Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert.

Antares71 · 17.12.2011, 21:03

Guten Abend zusammen!
Wie auch schon zahlreiche andere User an diesem Abend taucht bei mir die Meldung auf:
Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert.

So sieht das aus:

Es ist bisher nur ein Benutzerkonto betroffen; das andere geht einwandfrei - wobei mir klar ist, dass das System als Ganzen betroffen ist.

Die 3 txt.-Dateien habe ich angehängt. Wenn sich jemand darum kümmern könnte, wäre ich Euch sehr dankbar.

Gruß
Stefan

cosinus · 18.12.2011, 14:02

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Antares71 · 18.12.2011, 20:56

Guten Abend, Arne!

Erst einmal VIELEN DANK, dass Du geantwortet hast! Freue mich sehr darüber.

Dann ein UPDATE: Das Problem taucht seit heute Nachmittag nicht mehr auf. Habe mich bei dem betroffenen Benutzerkonto angemeldet, aber dabei die WLAN-Verbindung deaktiviert. Die Meldung kam nicht und auch nicht, nachdem ich die Verbindung wieder hergestellt hatte.

Nun aber erst einmal die Logfiles:

1. Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8393

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18.12.2011 19:22:33
mbam-log-2011-12-18 (19-22-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300046
Laufzeit: 37 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

2. ESET

Code:

ATTFilter

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d4b06511315c1242a50f1403aa55d455
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 07:31:56
# local_time=2011-12-18 08:31:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 96956 60770052 25128 0
# compatibility_mode=5893 16776574 100 94 10107025 75864387 0 0
# compatibility_mode=8192 67108863 100 0 3868 3868 0 0
# scanned=123253
# found=1
# cleaned=0
# scan_time=3520
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\61d520d9-7ae540e2	Java/Exploit.CVE-2011-3544.G trojan (unable to clean)	00000000000000000000000000000000	I

Jetzt bin ich gespannt ...

Dir sicherheitshalber schon mal einen schönen Abend!

Gruß
Stefan

cosinus · 19.12.2011, 11:58

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Antares71 · 19.12.2011, 20:47

Hi,
hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files\DVDVideoSoft\tbDVDV.dll moved successfully.
HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3193112159-3098508074-3025343022-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5059fb05-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-782f52ed-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-184b382c-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-180adc8b-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23635f96-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-3e43ce52-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-5f70930a-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-6923c01b-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-1045d029-n folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17834873 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ki
->Temp folder emptied: 929192 bytes
->Temporary Internet Files folder emptied: 1212550 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53487250 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 553 bytes
 
User: Public
 
User: Stef
->Temp folder emptied: 18796 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 12257662 bytes
->FireFox cache emptied: 38008549 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 496 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 118,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12192011_203941

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Vielen Dank noch einmal.

Gruß
Stefan

cosinus · 19.12.2011, 20:57

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Antares71 · 19.12.2011, 21:50

Hi,
ausgeführt!

Code:

