 2100 Symc8xx - ok 17:45:23.0553 2100 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 17:45:23.0599 2100 Sym_hi - ok 17:45:23.0636 2100 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 17:45:23.0681 2100 Sym_u3 - ok 17:45:23.0823 2100 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys 17:45:23.0871 2100 SynTP - ok 17:45:24.0023 2100 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 17:45:24.0147 2100 Tcpip - ok 17:45:24.0340 2100 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 17:45:24.0541 2100 Tcpip6 - ok 17:45:24.0679 2100 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 17:45:24.0757 2100 tcpipreg - ok 17:45:24.0901 2100 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys 17:45:24.0942 2100 TcUsb - ok 17:45:24.0996 2100 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 17:45:25.0113 2100 TDPIPE - ok 17:45:25.0283 2100 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 17:45:25.0404 2100 TDTCP - ok 17:45:25.0471 2100 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 17:45:25.0563 2100 tdx - ok 17:45:25.0704 2100 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 17:45:25.0757 2100 TermDD - ok 17:45:25.0910 2100 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:45:26.0024 2100 tssecsrv - ok 17:45:26.0158 2100 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 17:45:26.0238 2100 tunmp - ok 17:45:26.0261 2100 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 17:45:26.0329 2100 tunnel - ok 17:45:26.0391 2100 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 17:45:26.0439 2100 uagp35 - ok 17:45:26.0600 2100 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 17:45:26.0701 2100 udfs - ok 17:45:26.0794 2100 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 17:45:26.0840 2100 uliagpkx - ok 17:45:26.0972 2100 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 17:45:27.0031 2100 uliahci - ok 17:45:27.0073 2100 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 17:45:27.0124 2100 UlSata - ok 17:45:27.0245 2100 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 17:45:27.0295 2100 ulsata2 - ok 17:45:27.0360 2100 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 17:45:27.0475 2100 umbus - ok 17:45:27.0654 2100 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 17:45:27.0747 2100 usbccgp - ok 17:45:27.0797 2100 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 17:45:27.0997 2100 usbcir - ok 17:45:28.0185 2100 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 17:45:28.0275 2100 usbehci - ok 17:45:28.0353 2100 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 17:45:28.0451 2100 usbhub - ok 17:45:28.0578 2100 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 17:45:28.0782 2100 usbohci - ok 17:45:28.0862 2100 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 17:45:28.0977 2100 usbprint - ok 17:45:29.0086 2100 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 17:45:29.0183 2100 usbscan - ok 17:45:29.0246 2100 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:45:29.0337 2100 USBSTOR - ok 17:45:29.0489 2100 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 17:45:29.0580 2100 usbuhci - ok 17:45:29.0665 2100 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 17:45:29.0863 2100 vga - ok 17:45:30.0038 2100 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 17:45:30.0154 2100 VgaSave - ok 17:45:30.0207 2100 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 17:45:30.0254 2100 viaagp - ok 17:45:30.0373 2100 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 17:45:30.0573 2100 ViaC7 - ok 17:45:30.0726 2100 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys 17:45:30.0774 2100 viaide - ok 17:45:30.0846 2100 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 17:45:30.0894 2100 volmgr - ok 17:45:31.0054 2100 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 17:45:31.0124 2100 volmgrx - ok 17:45:31.0184 2100 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 17:45:31.0250 2100 volsnap - ok 17:45:31.0399 2100 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 17:45:31.0451 2100 vsmraid - ok 17:45:31.0527 2100 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 17:45:31.0730 2100 WacomPen - ok 17:45:31.0903 2100 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:45:31.0995 2100 Wanarp - ok 17:45:32.0021 2100 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:45:32.0114 2100 Wanarpv6 - ok 17:45:32.0203 2100 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 17:45:32.0248 2100 Wd - ok 17:45:32.0421 2100 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 17:45:32.0530 2100 Wdf01000 - ok 17:45:32.0884 2100 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:45:32.0974 2100 WmiAcpi - ok 17:45:33.0154 2100 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 