| |
| |||||||
Log-Analyse und Auswertung: Windows blockiert aus Sicherheitsgründen-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.01.2012, 19:48
| #1 |
 |  Windows blockiert aus Sicherheitsgründen-Trojaner Hallo zusammen, der hier schon häufig erwähnte trojaner raubt auch mir nach einem unschuldigen besuch von kinox.to den letzten nerv... Toll, dass ihr mir vielleicht helfen könnt, auch wenn ich zugebenermaßen nicht gerade ein rechner-crack bin...eher das gegenteil... Was ich bisher getan habe: systemwiederherstellung auf 2Tage vorher, das beseitigte das symptom. Dann scan mit Malwarebytes, 1 fund der wohl in Quarantäne verschoben wurde, den ich dort aber nicht finde. wie ich weiter vorgegangen bin hinter den logs. OTL Log ganz am Ende... erstmal das log und ein altes von mai. Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.01.02 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 julchen :: TARKAN [Administrator] 01.01.2012 17:30:14 mbam-log-2012-01-01 (17-30-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228839 Laufzeit: 1 Stunde(n), 10 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6DAZ238Z\1f47f1419f1fabb265da5f3fb8606543472088693e72e17292ebe9c118414543_exe[1] (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7562
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
25.08.2011 13:01:52
mbam-log-2011-08-25 (13-01-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 256448
Laufzeit: 1 Stunde(n), 20 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Dann habe ich noch Tdss Killer scannen lassen, da finde ich aber das log nicht. Dann habe ich Esets inkl externer Festplatte laufen lassen, er hat jede Menge gefunden: wtf: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=acab50e6042389419571ea83b2ec02b2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 02:30:06
# local_time=2012-01-02 03:30:06 (+0100, Westeuropäische Normalzeit)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775145 100 93 153961 62043743 261384 0
# compatibility_mode=8192 67108863 100 0 4022 4022 0 0
# scanned=129049
# found=11
# cleaned=0
# scan_time=7687
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51\40d0d773-50c22d5e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\Nero-8.2.8.0_deu_trial.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\SoftonicDownloader_fuer_freemind.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\julchen\Eigene Dateien\Downloads\SoftonicDownloader_fuer_zsnes.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Temp\321.exe a variant of Win32/Kryptik.YHX trojan (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-63954bc9 probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\AppData\Roaming\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\Downloads\agsetup183se.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\Downloads\eac-0.99pb5.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\Downloads\MyWebFaceSetup2.3.50.62.GRfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application (unable to clean) 00000000000000000000000000000000 I
F:\Users\Nikolaus\Downloads\SoftonicDownloader90278.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
defogger ging nicht, log hier Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:55 on 02/01/2012 (julchen)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 02.01.2012 15:58:38 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\julchen\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 510,80 Mb Total Physical Memory | 252,52 Mb Available Physical Memory | 49,44% Memory free 1,22 Gb Paging File | 0,88 Gb Available in Paging File | 72,43% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 69,34 Gb Total Space | 37,47 Gb Free Space | 54,03% Space Free | Partition Type: NTFS Drive D: | 994,23 Mb Total Space | 493,16 Mb Free Space | 49,60% Space Free | Partition Type: FAT32 Computer Name: TARKAN | User Name: julchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe PRC - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.02.23 17:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005.02.18 01:51:26 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2005.01.17 11:12:00 | 000,258,048 | R--- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\Ktp3.exe PRC - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ========== Modules (No Company Name) ========== MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe Ich hoffe, ich habe an alles gedacht. Ich habe allerdings noch nicht im abgesicherten modus irgendwas gemacht. habe übrigens windows XP, Targa notebook von 2005. Vielen Dank Euch schon im Voraus... JUJU mit Wurm |
|
03.01.2012, 21:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows blockiert aus Sicherheitsgründen-Trojaner Das Log von OTL ist unvollständig...
__________________Zitat:
__________________ |
|
05.01.2012, 12:24
| #3 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner Hallo Arne, sorry und danke für deine antwort. Hier das log. Und was softonic angeht: Ich hatte keine ahnung...also immer vom hersteller?