ATTFilter

21:47:57.0052 2644	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:47:57.0255 2644	============================================================
21:47:57.0255 2644	Current date / time: 2011/12/19 21:47:57.0255
21:47:57.0255 2644	SystemInfo:
21:47:57.0255 2644	
21:47:57.0255 2644	OS Version: 6.1.7601 ServicePack: 1.0
21:47:57.0255 2644	Product type: Workstation
21:47:57.0255 2644	ComputerName: LAPTOP
21:47:57.0255 2644	UserName: Stef
21:47:57.0255 2644	Windows directory: C:\Windows
21:47:57.0255 2644	System windows directory: C:\Windows
21:47:57.0255 2644	Processor architecture: Intel x86
21:47:57.0255 2644	Number of processors: 2
21:47:57.0255 2644	Page size: 0x1000
21:47:57.0255 2644	Boot type: Normal boot
21:47:57.0255 2644	============================================================
21:47:57.0661 2644	Initialize success
21:48:11.0404 3528	============================================================
21:48:11.0404 3528	Scan started
21:48:11.0404 3528	Mode: Manual; SigCheck; TDLFS; 
21:48:11.0404 3528	============================================================
21:48:11.0872 3528	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:48:11.0950 3528	1394ohci - ok
21:48:11.0981 3528	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:48:11.0997 3528	ACPI - ok
21:48:12.0028 3528	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:48:12.0075 3528	AcpiPmi - ok
21:48:12.0122 3528	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:48:12.0122 3528	adp94xx - ok
21:48:12.0200 3528	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:48:12.0215 3528	adpahci - ok
21:48:12.0231 3528	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:48:12.0247 3528	adpu320 - ok
21:48:12.0293 3528	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:48:12.0325 3528	AFD - ok
21:48:12.0371 3528	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:48:12.0387 3528	agp440 - ok
21:48:12.0418 3528	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:48:12.0418 3528	aic78xx - ok
21:48:12.0465 3528	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:48:12.0465 3528	aliide - ok
21:48:12.0543 3528	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:48:12.0559 3528	amdagp - ok
21:48:12.0574 3528	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:48:12.0574 3528	amdide - ok
21:48:12.0605 3528	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:48:12.0668 3528	AmdK8 - ok
21:48:12.0668 3528	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:48:12.0683 3528	AmdPPM - ok
21:48:12.0746 3528	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:48:12.0761 3528	amdsata - ok
21:48:12.0808 3528	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:48:12.0824 3528	amdsbs - ok
21:48:12.0871 3528	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:48:12.0886 3528	amdxata - ok
21:48:12.0949 3528	ApfiltrService  (d7723a101c5cb4c0fa979e4dda732ec0) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:48:12.0995 3528	ApfiltrService - ok
21:48:13.0058 3528	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:48:13.0105 3528	AppID - ok
21:48:13.0261 3528	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:48:13.0276 3528	arc - ok
21:48:13.0292 3528	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:48:13.0307 3528	arcsas - ok
21:48:13.0339 3528	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:13.0385 3528	AsyncMac - ok
21:48:13.0463 3528	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:48:13.0463 3528	atapi - ok
21:48:13.0541 3528	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:48:13.0557 3528	avgio - ok
21:48:13.0635 3528	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:48:13.0651 3528	avgntflt - ok
21:48:13.0697 3528	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:48:13.0713 3528	avipbb - ok
21:48:13.0760 3528	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:48:13.0791 3528	b06bdrv - ok
21:48:13.0869 3528	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:48:13.0885 3528	b57nd60x - ok
21:48:14.0009 3528	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:48:14.0056 3528	Beep - ok
21:48:14.0103 3528	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:48:14.0150 3528	blbdrive - ok
21:48:14.0243 3528	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:48:14.0290 3528	bowser - ok
21:48:14.0353 3528	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:48:14.0399 3528	BrFiltLo - ok
21:48:14.0415 3528	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:48:14.0462 3528	BrFiltUp - ok
21:48:14.0493 3528	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:48:14.0524 3528	Brserid - ok
21:48:14.0555 3528	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:48:14.0587 3528	BrSerWdm - ok
21:48:14.0633 3528	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:48:14.0680 3528	BrUsbMdm - ok
21:48:14.0727 3528	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:48:14.0774 3528	BrUsbSer - ok
21:48:14.0789 3528	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:48:14.0805 3528	BTHMODEM - ok
21:48:14.0852 3528	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:48:14.0883 3528	cdfs - ok
21:48:14.0977 3528	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:48:15.0008 3528	cdrom - ok
21:48:15.0086 3528	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:48:15.0117 3528	circlass - ok
21:48:15.0148 3528	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:48:15.0164 3528	CLFS - ok
21:48:15.0195 3528	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:48:15.0211 3528	CmBatt - ok
21:48:15.0242 3528	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:48:15.0257 3528	cmdide - ok
21:48:15.0273 3528	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:48:15.0289 3528	CNG - ok
21:48:15.0320 3528	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:48:15.0335 3528	Compbatt - ok
21:48:15.0413 3528	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:48:15.0445 3528	CompositeBus - ok