17:45:33.0216 2100 WpdUsb - ok 17:45:33.0408 2100 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 17:45:33.0522 2100 ws2ifsl - ok 17:45:33.0688 2100 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:45:33.0808 2100 WUDFRd - ok 17:45:33.0935 2100 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:45:34.0814 2100 \Device\Harddisk0\DR0 - ok 17:45:35.0170 2100 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1 17:45:38.0751 2100 \Device\Harddisk1\DR1 - ok 17:45:38.0796 2100 Boot (0x1200) (6d9b4a3ba2a4e79f6dd05b4ed1e73acb) \Device\Harddisk0\DR0\Partition0 17:45:38.0799 2100 \Device\Harddisk0\DR0\Partition0 - ok 17:45:38.0826 2100 Boot (0x1200) (25ec9ff50dafbb7be18f51e0f411634b) \Device\Harddisk0\DR0\Partition1 17:45:38.0829 2100 \Device\Harddisk0\DR0\Partition1 - ok 17:45:38.0840 2100 Boot (0x1200) (3594fb3e7e67aad27a12c9e5651e5332) \Device\Harddisk1\DR1\Partition0 17:45:38.0843 2100 \Device\Harddisk1\DR1\Partition0 - ok 17:45:38.0847 2100 ============================================================ 17:45:38.0847 2100 Scan finished 17:45:38.0847 2100 ============================================================ 17:45:38.0904 1196 Detected object count: 0 17:45:38.0904 1196 Actual detected object count: 0 Viele Grüße |
|
21.10.2011, 18:29
| #8 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Ach so... also ich sehe jetzt alle Dateien wieder, ist nur alles ganz schön durcheinander und der Desktophintergrund ist immer noch schwarz. Muss ich das dann einfach "manuell" sortieren? Vielen Dank schon mal für die Mühe und Hilfe! Viele Grüße Janina |
|
22.10.2011, 16:06
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2011, 13:57
| #10 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hier der Inhalt der Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-23.01 - jungle 23.10.2011 14:15:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.827 [GMT 2:00]
ausgeführt von:: c:\users\jungle\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\5907\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-23 bis 2011-10-23 ))))))))))))))))))))))))))))))
.
.
2011-10-23 12:36 . 2011-10-23 12:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4A956A6-4E25-4B40-8C6F-C306D8DA0C47}\offreg.dll
2011-10-22 14:43 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4A956A6-4E25-4B40-8C6F-C306D8DA0C47}\mpengine.dll
2011-10-20 21:13 . 2011-10-20 21:13 -------- d-----w- C:\_OTL
2011-10-19 18:42 . 2011-10-19 18:42 -------- d-----w- c:\program files\ESET
2011-10-17 10:06 . 2011-10-17 10:06 -------- d-----w- c:\users\jungle\CD95F661A5C444F5A6AAECDD91C240C1.TMP
2011-10-17 10:03 . 2011-10-17 10:03 -------- d-----w- c:\program files\7-Zip
2011-10-15 08:45 . 2011-10-15 08:45 -------- d-----w- c:\users\jungle\AppData\Roaming\Avira
2011-10-15 08:43 . 2011-10-15 08:43 -------- d-----w- c:\users\Default\AppData\Local\AskToolbar
2011-10-15 08:43 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 08:43 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 08:43 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 08:42 . 2011-10-15 08:44 -------- d-----w- c:\programdata\Avira
2011-10-15 08:42 . 2011-10-15 08:42 -------- d-----w- c:\program files\Avira
2011-10-15 07:58 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-15 07:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 07:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-15 07:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 07:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 17:13 . 2011-10-11 17:14 -------- d-----w- c:\users\jungle\AppData\Roaming\vlc
2011-10-03 20:50 . 2011-10-03 20:50 -------- d-----w- c:\programdata\WindowsSearch
2011-10-03 20:25 . 2011-10-19 10:02 -------- d-----w- c:\program files\herbert
2011-10-03 20:14 . 2011-10-03 20:14 -------- d-----w- c:\users\jungle\AppData\Roaming\Malwarebytes
2011-10-03 20:14 . 2011-10-03 20:14 -------- d-----w- c:\programdata\Malwarebytes
2011-10-03 20:14 . 2011-10-03 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-03 20:14 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 05:50 . 2011-07-25 20:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-27 04:54 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-07-27 04:54 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-07-25 20:51 . 2011-07-25 20:51 45056 ----a-w- c:\windows\system32\drivers\de-DE\http.sys.mui
2011-07-25 17:28 . 2011-07-25 17:28 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-25 16:55 . 2011-07-25 16:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-07-25 16:55 . 2011-07-25 16:55 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-07-25 16:55 . 2011-07-25 16:55 471552 ----a-w- c:\windows\system32\secproc.dll