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2012 15:58:38 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\julchen\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 510,80 Mb Total Physical Memory | 252,52 Mb Available Physical Memory | 49,44% Memory free 1,22 Gb Paging File | 0,88 Gb Available in Paging File | 72,43% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 69,34 Gb Total Space | 37,47 Gb Free Space | 54,03% Space Free | Partition Type: NTFS Drive D: | 994,23 Mb Total Space | 493,16 Mb Free Space | 49,60% Space Free | Partition Type: FAT32 Computer Name: TARKAN | User Name: julchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe PRC - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.02.23 17:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005.02.18 01:51:26 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2005.01.17 11:12:00 | 000,258,048 | R--- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\Ktp3.exe PRC - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ========== Modules (No Company Name) ========== MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe MOD - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe MOD - [2005.02.18 01:50:28 | 000,163,967 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll MOD - [2005.02.18 01:50:28 | 000,057,465 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll MOD - [2005.02.18 01:50:28 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll MOD - [2005.02.18 01:49:46 | 000,229,458 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll MOD - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe MOD - [2004.08.04 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.07.08 09:51:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 09:42:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2005.02.18 01:51:26 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.02.18 01:50:52 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005.02.18 01:50:48 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2004.12.01 18:02:48 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) ========== Driver Services (SafeList) ========== DRV - [2011.07.08 09:51:51 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.08 09:51:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006.04.07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB) DRV - [2005.02.24 13:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.02.17 20:04:05 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005.01.29 14:02:00 | 001,012,608 | R--- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid) DRV - [2005.01.25 19:47:00 | 000,148,480 | R--- | M] (Inprocomm, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (CB54G3) DRV - [2005.01.25 19:47:00 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2005.01.17 11:12:00 | 001,270,540 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.01.17 11:12:00 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.17 11:12:00 | 000,024,704 | R--- | M] (Elantech Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ktp3.sys -- (Ktp3) Elantech TouchPad(KTP3) DRV - [2005.01.12 21:30:22 | 000,915,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.12.01 17:55:32 | 000,022,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2004.11.05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004.10.19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004.10.19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2004.09.21 18:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2004.09.21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.05.17 16:11:42 | 000,067,456 | ---- | M] (REDC) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\rmedia.sys -- (rmedia) DRV - [2004.03.10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k) DRV - [2002.03.19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.targa.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10 FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Programme\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.21 21:07:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.21 21:07:41 | 000,000,000 | ---D | M] [2008.07.15 08:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Extensions [2012.01.01 17:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions [2009.09.08 09:00:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.05 17:18:01 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} [2011.11.06 14:12:51 | 000,000,000 | ---D | M] (Zotero) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu [2011.11.06 14:23:00 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org [2012.01.01 17:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.12 11:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.12 11:11:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.10.12 11:11:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.03.07 09:26:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.07 09:26:17 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.03.07 09:26:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.07 09:26:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.07 09:26:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KTPWare] C:\Programme\Elantech\Ktp3.exe (ELANTECH Devices Corp.) O4 - HKLM..\Run: [OEM-Reset] File not found O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108647141296 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46187F0C-A792-4EC2-98B3-3FC615C34B86}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.02.17 13:07:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) O33 - MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) O33 - MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {094AC089-2A75-5BCC-0A10-2A1C5AA04CB6} - Vektorgrafik-Rendering (VML) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4E5C2225-24C6-88E4-99E9-98FCF88F6CA2} - Vektorgrafik-Rendering (VML) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe - (IVT Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk - C:\Programme\Olympus\DeviceDetector\DevDtct2.exe - (OLYMPUS IMAGING CORP.