21:48:15.0491 3528	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:48:15.0507 3528	crcdisk - ok
21:48:15.0569 3528	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:48:15.0616 3528	CSC - ok
21:48:15.0679 3528	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:48:15.0725 3528	DfsC - ok
21:48:15.0757 3528	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:48:15.0788 3528	discache - ok
21:48:15.0897 3528	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:48:15.0913 3528	Disk - ok
21:48:15.0959 3528	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:48:15.0991 3528	drmkaud - ok
21:48:16.0037 3528	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:48:16.0069 3528	DXGKrnl - ok
21:48:16.0178 3528	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:48:16.0240 3528	ebdrv - ok
21:48:16.0365 3528	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:48:16.0381 3528	elxstor - ok
21:48:16.0427 3528	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:48:16.0459 3528	ErrDev - ok
21:48:16.0505 3528	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:48:16.0552 3528	exfat - ok
21:48:16.0646 3528	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:48:16.0693 3528	fastfat - ok
21:48:16.0724 3528	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:48:16.0755 3528	fdc - ok
21:48:16.0786 3528	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:48:16.0802 3528	FileInfo - ok
21:48:16.0817 3528	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:48:16.0864 3528	Filetrace - ok
21:48:16.0911 3528	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:48:16.0927 3528	flpydisk - ok
21:48:17.0051 3528	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:48:17.0051 3528	FltMgr - ok
21:48:17.0083 3528	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:48:17.0098 3528	FsDepends - ok
21:48:17.0114 3528	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:48:17.0114 3528	Fs_Rec - ok
21:48:17.0176 3528	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:48:17.0192 3528	fvevol - ok
21:48:17.0223 3528	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:48:17.0223 3528	gagp30kx - ok
21:48:17.0285 3528	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:48:17.0301 3528	GEARAspiWDM - ok
21:48:17.0379 3528	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:48:17.0410 3528	hcw85cir - ok
21:48:17.0441 3528	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:48:17.0473 3528	HDAudBus - ok
21:48:17.0504 3528	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:48:17.0535 3528	HidBatt - ok
21:48:17.0566 3528	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:48:17.0597 3528	HidBth - ok
21:48:17.0644 3528	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:48:17.0675 3528	HidIr - ok
21:48:17.0769 3528	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:48:17.0785 3528	HidUsb - ok
21:48:17.0816 3528	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:48:17.0831 3528	HpSAMD - ok
21:48:17.0878 3528	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:48:17.0925 3528	HTTP - ok
21:48:18.0019 3528	hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:48:18.0050 3528	hwdatacard - ok
21:48:18.0128 3528	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:48:18.0143 3528	hwpolicy - ok
21:48:18.0206 3528	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:48:18.0237 3528	i8042prt - ok
21:48:18.0284 3528	iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
21:48:18.0284 3528	iaStor - ok
21:48:18.0346 3528	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:48:18.0346 3528	iaStorV - ok
21:48:18.0424 3528	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:48:18.0440 3528	iirsp - ok
21:48:18.0502 3528	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:48:18.0502 3528	intelide - ok
21:48:18.0549 3528	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:48:18.0565 3528	intelppm - ok
21:48:18.0596 3528	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:18.0643 3528	IpFilterDriver - ok
21:48:18.0705 3528	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:48:18.0721 3528	IPMIDRV - ok
21:48:18.0736 3528	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:48:18.0767 3528	IPNAT - ok
21:48:18.0923 3528	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:48:18.0923 3528	IRENUM - ok
21:48:18.0970 3528	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:48:18.0986 3528	isapnp - ok
21:48:19.0017 3528	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:48:19.0017 3528	iScsiPrt - ok
21:48:19.0064 3528	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:48:19.0079 3528	kbdclass - ok
21:48:19.0095 3528	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:48:19.0111 3528	kbdhid - ok
21:48:19.0157 3528	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:48:19.0173 3528	KSecDD - ok
21:48:19.0251 3528	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:48:19.0267 3528	KSecPkg - ok
21:48:19.0345 3528	Lbd             (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
21:48:19.0345 3528	Lbd - ok
21:48:19.0376 3528	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:48:19.0423 3528	lltdio - ok
21:48:19.0469 3528	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:48:19.0469 3528	LSI_FC - ok
21:48:19.0532 3528	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:48:19.0547 3528	LSI_SAS - ok
21:48:19.0610 3528	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:48:19.0625 3528	LSI_SAS2 - ok
21:48:19.0641 3528	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:48:19.0657 3528	LSI_SCSI - ok
21:48:19.0672 3528	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:48:19.0719 3528	luafv - ok
21:48:19.0813 3528	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:48:19.0828 3528	MBAMProtector - ok
21:48:19.0875 3528	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:48:19.0875 3528	megasas - ok