2011-07-25 16:55 . 2011-07-25 16:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-07-25 16:55 . 2011-07-25 16:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-07-25 16:55 . 2011-07-25 16:55 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-07-25 16:55 . 2011-07-25 16:55 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-07-25 16:55 . 2011-07-25 16:55 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-07-25 16:55 . 2011-07-25 16:55 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-07-25 14:27 . 2011-07-25 14:27 23552 ----a-w- c:\windows\system32\lpk.dll
2011-07-25 14:27 . 2011-07-25 14:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-07-25 14:25 . 2011-07-25 14:25 72704 ----a-w- c:\windows\system32\admparse.dll
2011-07-25 14:24 . 2011-07-25 14:24 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-25 14:23 . 2011-07-25 14:23 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-07-25 14:23 . 2011-07-25 14:23 272896 ----a-w- c:\windows\system32\polstore.dll
2011-07-25 14:20 . 2011-07-25 14:20 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-07-25 14:20 . 2011-07-25 14:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-07-25 14:20 . 2011-07-25 14:20 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-07-25 14:20 . 2011-07-25 14:20 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-07-25 14:20 . 2011-07-25 14:20 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-07-25 14:20 . 2011-07-25 14:20 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-07-25 14:20 . 2011-07-25 14:20 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-07-25 14:20 . 2011-07-25 14:20 10240 ----a-w- c:\windows\system32\finger.exe
2011-07-25 14:17 . 2011-07-25 14:17 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-07-25 14:17 . 2011-07-25 14:17 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-07-25 14:17 . 2011-07-25 14:17 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-07-25 14:17 . 2011-07-25 14:17 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-07-25 14:17 . 2011-07-25 14:17 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-07-25 14:17 . 2011-07-25 14:17 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-07-25 14:17 . 2011-07-25 14:17 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-07-25 14:16 . 2011-07-25 14:16 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-07-25 14:16 . 2011-07-25 14:16 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-07-25 14:16 . 2011-07-25 14:16 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-07-25 14:15 . 2011-07-25 14:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-25 14:13 . 2011-07-25 14:13 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-07-25 14:13 . 2011-07-25 14:13 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-07-25 14:13 . 2011-07-25 14:13 2048 ----a-w- c:\windows\system32\mferror.dll
2011-07-25 14:10 . 2011-07-25 14:10 71680 ----a-w- c:\windows\system32\atl.dll
2011-07-25 14:05 . 2011-07-25 14:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-07-25 14:04 . 2011-07-25 14:04 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-07-25 14:04 . 2011-07-25 14:04 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-07-25 14:02 . 2011-07-25 14:02 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-07-25 13:54 . 2011-07-25 13:54 623616 ----a-w- c:\windows\system32\localspl.dll
2011-07-25 13:50 . 2011-07-25 13:50 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-07-25 13:49 . 2011-07-25 13:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-07-25 13:49 . 2011-07-25 13:49 9728 ----a-w- c:\windows\system32\lsass.exe
2011-07-25 13:49 . 2011-07-25 13:49 72704 ----a-w- c:\windows\system32\secur32.dll
2011-07-25 13:49 . 2011-07-25 13:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-07-25 13:49 . 2011-07-25 13:49 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-07-25 13:49 . 2011-07-25 13:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-07-25 13:46 . 2011-07-25 13:46 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-07-25 13:46 . 2011-07-25 13:46 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-07-25 13:46 . 2011-07-25 13:46 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-07-25 13:46 . 2011-07-25 13:46 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-07-25 13:46 . 2011-07-25 13:46 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-07-25 13:46 . 2011-07-25 13:46 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-07-25 13:46 . 2011-07-25 13:46 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-07-25 13:46 . 2011-07-25 13:46 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-07-25 13:46 . 2011-07-25 13:46 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-07-25 13:46 . 2011-07-25 13:46 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-07-25 13:46 . 