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.02 15:55:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe [2012.01.02 13:15:00 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.01 17:49:35 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\julchen\Desktop\TDSSKiller.exe [2012.01.01 17:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.01 17:28:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.01 17:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.12.09 17:29:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr [2011.12.09 17:27:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vizzed Retro Game Room [2011.12.09 17:27:16 | 000,000,000 | ---D | C] -- C:\Programme\Vizzed [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.02 15:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\julchen\Desktop\OTL.exe [2012.01.02 15:43:28 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\defogger_reenable [2012.01.02 15:35:28 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Defogger.exe [2012.01.02 14:40:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.01.02 13:40:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.02 13:03:44 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.01.01 19:20:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.01 19:20:26 | 535,678,976 | -HS- | M] () -- C:\hiberfil.sys [2012.01.01 17:28:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 18:18:51 | 000,053,126 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\wklnhst.dat [2011.12.28 12:22:23 | 344,357,476 | ---- | M] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Reise um die Welt.wma [2011.12.23 14:52:00 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\julchen\Desktop\TDSSKiller.exe [2011.12.14 17:20:14 | 000,000,216 | RHS- | M] () -- C:\boot.ini [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.02 15:43:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\defogger_reenable [2012.01.02 15:35:28 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Defogger.exe [2012.01.01 17:28:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 12:13:29 | 344,357,476 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Desktop\Reise um die Welt.wma [2011.02.16 14:27:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.02.16 14:27:03 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.02.16 14:27:03 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.02.16 14:27:03 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.02.16 14:27:03 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.02.16 14:27:03 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.02.16 14:27:03 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.02.16 14:27:03 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.02.16 14:27:03 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.02.16 14:27:03 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.02.16 14:27:03 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.02.16 14:27:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.02.16 14:27:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.02.16 14:27:03 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.02.16 14:27:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.02.16 14:27:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.02.16 14:27:03 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.02.16 14:27:03 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.02.16 14:27:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.11.12 14:05:04 | 000,053,126 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\wklnhst.dat [2010.09.27 22:44:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.05 17:30:56 | 000,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009.01.26 13:14:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.11.19 11:29:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.06.10 18:24:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll [2008.06.10 18:24:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll [2008.03.31 15:38:41 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.03.03 08:32:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2005.03.03 08:32:09 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2005.03.03 08:32:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2005.03.03 08:32:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2005.03.03 08:32:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2005.03.02 17:30:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005.02.24 16:33:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.02.18 14:40:01 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.02.18 13:07:17 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe [2005.02.17 20:27:54 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.02.17 20:03:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005.02.17 13:45:06 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.02.17 13:45:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2005.02.17 13:42:34 | 000,013,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys [2005.02.17 13:42:34 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2005.02.17 13:39:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005.02.17 13:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2005.02.17 13:31:29 | 000,077,267 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005.02.17 13:13:42 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.02.17 13:09:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.02.17 13:05:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.02.17 13:00:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.02.17 12:59:32 | 002,113,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.02.17 12:47:22 | 000,000,814 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.02.17 12:47:11 | 000,459,390 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2005.02.17 12:47:11 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2005.02.17 12:47:11 | 000,084,728 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2005.02.17 12:47:11 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2005.02.17 12:46:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005.02.17 12:46:56 | 000,441,458 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.02.17 12:46:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005.02.17 12:46:56 | 000,071,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.02.17 12:46:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005.02.17 12:46:54 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005.02.17 12:46:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005.02.17 12:46:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.02.17 12:46:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005.02.17 12:46:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005.02.17 12:46:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005.02.17 12:46:38 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.03.18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll ========== LOP Check ========== [2005.02.17 15:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2010.05.20 11:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2005.02.18 13:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2005.02.18 13:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2005.02.17 20:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.10.30 20:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Broken Sword 2.5 [2010.05.20 11:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\elsterformular ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.08.11 08:20:13 | 000,000,000 | ---D | M] -- C:\cd022f1a27109f67dea27d362dad [2011.12.09 17:33:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2008.03.31 15:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.08.20 13:59:13 | 000,000,000 | ---D | M] -- C:\ef50918e92a6f10afe12b27ad1e8b135 [2010.09.28 15:09:00 | 000,000,000 | ---D | M] -- C:\HattrickOrganizer [2005.02.23 09:37:27 | 000,000,000 | ---D | M] -- C:\Info [2005.02.17 20:04:05 | 000,000,000 | ---D | M] -- C:\My Music [2012.01.02 13:15:00 | 000,000,000 | R--D | M] -- C:\Programme [2008.05.04 14:55:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.01.10 12:11:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2005.03.31 13:23:37 | 000,000,000 | ---D | M] -- C:\T-Online [2011.03.31 11:30:31 | 000,000,000 | ---D | M] -- C:\Temp [2011.12.14 17:45:14 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\dllcache\afd.sys [2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\drivers\afd.sys [2004.08.04 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys [2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\ipsec.sys [2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\dllcache\ipsec.sys [2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE [2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe [2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\system32\dllcache\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 09:24:36 | 001,851,008 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-18 13:50:19 < > < End of report > so, ich hoffe, alles ist jetzt da.... schönen tag. jujumitwurm |
|
05.01.2012, 12:28
| #4 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner Hallo Arne, danke für deine antwort und sorry für das unvollständige log.im anhang das vollständige, für den threat war es anscheinend zu groß. beste grüße juju mit wurm HÄH? Jetzt ist es doch im threat? also dann zweimal. sorry nochmal... |
|
05.01.2012, 14:23
| #5 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-TrojanerZitat:
Aktuell ist für XP das SP3 und der IE8! Zitat:
 Zitat:
Es hat einen Grund warum man hier bestimmte Tool nur auf Anweisung ausgeführt werden sollen. Laien neigen dazu alles zu löschen und genau das ist pauschal falsch und kann das System nachhaltig Schaden zufügen. Log ist direkt auf C: bitte posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2012, 15:06
| #6 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner hallo arne, anbei das log, es sind drei: Code:
ATTFilter 17:50:22.0156 0176 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:50:23.0062 0176 ============================================================
17:50:23.0062 0176 Current date / time: 2012/01/01 17:50:23.0062
17:50:23.0062 0176 SystemInfo:
17:50:23.0062 0176
17:50:23.0062 0176 OS Version: 5.1.2600 ServicePack: 2.0
17:50:23.0062 0176 Product type: Workstation
17:50:23.0062 0176 ComputerName: TARKAN
17:50:23.0250 0176 UserName: julchen
17:50:23.0250 0176 Windows directory: C:\WINDOWS
17:50:23.0250 0176 System windows directory: C:\WINDOWS
17:50:23.0250 0176 Processor architecture: Intel x86
17:50:23.0250 0176 Number of processors: 1
17:50:23.0250 0176 Page size: 0x1000
17:50:23.0265 0176 Boot type: Normal boot
17:50:23.0265 0176 ============================================================
17:50:27.0218 0176 Initialize success
17:50:33.0343 1580 ============================================================
17:50:33.0343 1580 Scan started
17:50:33.0343 1580 Mode: Manual;
17:50:33.0343 1580 ============================================================
17:50:35.0953 1580 Abiosdsk - ok
17:50:36.0062 1580 abp480n5 - ok
17:50:36.0203 1580 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:50:36.0218 1580 ACPI - ok
17:50:36.0281 1580 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:50:36.0281 1580 ACPIEC - ok
17:50:36.0296 1580 adfs - ok
17:50:36.0328 1580 adpu160m - ok
17:50:36.0375 1580 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:50:36.0406 1580 aec - ok
17:50:36.0484 1580 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:50:36.0484 1580 AFD - ok
17:50:36.0750 1580 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:50:37.0140 1580 AgereSoftModem - ok
17:50:37.0500 1580 Aha154x - ok
17:50:37.0718 1580 aic78u2 - ok
17:50:38.0078 1580 aic78xx - ok
17:50:39.0578 1580 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:50:41.0328 1580 ALCXWDM - ok
17:50:41.0953 1580 AliIde - ok
17:50:42.0406 1580 AmdK8 (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:50:42.0484 1580 AmdK8 - ok
17:50:42.0656 1580 amsint - ok
17:50:42.0828 1580 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:50:42.0843 1580 Arp1394 - ok
17:50:42.0921 1580 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
17:50:42.0921 1580 ASAPIW2k - ok
17:50:42.0984 1580 asc - ok
17:50:43.0046 1580 asc3350p - ok
17:50:43.0156 1580 asc3550 - ok
17:50:43.0265 1580 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:50:43.0359 1580 ASCTRM - ok
17:50:43.0421 1580 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:50:43.0437 1580 AsyncMac - ok
17:50:43.0484 1580 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:50:43.0484 1580 atapi - ok
17:50:43.0531 1580 Atdisk - ok
17:50:43.0625 1580 ati2mtag (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:50:43.0671 1580 ati2mtag - ok
17:50:43.0734 1580 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:50:43.0734 1580 Atmarpc - ok
17:50:43.0781 1580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:50:43.0781 1580 audstub - ok
17:50:43.0890 1580 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:50:43.0890 1580 avgio - ok
17:50:43.0937 1580 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:50:43.0937 1580 avgntflt - ok
17:50:44.0015 1580 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:50:44.0015 1580 avipbb - ok
17:50:44.0093 1580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:50:44.0140 1580 Beep - ok
17:50:44.0203 1580 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
17:50:44.0218 1580 BlueletAudio - ok
17:50:44.0281 1580 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
17:50:44.0281 1580 BT - ok
17:50:44.0328 1580 Btcsrusb (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
17:50:44.0328 1580 Btcsrusb - ok
17:50:44.0375 1580 BTHidEnum (083ad7f6ff500d0a93c0bea2cf298c93) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
17:50:44.0375 1580 BTHidEnum - ok
17:50:44.0406 1580 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
17:50:44.0437 1580 BTHidMgr - ok
17:50:44.0484 1580 CB54G3 (02aaa5a6414b0d5cc0717b84fb74c4bb) C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
17:50:44.0484 1580 CB54G3 - ok
17:50:44.0531 1580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:50:44.0578 1580 cbidf2k - ok
17:50:44.0625 1580 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:50:44.0640 1580 CCDECODE - ok
17:50:44.0703 1580 cd20xrnt - ok
17:50:44.0781 1580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:50:44.0828 1580 Cdaudio - ok
17:50:44.0890 1580 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:50:44.0906 1580 Cdfs - ok
17:50:45.0000 1580 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:50:45.0000 1580 Cdrom - ok
17:50:45.0031 1580 Changer - ok
17:50:45.0109 1580 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:50:45.0109 1580 CmBatt - ok
17:50:45.0187 1580 CmdIde - ok
17:50:45.0265 1580 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:50:45.0265 1580 Compbatt - ok