21:48:19.0969 3528	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:48:19.0984 3528	MegaSR - ok
21:48:20.0000 3528	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:48:20.0047 3528	Modem - ok
21:48:20.0078 3528	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:48:20.0109 3528	monitor - ok
21:48:20.0171 3528	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:48:20.0171 3528	mouclass - ok
21:48:20.0187 3528	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:48:20.0218 3528	mouhid - ok
21:48:20.0296 3528	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:48:20.0312 3528	mountmgr - ok
21:48:20.0390 3528	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:48:20.0405 3528	mpio - ok
21:48:20.0437 3528	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:48:20.0468 3528	mpsdrv - ok
21:48:20.0515 3528	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:48:20.0530 3528	MRxDAV - ok
21:48:20.0577 3528	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:20.0608 3528	mrxsmb - ok
21:48:20.0639 3528	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:20.0671 3528	mrxsmb10 - ok
21:48:20.0749 3528	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:20.0780 3528	mrxsmb20 - ok
21:48:20.0811 3528	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:48:20.0827 3528	msahci - ok
21:48:20.0889 3528	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:48:20.0889 3528	msdsm - ok
21:48:20.0936 3528	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:48:20.0967 3528	Msfs - ok
21:48:20.0983 3528	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:48:21.0014 3528	mshidkmdf - ok
21:48:21.0029 3528	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:48:21.0029 3528	msisadrv - ok
21:48:21.0139 3528	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:48:21.0170 3528	MSKSSRV - ok
21:48:21.0201 3528	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:21.0248 3528	MSPCLOCK - ok
21:48:21.0263 3528	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:48:21.0310 3528	MSPQM - ok
21:48:21.0326 3528	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:48:21.0341 3528	MsRPC - ok
21:48:21.0388 3528	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:48:21.0388 3528	mssmbios - ok
21:48:21.0419 3528	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:48:21.0466 3528	MSTEE - ok
21:48:21.0560 3528	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:48:21.0575 3528	MTConfig - ok
21:48:21.0591 3528	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:48:21.0607 3528	Mup - ok
21:48:21.0638 3528	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:48:21.0653 3528	NativeWifiP - ok
21:48:21.0716 3528	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:48:21.0731 3528	NDIS - ok
21:48:21.0825 3528	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:48:21.0872 3528	NdisCap - ok
21:48:21.0919 3528	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:21.0965 3528	NdisTapi - ok
21:48:21.0997 3528	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:22.0043 3528	Ndisuio - ok
21:48:22.0106 3528	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:22.0137 3528	NdisWan - ok
21:48:22.0262 3528	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:48:22.0277 3528	NDProxy - ok
21:48:22.0309 3528	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:48:22.0371 3528	NetBIOS - ok
21:48:22.0402 3528	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:48:22.0449 3528	NetBT - ok
21:48:22.0589 3528	NETw5v32        (af1ae2e42b03395560b1cde03230205c) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:48:22.0683 3528	NETw5v32 - ok
21:48:22.0792 3528	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:48:22.0808 3528	nfrd960 - ok
21:48:22.0823 3528	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:48:22.0870 3528	Npfs - ok
21:48:22.0901 3528	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:48:22.0948 3528	nsiproxy - ok
21:48:22.0995 3528	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:48:23.0026 3528	Ntfs - ok
21:48:23.0120 3528	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:48:23.0151 3528	Null - ok
21:48:23.0385 3528	nvlddmkm        (77d0af324bd10ef2c07882c3a2dd4966) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:48:23.0635 3528	nvlddmkm - ok
21:48:23.0775 3528	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:48:23.0791 3528	nvraid - ok
21:48:23.0806 3528	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:48:23.0822 3528	nvstor - ok
21:48:23.0853 3528	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:48:23.0869 3528	nv_agp - ok
21:48:23.0900 3528	O2MDGRDR        (07ad3cddf8984f56652cce6be8946526) C:\Windows\system32\DRIVERS\o2mdg.sys
21:48:23.0915 3528	O2MDGRDR - ok
21:48:23.0931 3528	O2SDGRDR        (45e4fe55db8c0549b8cef1b107f87b70) C:\Windows\system32\DRIVERS\o2sdg.sys
21:48:23.0947 3528	O2SDGRDR - ok
21:48:23.0978 3528	OEM13Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
21:48:23.0993 3528	OEM13Vfx - ok
21:48:24.0087 3528	OEM13Vid        (12539b57ed05de7552403a12b3e0161c) C:\Windows\system32\DRIVERS\OEM13Vid.sys
21:48:24.0118 3528	OEM13Vid - ok
21:48:24.0181 3528	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:48:24.0212 3528	ohci1394 - ok
21:48:24.0290 3528	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:48:24.0305 3528	Parport - ok
21:48:24.0337 3528	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:48:24.0352 3528	partmgr - ok
21:48:24.0430 3528	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:48:24.0477 3528	Parvdm - ok
21:48:24.0524 3528	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:48:24.0539 3528	pci - ok
21:48:24.0555 3528	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:48:24.0571 3528	pciide - ok
21:48:24.0602 3528	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:48:24.0617 3528	pcmcia - ok
21:48:24.0633 3528	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:48:24.0649 3528	pcw - ok