2011-07-25 13:46 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-07-25 13:46 . 2011-07-25 13:46 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-07-25 13:46 . 2011-07-25 13:46 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-07-25 13:46 . 2011-07-25 13:46 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-07-25 13:46 . 2011-07-25 13:46 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-07-25 13:46 . 2011-07-25 13:46 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-07-25 13:46 . 2011-07-25 13:46 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2011-07-25 13:46 . 2011-07-25 13:46 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2011-07-25 13:46 . 2011-07-25 13:46 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2011-07-25 13:46 . 2011-07-25 13:46 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2011-07-25 13:46 . 2011-07-25 13:46 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2011-07-25 13:46 . 2011-07-25 13:46 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2011-07-25 13:46 . 2011-07-25 13:46 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2011-07-25 13:46 . 2011-07-25 13:46 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2011-07-25 13:46 . 2011-07-25 13:46 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2011-07-25 13:46 . 2011-07-25 13:46 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2011-07-25 13:46 . 2011-07-25 13:46 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2011-07-25 13:46 . 2011-07-25 13:46 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2011-07-25 13:46 . 2011-07-25 13:46 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2011-07-25 13:46 . 2011-07-25 13:46 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2011-07-25 13:46 . 2011-07-25 13:46 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2011-07-25 13:46 . 2011-07-25 13:46 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2011-07-25 13:46 . 2011-07-25 13:46 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2011-07-25 13:46 . 2011-07-25 13:46 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2011-07-25 13:46 . 2011-07-25 13:46 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2011-07-25 13:46 . 2011-07-25 13:46 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2011-07-25 13:46 . 2011-07-25 13:46 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2011-07-25 13:46 . 2011-07-25 13:46 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2011-07-25 13:46 . 2011-07-25 13:46 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2011-07-25 13:46 . 2011-07-25 13:46 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2011-10-03 06:22 . 2011-07-25 13:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-24 133912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\herbert\mbamgui.exe" [2011-08-31 449608]
.
c:\users\jungle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-2-26 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 MBAMService;MBAMService;c:\program files\herbert\mbamservice.exe [2011-08-31 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 17:48]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 17:48]
.
2011-10-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
2011-10-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\jungle\AppData\Roaming\Mozilla\Firefox\Profiles\g44hr94t.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-23 14:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(2464)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-23 14:49:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-23 12:48
.
Vor Suchlauf: 692.862.976 Bytes frei
Nach Suchlauf: 949.227.520 Bytes frei
.
- - End Of File - - A31EF62D42826EBEDDAAE8A2601096F6
|
|
23.10.2011, 18:43
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2011, 15:05
| #12 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander So, hier erstmal das Gmerlog: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-25 15:02:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: nl10yigo.exe; Driver: C:\Users\jungle\AppData\Local\Temp\pwldrpog.sys
---- System - GMER 1.0.15 ----
SSDT 8A19CFC6 ZwCreateSection
SSDT 8A19CFD0 ZwRequestWaitReplyPort
SSDT 8A19CFCB ZwSetContextThread
SSDT 8A19CFD5 ZwSetSecurityObject
SSDT 8A19CFDA ZwSystemDebugControl
SSDT 8A19CF67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81CF0998 4 Bytes [C6, CF, 19, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 81CF0CBC 4 Bytes [D0, CF, 19, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CF0CF0 4 Bytes [CB, CF, 19, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CF0D54 4 Bytes [D5, CF, 19, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 81CF0D9C 4 Bytes [DA, CF, 19, 8A]
.text ...