17:50:45.0296 1580 Cpqarray - ok
17:50:45.0375 1580 dac2w2k - ok
17:50:45.0406 1580 dac960nt - ok
17:50:45.0453 1580 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:50:45.0468 1580 Disk - ok
17:50:45.0625 1580 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
17:50:45.0765 1580 dmboot - ok
17:50:45.0875 1580 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
17:50:45.0906 1580 dmio - ok
17:50:45.0968 1580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:50:45.0984 1580 dmload - ok
17:50:46.0062 1580 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:50:46.0078 1580 DMusic - ok
17:50:46.0109 1580 dpti2o - ok
17:50:46.0140 1580 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:50:46.0140 1580 drmkaud - ok
17:50:46.0343 1580 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:50:46.0453 1580 Fastfat - ok
17:50:46.0500 1580 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:50:46.0531 1580 Fdc - ok
17:50:46.0578 1580 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
17:50:46.0625 1580 Fips - ok
17:50:46.0687 1580 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:50:46.0718 1580 Flpydisk - ok
17:50:46.0781 1580 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:50:46.0781 1580 FltMgr - ok
17:50:46.0843 1580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:50:46.0890 1580 Fs_Rec - ok
17:50:46.0953 1580 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:50:46.0968 1580 Ftdisk - ok
17:50:47.0046 1580 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:50:47.0062 1580 Gpc - ok
17:50:47.0171 1580 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:50:47.0171 1580 HidUsb - ok
17:50:47.0203 1580 hpn - ok
17:50:47.0328 1580 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:50:47.0359 1580 HTTP - ok
17:50:47.0781 1580 i2omgmt - ok
17:50:47.0875 1580 i2omp - ok
17:50:47.0937 1580 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:50:47.0937 1580 i8042prt - ok
17:50:48.0000 1580 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:50:48.0000 1580 Imapi - ok
17:50:48.0031 1580 ini910u - ok
17:50:48.0078 1580 IntelIde - ok
17:50:48.0125 1580 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:50:48.0125 1580 Ip6Fw - ok
17:50:48.0171 1580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:50:48.0171 1580 IpFilterDriver - ok
17:50:48.0296 1580 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:50:48.0296 1580 IpInIp - ok
17:50:48.0359 1580 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:50:48.0359 1580 IpNat - ok
17:50:48.0421 1580 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:50:48.0421 1580 IPSec - ok
17:50:48.0468 1580 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:50:48.0468 1580 IRENUM - ok
17:50:48.0531 1580 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:50:48.0562 1580 isapnp - ok
17:50:48.0625 1580 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:50:48.0640 1580 Kbdclass - ok
17:50:48.0703 1580 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:50:48.0703 1580 kmixer - ok
17:50:48.0812 1580 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:50:48.0828 1580 KSecDD - ok
17:50:48.0859 1580 Ktp3 (255243a645451d407bb46bb16ec616f2) C:\WINDOWS\system32\DRIVERS\Ktp3.sys
17:50:48.0859 1580 Ktp3 - ok
17:50:48.0906 1580 lbrtfdc - ok
17:50:49.0140 1580 LVHybrid (7c12bb13661586035ca2c7d198c511a8) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
17:50:49.0718 1580 LVHybrid - ok
17:50:49.0828 1580 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:50:49.0828 1580 MBAMSwissArmy - ok
17:50:49.0937 1580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:50:49.0968 1580 mnmdd - ok
17:50:50.0093 1580 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
17:50:50.0093 1580 Modem - ok
17:50:50.0156 1580 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:50:50.0156 1580 Mouclass - ok
17:50:50.0203 1580 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:50:50.0203 1580 mouhid - ok
17:50:50.0250 1580 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:50:50.0312 1580 MountMgr - ok
17:50:50.0375 1580 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:50:50.0375 1580 MPE - ok
17:50:50.0421 1580 mraid35x - ok
17:50:50.0515 1580 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:50:50.0515 1580 MRxDAV - ok
17:50:50.0625 1580 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:50:50.0843 1580 MRxSmb - ok
17:50:51.0203 1580 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:50:51.0312 1580 Msfs - ok
17:50:51.0718 1580 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:50:51.0718 1580 MSKSSRV - ok
17:50:51.0921 1580 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:50:51.0937 1580 MSPCLOCK - ok
17:50:52.0062 1580 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:50:52.0062 1580 MSPQM - ok
17:50:52.0187 1580 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:50:52.0218 1580 mssmbios - ok
17:50:52.0343 1580 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
17:50:52.0406 1580 MSTEE - ok
17:50:52.0453 1580 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:50:52.0625 1580 Mup - ok
17:50:52.0671 1580 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:50:52.0687 1580 NABTSFEC - ok
17:50:52.0765 1580 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:50:52.0953 1580 NDIS - ok
17:50:53.0046 1580 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:50:53.0062 1580 NdisIP - ok
17:50:53.0109 1580 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:50:53.0109 1580 NdisTapi - ok
17:50:53.0171 1580 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:50:53.0218 1580 Ndisuio - ok
17:50:53.0359 1580 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:50:53.0390 1580 NdisWan - ok
17:50:53.0453 1580 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:50:53.0609 1580 NDProxy - ok
17:50:53.0781 1580 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:50:53.0812 1580 NetBIOS - ok
17:50:54.0000 1580 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:50:54.0062 1580 NetBT - ok
17:50:54.0171 1580 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:50:54.0203 1580 NIC1394 - ok
17:50:54.0250 1580 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:50:54.0390 1580 Npfs - ok
17:50:54.0718 1580 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:50:55.0000 1580 Ntfs - ok
17:50:55.0546 1580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:50:55.0656 1580 Null - ok
17:50:56.0046 1580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:50:56.0062 1580 NwlnkFlt - ok
17:50:56.0156 1580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:50:56.0187 1580 NwlnkFwd - ok
17:50:56.0234 1580 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:50:56.0250 1580 ohci1394 - ok
17:50:56.0296 1580 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
17:50:56.0359 1580 Parport - ok
17:50:56.0437 1580 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:50:56.0515 1580 PartMgr - ok
17:50:56.0609 1580 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:50:56.0640 1580 ParVdm - ok
17:50:56.0703 1580 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