21:48:24.0664 3528	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:48:24.0727 3528	PEAUTH - ok
21:48:24.0851 3528	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:48:24.0898 3528	PptpMiniport - ok
21:48:24.0929 3528	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:48:24.0945 3528	Processor - ok
21:48:24.0992 3528	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:48:25.0023 3528	Psched - ok
21:48:25.0070 3528	PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
21:48:25.0085 3528	PxHelp20 - ok
21:48:25.0210 3528	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:48:25.0241 3528	ql2300 - ok
21:48:25.0273 3528	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:48:25.0273 3528	ql40xx - ok
21:48:25.0304 3528	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:48:25.0319 3528	QWAVEdrv - ok
21:48:25.0335 3528	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:48:25.0382 3528	RasAcd - ok
21:48:25.0460 3528	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:48:25.0491 3528	RasAgileVpn - ok
21:48:25.0507 3528	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:25.0538 3528	Rasl2tp - ok
21:48:25.0585 3528	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:25.0631 3528	RasPppoe - ok
21:48:25.0663 3528	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:48:25.0694 3528	RasSstp - ok
21:48:25.0741 3528	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:48:25.0772 3528	rdbss - ok
21:48:25.0850 3528	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:48:25.0865 3528	rdpbus - ok
21:48:25.0912 3528	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:25.0959 3528	RDPCDD - ok
21:48:25.0990 3528	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:48:26.0021 3528	RDPDR - ok
21:48:26.0053 3528	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:48:26.0099 3528	RDPENCDD - ok
21:48:26.0131 3528	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:48:26.0146 3528	RDPREFMP - ok
21:48:26.0193 3528	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:48:26.0224 3528	RDPWD - ok
21:48:26.0255 3528	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:48:26.0271 3528	rdyboost - ok
21:48:26.0380 3528	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:48:26.0411 3528	rspndr - ok
21:48:26.0474 3528	RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:48:26.0489 3528	RTL8167 - ok
21:48:26.0536 3528	s0017bus        (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
21:48:26.0536 3528	s0017bus - ok
21:48:26.0567 3528	s0017mdfl       (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
21:48:26.0583 3528	s0017mdfl - ok
21:48:26.0599 3528	s0017mdm        (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
21:48:26.0599 3528	s0017mdm - ok
21:48:26.0630 3528	s0017mgmt       (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
21:48:26.0630 3528	s0017mgmt - ok
21:48:26.0723 3528	s0017nd5        (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
21:48:26.0739 3528	s0017nd5 - ok
21:48:26.0755 3528	s0017obex       (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
21:48:26.0770 3528	s0017obex - ok
21:48:26.0786 3528	s0017unic       (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
21:48:26.0786 3528	s0017unic - ok
21:48:26.0833 3528	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:48:26.0864 3528	s3cap - ok
21:48:26.0911 3528	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:48:26.0911 3528	sbp2port - ok
21:48:26.0957 3528	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:48:26.0989 3528	scfilter - ok
21:48:27.0051 3528	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:48:27.0082 3528	secdrv - ok
21:48:27.0191 3528	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
21:48:27.0223 3528	seehcri - ok
21:48:27.0269 3528	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:48:27.0301 3528	Serenum - ok
21:48:27.0316 3528	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:48:27.0347 3528	Serial - ok
21:48:27.0410 3528	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:48:27.0441 3528	sermouse - ok
21:48:27.0550 3528	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:48:27.0597 3528	sffdisk - ok
21:48:27.0613 3528	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:48:27.0628 3528	sffp_mmc - ok
21:48:27.0659 3528	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:48:27.0691 3528	sffp_sd - ok
21:48:27.0753 3528	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:48:27.0769 3528	sfloppy - ok
21:48:27.0784 3528	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:48:27.0800 3528	sisagp - ok
21:48:27.0815 3528	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:48:27.0831 3528	SiSRaid2 - ok
21:48:27.0847 3528	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:48:27.0862 3528	SiSRaid4 - ok
21:48:27.0940 3528	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:48:27.0971 3528	Smb - ok
21:48:28.0003 3528	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:48:28.0018 3528	spldr - ok
21:48:28.0081 3528	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:48:28.0112 3528	srv - ok
21:48:28.0143 3528	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:48:28.0174 3528	srv2 - ok
21:48:28.0205 3528	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:48:28.0237 3528	srvnet - ok
21:48:28.0330 3528	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:48:28.0346 3528	ssmdrv - ok
21:48:28.0393 3528	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:48:28.0408 3528	stexstor - ok
21:48:28.0424 3528	STHDA           (61f801547a9f9d630637eee0440329a6) C:\Windows\system32\DRIVERS\stwrt.sys
21:48:28.0439 3528	STHDA - ok
21:48:28.0517 3528	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:48:28.0533 3528	storflt - ok
21:48:28.0549 3528	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:48:28.0549 3528	storvsc - ok
21:48:28.0595 3528	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:48:28.0611 3528	swenum - ok