? C:\ComboFix\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
jetzt osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 15:39:48 on 25.10.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 7.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe "SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {816BE035-1450-40D0-8A3B-BA7825A83A77} "IASRunner Class" - "Lenovo (United States) Inc" - C:\Program Files\Lenovo\AcpIRExe\AcpIRExe.exe / hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Click to call with Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\jungle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "QuickSet.lnk" - "Dell Inc" - C:\Program Files\Dell\QuickSet\quickset.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s "ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\herbert\mbamgui.exe" /starttray "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\herbert\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter (File not found) [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index und dann noch die aswMBR.txt: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-25 15:42:21 ----------------------------- 15:42:21.258 OS Version: Windows 6.0.6002 Service Pack 2 15:42:21.261 Number of processors: 2 586 0xF0D 15:42:21.267 ComputerName: ALFONS UserName: jungle 15:42:23.087 Initialize success 15:44:09.567 AVAST engine defs: 11102500 15:44:33.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 15:44:33.143 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3 15:44:33.180 Disk 0 MBR read successfully 15:44:33.190 Disk 0 MBR scan 15:44:33.248 Disk 0 Windows VISTA default MBR code 15:44:33.264 Disk 0 scanning sectors +234438656 15:44:33.364 Disk 0 scanning C:\Windows\system32\drivers 15:45:10.754 Service scanning 15:45:12.944 Modules scanning 15:45:27.517 Disk 0 trace - called modules: 15:45:27.579 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 15:45:27.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550e0f8] 15:45:27.610 3 CLASSPNP.SYS[881aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a65030] 15:45:28.991 AVAST engine scan C:\Windows 15:45:45.014 AVAST engine scan C:\Windows\system32 15:52:28.469 AVAST engine scan C:\Windows\system32\drivers 15:52:58.504 AVAST engine scan C:\Users\jungle 15:59:35.871 Disk 0 MBR has been saved successfully to "C:\Users\jungle\Desktop\MBR.dat" 15:59:35.912 The log file has been saved successfully to "C:\Users\jungle\Desktop\aswMBR.txt" Hat alles gut geklappt, nur bei OSAM weiß ich nicht, ob ich alles richtig gemacht habe, weil Du meintest ich soll die Online-Abfrage überspringen? Viele Grüße Janina |
|
25.10.2011, 15:42
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 23:24
| #14 |
| | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Hier ist die aswMBR.txt: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-28 20:24:14 ----------------------------- 20:24:14.560 OS Version: Windows 6.0.6002 Service Pack 2 20:24:14.560 Number of processors: 2 586 0xF0D 20:24:14.576 ComputerName: ALFONS UserName: jungle 20:24:15.512 Initialize success 20:24:35.714 AVAST engine defs: 11102801 20:24:47.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 20:24:47.336 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3 20:24:47.383 Disk 0 MBR read successfully 20:24:47.398 Disk 0 MBR scan 20:24:47.414 Disk 0 Windows VISTA default MBR code 20:24:47.445 Disk 0 scanning sectors +234438656 20:24:47.585 Disk 0 scanning C:\Windows\system32\drivers 20:25:16.539 Service scanning 20:25:18.551 Modules scanning 20:25:31.765 Disk 0 trace - called modules: 20:25:31.811 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 20:25:31.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85921ac8] 20:25:31.843 3 CLASSPNP.SYS[8819e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a65030] 20:25:33.621 AVAST engine scan C:\Windows 20:25:49.330 AVAST engine scan C:\Windows\system32 20:31:50.018 AVAST engine scan C:\Windows\system32\drivers 20:32:20.734 AVAST engine scan C:\Users\jungle 20:53:59.575 AVAST engine scan C:\ProgramData 20:56:57.617 Scan finished successfully 00:22:19.808 Disk 0 MBR has been saved successfully to "C:\Users\jungle\Desktop\MBR.dat" 00:22:19.823 The log file has been saved successfully to "C:\Users\jungle\Desktop\aswMBR.txt" Viele Grüße Janina |
|
29.10.2011, 15:51
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner? Scan Disc and Fix - schwarzer Desktophintergrund, Startmenü leer und Dateien durcheinander |
| antivir, autorun, avg, avira, avira searchfree toolbar, bho, c:\windows\system32\rundll32.exe, defender, explorer, fehlermeldung, festplatte, firefox, format, google earth, home, jungle, logfile, mozilla thunderbird, neustart, nt.dll, plug-in, problem, prozesse, registry, rundll, scan, software, starten, trojaner, trojaner?, verweise, virus gefunden, vista, wuauclt.exe |
Linear-Darstellung