17:50:56.0750 1580 PCANDIS5 - ok
17:50:56.0796 1580 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
17:50:56.0796 1580 PCI - ok
17:50:56.0859 1580 PCIDump - ok
17:50:56.0937 1580 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:50:56.0937 1580 PCIIde - ok
17:50:57.0000 1580 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
17:50:57.0015 1580 PCLEPCI - ok
17:50:57.0156 1580 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:50:57.0218 1580 Pcmcia - ok
17:50:57.0312 1580 PDCOMP - ok
17:50:57.0500 1580 PDFRAME - ok
17:50:57.0578 1580 PDRELI - ok
17:50:57.0656 1580 PDRFRAME - ok
17:50:57.0718 1580 perc2 - ok
17:50:57.0750 1580 perc2hib - ok
17:50:57.0921 1580 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:50:57.0937 1580 PptpMiniport - ok
17:50:58.0218 1580 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
17:50:58.0234 1580 Processor - ok
17:50:58.0421 1580 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:50:58.0453 1580 PSched - ok
17:50:58.0531 1580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:50:58.0546 1580 Ptilink - ok
17:50:58.0593 1580 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:50:58.0593 1580 PxHelp20 - ok
17:50:58.0625 1580 ql1080 - ok
17:50:58.0703 1580 Ql10wnt - ok
17:50:58.0765 1580 ql12160 - ok
17:50:58.0796 1580 ql1240 - ok
17:50:58.0828 1580 ql1280 - ok
17:50:58.0906 1580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:50:58.0921 1580 RasAcd - ok
17:50:59.0031 1580 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:50:59.0046 1580 Rasl2tp - ok
17:50:59.0140 1580 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:50:59.0156 1580 RasPppoe - ok
17:50:59.0250 1580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:50:59.0265 1580 Raspti - ok
17:50:59.0406 1580 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:50:59.0437 1580 Rdbss - ok
17:50:59.0515 1580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:50:59.0515 1580 RDPCDD - ok
17:50:59.0625 1580 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:50:59.0656 1580 RDPWD - ok
17:50:59.0750 1580 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:50:59.0765 1580 redbook - ok
17:50:59.0875 1580 rmedia (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
17:50:59.0906 1580 rmedia - ok
17:50:59.0968 1580 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:50:59.0968 1580 ROOTMODEM - ok
17:51:00.0062 1580 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
17:51:00.0093 1580 RTL8023xp - ok
17:51:00.0156 1580 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:51:00.0156 1580 rtl8139 - ok
17:51:00.0296 1580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:51:00.0296 1580 Secdrv - ok
17:51:00.0375 1580 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:51:00.0375 1580 Serenum - ok
17:51:00.0421 1580 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
17:51:00.0625 1580 Serial - ok
17:51:00.0734 1580 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:51:00.0734 1580 Sfloppy - ok
17:51:00.0812 1580 Simbad - ok
17:51:00.0875 1580 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:51:00.0890 1580 SLIP - ok
17:51:00.0953 1580 Sparrow - ok
17:51:01.0109 1580 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:51:01.0125 1580 splitter - ok
17:51:01.0281 1580 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:51:01.0328 1580 sr - ok
17:51:01.0515 1580 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:51:01.0671 1580 Srv - ok
17:51:01.0765 1580 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:51:01.0765 1580 ssmdrv - ok
17:51:01.0875 1580 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:51:01.0875 1580 streamip - ok
17:51:01.0968 1580 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:51:01.0968 1580 swenum - ok
17:51:02.0015 1580 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:51:02.0015 1580 swmidi - ok
17:51:02.0046 1580 symc810 - ok
17:51:02.0078 1580 symc8xx - ok
17:51:02.0140 1580 sym_hi - ok
17:51:02.0171 1580 sym_u3 - ok
17:51:02.0218 1580 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:51:02.0234 1580 sysaudio - ok
17:51:02.0500 1580 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:51:02.0593 1580 Tcpip - ok
17:51:02.0687 1580 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:51:02.0875 1580 TDPIPE - ok
17:51:02.0953 1580 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:51:03.0062 1580 TDTCP - ok
17:51:03.0125 1580 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:51:03.0140 1580 TermDD - ok
17:51:03.0187 1580 TosIde - ok
17:51:03.0296 1580 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:51:03.0343 1580 Udfs - ok
17:51:03.0421 1580 ultra - ok
17:51:03.0500 1580 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:51:03.0515 1580 Update - ok
17:51:03.0593 1580 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:51:03.0609 1580 usbaudio - ok
17:51:03.0656 1580 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:51:03.0703 1580 usbccgp - ok
17:51:03.0734 1580 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:51:03.0734 1580 usbehci - ok
17:51:03.0796 1580 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:51:03.0812 1580 usbhub - ok
17:51:03.0828 1580 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:51:03.0828 1580 usbohci - ok
17:51:03.0937 1580 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:51:03.0953 1580 usbscan - ok
17:51:04.0015 1580 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:51:04.0031 1580 USBSTOR - ok
17:51:04.0125 1580 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
17:51:04.0140 1580 VComm - ok
17:51:04.0203 1580 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
17:51:04.0234 1580 VcommMgr - ok
17:51:04.0312 1580 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:51:04.0343 1580 VgaSave - ok
17:51:04.0375 1580 ViaIde - ok
17:51:04.0453 1580 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
17:51:04.0468 1580 VNUSB - ok
17:51:04.0531 1580 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
17:51:04.0578 1580 VolSnap - ok
17:51:04.0656 1580 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:51:04.0671 1580 Wanarp - ok
17:51:04.0734 1580 wanatw - ok
17:51:04.0765 1580 WDICA - ok
17:51:04.0843 1580 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:51:04.0859 1580 wdmaud - ok
17:51:05.0000 1580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:51:05.0000 1580 WpdUsb - ok
17:51:05.0125 1580 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:51:05.0171 1580 WSTCODEC - ok
17:51:05.0375 1580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:51:05.0406 1580 WudfPf - ok
17:51:05.0484 1580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:51:05.0515 1580 WudfRd - ok
17:51:05.0625 1580 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:51:06.0593 1580 \Device\Harddisk0\DR0 - ok
17:51:06.0625 1580 Boot (0x1200) (c2a45f1dca5aeb3928f61b90caa600a8) \Device\Harddisk0\DR0\Partition0
17:51:06.0750 1580 \Device\Harddisk0\DR0\Partition0 - ok
17:51:06.0796 1580 Boot (0x1200) (332b190f6745cd253f6e7c5047aa5c34) \Device\Harddisk0\DR0\Partition1