21:48:28.0767 3528	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:48:28.0783 3528	Tcpip - ok
21:48:28.0892 3528	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:48:28.0907 3528	TCPIP6 - ok
21:48:28.0954 3528	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:48:28.0985 3528	tcpipreg - ok
21:48:29.0032 3528	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:48:29.0079 3528	TDPIPE - ok
21:48:29.0110 3528	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:48:29.0157 3528	TDTCP - ok
21:48:29.0188 3528	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:48:29.0219 3528	tdx - ok
21:48:29.0251 3528	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:48:29.0266 3528	TermDD - ok
21:48:29.0375 3528	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:29.0422 3528	tssecsrv - ok
21:48:29.0485 3528	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:48:29.0516 3528	TsUsbFlt - ok
21:48:29.0594 3528	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:48:29.0625 3528	tunnel - ok
21:48:29.0641 3528	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:48:29.0656 3528	uagp35 - ok
21:48:29.0750 3528	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:48:29.0797 3528	udfs - ok
21:48:29.0843 3528	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:48:29.0859 3528	uliagpkx - ok
21:48:29.0921 3528	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:48:29.0937 3528	umbus - ok
21:48:29.0953 3528	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:48:29.0984 3528	UmPass - ok
21:48:30.0031 3528	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:48:30.0062 3528	USBAAPL - ok
21:48:30.0202 3528	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:30.0249 3528	usbccgp - ok
21:48:30.0280 3528	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:48:30.0327 3528	usbcir - ok
21:48:30.0358 3528	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:48:30.0389 3528	usbehci - ok
21:48:30.0436 3528	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\drivers\usbhub.sys
21:48:30.0467 3528	usbhub - ok
21:48:30.0514 3528	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:48:30.0545 3528	usbohci - ok
21:48:30.0623 3528	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:48:30.0670 3528	usbprint - ok
21:48:30.0701 3528	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:30.0733 3528	USBSTOR - ok
21:48:30.0764 3528	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:48:30.0795 3528	usbuhci - ok
21:48:30.0857 3528	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:48:30.0873 3528	usbvideo - ok
21:48:30.0967 3528	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:48:30.0982 3528	vdrvroot - ok
21:48:31.0013 3528	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:31.0045 3528	vga - ok
21:48:31.0076 3528	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:48:31.0091 3528	VgaSave - ok
21:48:31.0123 3528	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:48:31.0123 3528	vhdmp - ok
21:48:31.0154 3528	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:48:31.0169 3528	viaagp - ok
21:48:31.0185 3528	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:48:31.0232 3528	ViaC7 - ok
21:48:31.0341 3528	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:48:31.0341 3528	viaide - ok
21:48:31.0372 3528	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:48:31.0388 3528	vmbus - ok
21:48:31.0403 3528	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:48:31.0403 3528	VMBusHID - ok
21:48:31.0435 3528	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:48:31.0450 3528	volmgr - ok
21:48:31.0466 3528	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:48:31.0481 3528	volmgrx - ok
21:48:31.0544 3528	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:48:31.0544 3528	volsnap - ok
21:48:31.0575 3528	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:48:31.0591 3528	vsmraid - ok
21:48:31.0606 3528	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:48:31.0637 3528	vwifibus - ok
21:48:31.0715 3528	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:48:31.0747 3528	WacomPen - ok
21:48:31.0825 3528	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:31.0856 3528	WANARP - ok
21:48:31.0856 3528	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:31.0871 3528	Wanarpv6 - ok
21:48:31.0934 3528	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:48:31.0949 3528	Wd - ok
21:48:31.0965 3528	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:48:31.0996 3528	Wdf01000 - ok
21:48:32.0121 3528	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:48:32.0168 3528	WfpLwf - ok
21:48:32.0199 3528	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:48:32.0199 3528	WIMMount - ok
21:48:32.0261 3528	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:48:32.0308 3528	WinUsb - ok
21:48:32.0339 3528	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:48:32.0355 3528	WmiAcpi - ok
21:48:32.0386 3528	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:48:32.0433 3528	ws2ifsl - ok
21:48:32.0480 3528	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:48:32.0495 3528	WudfPf - ok
21:48:32.0620 3528	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:32.0651 3528	WUDFRd - ok
21:48:32.0683 3528	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:48:32.0854 3528	\Device\Harddisk0\DR0 - ok
21:48:32.0870 3528	Boot (0x1200)   (f056c2aa06f178f724dc8ce8846dfb6b) \Device\Harddisk0\DR0\Partition0
21:48:32.0870 3528	\Device\Harddisk0\DR0\Partition0 - ok
21:48:32.0885 3528	Boot (0x1200)   (df2ee0642dd1a9863b0b53f082162198) \Device\Harddisk0\DR0\Partition1
21:48:32.0885 3528	\Device\Harddisk0\DR0\Partition1 - ok
21:48:32.0885 3528	============================================================
21:48:32.0885 3528	Scan finished
21:48:32.0885 3528	============================================================
21:48:32.0901 3920	Detected object count: 0
21:48:32.0901 3920	Actual detected object count: 0