17:51:06.0812 1580 \Device\Harddisk0\DR0\Partition1 - ok
17:51:06.0812 1580 ============================================================
17:51:06.0812 1580 Scan finished
17:51:06.0812 1580 ============================================================
17:51:06.0843 1520 Detected object count: 0
17:51:06.0843 1520 Actual detected object count: 0
17:52:03.0968 4004 Deinitialize success
Code:
ATTFilter 19:28:13.0203 3704 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:28:13.0515 3704 ============================================================
19:28:13.0515 3704 Current date / time: 2012/01/02 19:28:13.0515
19:28:13.0515 3704 SystemInfo:
19:28:13.0515 3704
19:28:13.0515 3704 OS Version: 5.1.2600 ServicePack: 2.0
19:28:13.0515 3704 Product type: Workstation
19:28:13.0515 3704 ComputerName: TARKAN
19:28:13.0515 3704 UserName: julchen
19:28:13.0515 3704 Windows directory: C:\WINDOWS
19:28:13.0515 3704 System windows directory: C:\WINDOWS
19:28:13.0515 3704 Processor architecture: Intel x86
19:28:13.0515 3704 Number of processors: 1
19:28:13.0515 3704 Page size: 0x1000
19:28:13.0515 3704 Boot type: Normal boot
19:28:13.0515 3704 ============================================================
19:28:17.0718 3704 Initialize success
19:28:39.0265 0128 Deinitialize success
Code:
ATTFilter 14:09:14.0656 2892 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:09:15.0062 2892 ============================================================
14:09:15.0078 2892 Current date / time: 2012/01/02 14:09:15.0062
14:09:15.0078 2892 SystemInfo:
14:09:15.0078 2892
14:09:15.0078 2892 OS Version: 5.1.2600 ServicePack: 2.0
14:09:15.0078 2892 Product type: Workstation
14:09:15.0078 2892 ComputerName: TARKAN
14:09:15.0078 2892 UserName: julchen
14:09:15.0078 2892 Windows directory: C:\WINDOWS
14:09:15.0078 2892 System windows directory: C:\WINDOWS
14:09:15.0078 2892 Processor architecture: Intel x86
14:09:15.0078 2892 Number of processors: 1
14:09:15.0078 2892 Page size: 0x1000
14:09:15.0078 2892 Boot type: Normal boot
14:09:15.0078 2892 ============================================================
14:09:19.0125 2892 Initialize success
14:09:27.0281 2268 Deinitialize success
 Ich benutze Mozilla Firefox, den IE nutze ich nicht, was du mit service pack meinst, weiß ich noch nicht mal...kann man das irgendwie aktualisieren? und wie gesagt...ich versteh nix von rechnern... beste grüße j. |
|
05.01.2012, 15:54
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2010.08.05 17:18:01 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2011.11.06 14:12:51 | 000,000,000 | ---D | M] (Zotero) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu
[2011.11.06 14:23:00 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.17 13:07:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
O33 - MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2004.01.20 14:50:52 | 000,020,480 | ---- | M] (TARGA GmbH)
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2012, 16:40
| #8 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner hier das log: Code:
ATTFilter Error: Unable to interpret <14:09:14.0656 2892 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16> in the current context!
Error: Unable to interpret <14:09:15.0062 2892 ============================================================> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Current date / time: 2012/01/02 14:09:15.0062> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 SystemInfo:> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 > in the current context!
Error: Unable to interpret <14:09:15.0078 2892 OS Version: 5.1.2600 ServicePack: 2.0> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Product type: Workstation> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 ComputerName: TARKAN> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 UserName: julchen> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Windows directory: C:\WINDOWS> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 System windows directory: C:\WINDOWS> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Processor architecture: Intel x86> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Number of processors: 1> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Page size: 0x1000> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 Boot type: Normal boot> in the current context!
Error: Unable to interpret <14:09:15.0078 2892 ============================================================> in the current context!
Error: Unable to interpret <14:09:19.0125 2892 Initialize success> in the current context!
Error: Unable to interpret <14:09:27.0281 2268 Deinitialize success> in the current context!
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_163702
j. |
|
05.01.2012, 16:48
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-Trojaner Bitte mal vorher prüfen was du kopierst in das Textfeld von OTL!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2012, 17:02
| #10 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner sorry schon wieder Code:
ATTFilter All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\lib folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\scripts folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zotero@chnm.gmu.edu folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\resource folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\install folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\defaults folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-8.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-7.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-6.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components-5.0 folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\components folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org\chrome folder moved successfully.
C:\Dokumente und Einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\extensions\zoteroWinWordIntegration@zotero.org folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ed3908-8b42-11d9-8d3b-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ed3908-8b42-11d9-8d3b-806d6172696f}\ not found.
D:\AUTORUN.EXE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58658fe2-8bb6-11d9-b435-0011091f4734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58658fe2-8bb6-11d9-b435-0011091f4734}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86dea630-8bb6-11d9-b1cc-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86dea630-8bb6-11d9-b1cc-806d6172696f}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{906a1bae-8c53-11d9-9947-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{906a1bae-8c53-11d9-9947-806d6172696f}\ not found.
File D:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc63a8a-8678-11d9-978e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fc63a8a-8678-11d9-978e-806d6172696f}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea7350a-8b3d-11d9-b428-0011091f4734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dea7350a-8b3d-11d9-b428-0011091f4734}\ not found.