Gruß
Stefan

cosinus · 19.12.2011, 21:53

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Antares71 · 19.12.2011, 22:13

Nächstes Log:

Code:

ATTFilter

ComboFix 11-12-19.01 - Stef 19.12.2011  22:05:35.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3067.2102 [GMT 1:00]
ausgeführt von:: c:\users\Ki\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeFBCE.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-19 bis 2011-12-19  ))))))))))))))))))))))))))))))
.
.
2011-12-19 21:09 . 2011-12-19 21:10	--------	d-----w-	c:\users\Stef\AppData\Local\temp
2011-12-19 21:09 . 2011-12-19 21:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-19 19:39 . 2011-12-19 19:39	--------	d-----w-	C:\_OTL
2011-12-18 18:28 . 2011-12-18 18:28	--------	d-----w-	c:\program files\ESET
2011-12-17 16:44 . 2011-12-17 16:44	--------	d-----w-	c:\users\Ki\AppData\Roaming\Malwarebytes
2011-12-17 16:10 . 2011-12-17 16:10	--------	d-----w-	c:\users\Stef\AppData\Roaming\Malwarebytes
2011-12-17 16:10 . 2011-12-17 16:10	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-17 16:10 . 2011-12-17 16:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-17 16:10 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-17 15:48 . 2011-12-17 15:48	--------	d-----w-	c:\program files\Common Files\Java
2011-12-15 12:47 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 12:47 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-15 12:47 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 12:47 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-15 12:46 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-15 12:46 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-11-25 03:31 . 2011-11-25 03:31	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 04:54 . 2011-01-01 13:54	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-07 20:24 . 2010-06-02 19:14	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-07 20:24 . 2010-06-02 19:13	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-07 20:24 . 2010-02-19 07:25	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-29 16:03 . 2011-11-09 11:48	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-09-19 20:26 . 2011-09-19 20:23	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-15 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 13789728]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-11 92704]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2011-08-23 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-7 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-14 4231680]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 01720930
*Deregistered* - 01720930
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 15:28]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 15:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Free YouTube to iPod Converter - c:\users\Stef\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Stef\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\7l05f00q.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-19  22:11:50
ComboFix-quarantined-files.txt  2011-12-19 21:11
.
Vor Suchlauf: 12 Verzeichnis(se), 188.898.119.680 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 188.803.137.536 Bytes frei
.
- - End Of File - - 1B4D3CC6E0A6CA4CE2C1E7A3ACC7A0F1

Gruß
Stefan

cosinus · 19.12.2011, 23:06

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Antares71 · 22.12.2011, 23:06

Guten Abend,
sorry, war 2 tage auf Dienstreise.

GMER stürzte in der Tat 2x ab.

Hier das OSAM-Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:49:00 on 22.12.2011

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Stef\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\ProgramData\AllDup\FEShlExt.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - ? - "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und das aswMBR-Log

Code:

ATTFilter

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-22 22:50:25
-----------------------------
22:50:25.534    OS Version: Windows 6.1.7601 Service Pack 1
22:50:25.534    Number of processors: 2 586 0x170A
22:50:25.534    ComputerName: LAPTOP  UserName: Stef
22:50:26.611    Initialize success
22:54:39.772    AVAST engine defs: 11122200
22:55:10.613    The log file has been saved successfully to "C:\Users\Ki\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-22 22:55:44
-----------------------------
22:55:44.714    OS Version: Windows 6.1.7601 Service Pack 1
22:55:44.714    Number of processors: 2 586 0x170A
22:55:44.714    ComputerName: LAPTOP  UserName: Stef
22:55:46.086    Initialize success
22:55:48.863    AVAST engine defs: 11122200
22:55:53.387    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:53.387    Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
22:55:53.403    Disk 0 MBR read successfully
22:55:53.403    Disk 0 MBR scan
22:55:53.418    Disk 0 Windows VISTA default MBR code
22:55:53.418    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
22:55:53.450    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
22:55:53.465    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
22:55:53.465    Disk 0 scanning sectors +625140400
22:55:53.512    Disk 0 scanning C:\Windows\system32\drivers
22:56:02.248    Service scanning
22:56:03.231    Modules scanning
22:56:08.831    Disk 0 trace - called modules:
22:56:09.362    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
22:56:09.377    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869037f0]
22:56:09.377    3 CLASSPNP.SYS[8b6cb59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85eb9028]
22:56:10.469    AVAST engine scan C:\Windows
22:56:12.513    AVAST engine scan C:\Windows\system32
22:57:47.938    AVAST engine scan C:\Windows\system32\drivers
22:57:57.033    AVAST engine scan C:\Users\Stef
22:58:12.852    AVAST engine scan C:\ProgramData
22:58:57.514    Scan finished successfully
22:59:06.828    Disk 0 MBR has been saved successfully to "C:\Users\Ki\Desktop\MBR.dat"
22:59:06.843    The log file has been saved successfully to "C:\Users\Ki\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-22 22:59:39
-----------------------------
22:59:39.878    OS Version: Windows 6.1.7601 Service Pack 1
22:59:39.878    Number of processors: 2 586 0x170A
22:59:39.878    ComputerName: LAPTOP  UserName: Stef
22:59:40.782    Initialize success
22:59:43.606    AVAST engine defs: 11122200
22:59:44.823    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:44.823    Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
22:59:44.854    Disk 0 MBR read successfully
22:59:44.854    Disk 0 MBR scan
22:59:44.854    Disk 0 Windows VISTA default MBR code
22:59:44.870    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
22:59:44.885    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
22:59:44.901    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
22:59:44.916    Disk 0 scanning sectors +625140400
22:59:44.963    Disk 0 scanning C:\Windows\system32\drivers
22:59:54.994    Service scanning
22:59:56.024    Modules scanning
23:00:01.687    Disk 0 trace - called modules:
23:00:01.702    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
23:00:01.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869037f0]
23:00:01.718    3 CLASSPNP.SYS[8b6cb59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85eb9028]
23:00:02.591    AVAST engine scan C:\Windows
23:00:05.212    AVAST engine scan C:\Windows\system32
23:01:40.528    AVAST engine scan C:\Windows\system32\drivers
23:01:49.452    AVAST engine scan C:\Users\Stef
23:02:04.116    AVAST engine scan C:\ProgramData
23:02:47.562    Scan finished successfully
23:02:57.031    Disk 0 MBR has been saved successfully to "C:\Users\Ki\Desktop\MBR.dat"
23:02:57.031    The log file has been saved successfully to "C:\Users\Ki\Desktop\aswMBR.txt"

Gruß
Stefan

cosinus · 23.12.2011, 16:39

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Antares71 · 23.12.2011, 23:27

Hi!
Ich danke Dir schon einmal sehr für Deine Hilfe bis hierher. Habe eben mit den nächsten Schritten begonnen, aber ich glaube, das wird heute zu lange dauern. Morgen früh starten wir in einen Weihnachtskurzurlaub. Ich werde die nächsten Schritte daher erst in der nächsten Woche ausführen können. In der Zeit bleibt der Rechner aber auch aus.

Wünsche Dir frohe Weihnachten! Und nochmals vielen Dank.

Bis nächste Woche.

Gruß
Stefan

Antares71 · 31.12.2011, 15:02

Hallo Arne!
Ich hoffe, Du hattest schöne Weihnachten.

Habe jetzt die weiteren Schritte durchgeführt. Hier die Ergebnisse:

Anti-Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.31.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Stef :: LAPTOP [Administrator]

Schutz: Aktiviert

31.12.2011 11:26:10
mbam-log-2011-12-31 (11-26-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 303730
Laufzeit: 40 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SuperAnti-Spyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/31/2011 at 01:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8091
Trace Rules Database Version: 5903

Scan type       : Complete Scan
Total Scan Time : 00:56:50

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 638
Memory threats detected   : 0
Registry items scanned    : 40196
Registry threats detected : 0
File items scanned        : 106269
File threats detected     : 2

Adware.Tracking Cookie
	C:\USERS\KI\AppData\Roaming\Microsoft\Windows\Cookies\Q616Y46P.txt [ Cookie:ki@atdmt.com/ ]
	C:\USERS\KI\Cookies\Q616Y46P.txt [ Cookie:ki@atdmt.com/ ]

Und ESET:

Code:

ATTFilter

C:\_OTL\MovedFiles\12192011_203941\C_Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\61d520d9-7ae540e2	Java/Exploit.CVE-2011-3544.G trojan

Wünsche Dir schon einmal einen guten Rutsch und alles Gute für das neue Jahr!

Viele Grüße!
Stefan

Antares71 · 01.01.2012, 18:44

Nachtrag:

Hoppla, da habe ich Deine Anleitung nicht bis zu Ende gelesen. Sorry. Hier das komplette ESET-Log:

Code:

ATTFilter

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d4b06511315c1242a50f1403aa55d455
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 07:31:56
# local_time=2011-12-18 08:31:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 96956 60770052 25128 0
# compatibility_mode=5893 16776574 100 94 10107025 75864387 0 0
# compatibility_mode=8192 67108863 100 0 3868 3868 0 0
# scanned=123253
# found=1
# cleaned=0
# scan_time=3520
C:\Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\61d520d9-7ae540e2	Java/Exploit.CVE-2011-3544.G trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d4b06511315c1242a50f1403aa55d455
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-23 09:46:44
# local_time=2011-12-23 10:46:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 540262 61213358 216114 0
# compatibility_mode=5893 16776574 100 94 10550331 76307693 0 0
# compatibility_mode=8192 67108863 100 0 447174 447174 0 0
# scanned=7905
# found=0
# cleaned=0
# scan_time=303
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d4b06511315c1242a50f1403aa55d455
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 01:22:23
# local_time=2011-12-31 02:22:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 1198040 61871136 873892 0
# compatibility_mode=5893 16776574 100 94 11208109 76965471 0 0
# compatibility_mode=8192 67108863 100 0 1104952 1104952 0 0
# scanned=121618
# found=1
# cleaned=0
# scan_time=3463
C:\_OTL\MovedFiles\12192011_203941\C_Users\Ki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\61d520d9-7ae540e2	Java/Exploit.CVE-2011-3544.G trojan (unable to clean)	00000000000000000000000000000000	I