File D:\AUTORUN.EXE not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 41 bytes
User: julchen
->Temp folder emptied: 237879658 bytes
->Temporary Internet Files folder emptied: 24686336 bytes
->Java cache emptied: 9183987 bytes
->FireFox cache emptied: 99747269 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 1901690 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 26643793 bytes
User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 40205116 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4182407 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180121907 bytes
RecycleBin emptied: 575397484 bytes
Total Files Cleaned = 1.145,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_165333
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
05.01.2012, 20:30
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 13:02
| #12 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner salut, hier das log von tdss killer Code:
ATTFilter 12:54:17.0234 3516 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:54:19.0234 3516 ============================================================
12:54:19.0234 3516 Current date / time: 2012/01/06 12:54:19.0234
12:54:19.0234 3516 SystemInfo:
12:54:19.0234 3516
12:54:19.0234 3516 OS Version: 5.1.2600 ServicePack: 2.0
12:54:19.0234 3516 Product type: Workstation
12:54:19.0234 3516 ComputerName: TARKAN
12:54:19.0234 3516 UserName: julchen
12:54:19.0234 3516 Windows directory: C:\WINDOWS
12:54:19.0234 3516 System windows directory: C:\WINDOWS
12:54:19.0234 3516 Processor architecture: Intel x86
12:54:19.0234 3516 Number of processors: 1
12:54:19.0234 3516 Page size: 0x1000
12:54:19.0234 3516 Boot type: Normal boot
12:54:19.0234 3516 ============================================================
12:54:20.0781 3516 Initialize success
12:56:00.0296 2172 ============================================================
12:56:00.0296 2172 Scan started
12:56:00.0296 2172 Mode: Manual; SigCheck; TDLFS;
12:56:00.0296 2172 ============================================================
12:56:00.0578 2172 Abiosdsk - ok
12:56:00.0625 2172 abp480n5 - ok
12:56:00.0703 2172 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:56:02.0468 2172 ACPI - ok
12:56:02.0578 2172 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:56:02.0718 2172 ACPIEC - ok
12:56:02.0750 2172 adfs - ok
12:56:02.0796 2172 adpu160m - ok
12:56:02.0859 2172 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
12:56:03.0234 2172 aec - ok
12:56:03.0281 2172 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:56:03.0328 2172 AFD - ok
12:56:03.0421 2172 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:56:03.0562 2172 AgereSoftModem - ok
12:56:03.0593 2172 Aha154x - ok
12:56:03.0609 2172 aic78u2 - ok
12:56:03.0640 2172 aic78xx - ok
12:56:03.0765 2172 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:56:04.0093 2172 ALCXWDM - ok
12:56:04.0140 2172 AliIde - ok
12:56:04.0187 2172 AmdK8 (b9dbaae3219661f4d0c5e8dc0c2f987d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:56:04.0234 2172 AmdK8 - ok
12:56:04.0250 2172 amsint - ok
12:56:04.0312 2172 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:56:04.0468 2172 Arp1394 - ok
12:56:04.0515 2172 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
12:56:04.0515 2172 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
12:56:04.0515 2172 ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
12:56:04.0531 2172 asc - ok
12:56:04.0562 2172 asc3350p - ok
12:56:04.0578 2172 asc3550 - ok
12:56:04.0640 2172 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
12:56:04.0656 2172 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
12:56:04.0656 2172 ASCTRM - detected UnsignedFile.Multi.Generic (1)
12:56:04.0718 2172 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:56:04.0859 2172 AsyncMac - ok
12:56:04.0906 2172 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:56:05.0062 2172 atapi - ok
12:56:05.0078 2172 Atdisk - ok
12:56:05.0156 2172 ati2mtag (74a245800424f70ff4822ab0d20a1db5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:56:05.0296 2172 ati2mtag - ok
12:56:05.0343 2172 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:56:05.0468 2172 Atmarpc - ok
12:56:05.0515 2172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:56:05.0656 2172 audstub - ok
12:56:05.0765 2172 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:56:05.0796 2172 avgio - ok
12:56:05.0828 2172 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:56:05.0921 2172 avgntflt - ok
12:56:05.0953 2172 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:56:05.0968 2172 avipbb - ok
12:56:06.0015 2172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:56:06.0171 2172 Beep - ok
12:56:06.0218 2172 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:56:06.0234 2172 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0234 2172 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
12:56:06.0281 2172 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:56:06.0281 2172 BT ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0281 2172 BT - detected UnsignedFile.Multi.Generic (1)
12:56:06.0328 2172 Btcsrusb (bdf2c32c14ef7ab75ddcc3394d6f80d4) C:\WINDOWS\system32\Drivers\btcusb.sys
12:56:06.0343 2172 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0343 2172 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
12:56:06.0375 2172 BTHidEnum (083ad7f6ff500d0a93c0bea2cf298c93) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
12:56:06.0390 2172 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0390 2172 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
12:56:06.0421 2172 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:56:06.0437 2172 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
12:56:06.0437 2172 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
12:56:06.0484 2172 CB54G3 (02aaa5a6414b0d5cc0717b84fb74c4bb) C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
12:56:06.0515 2172 CB54G3 - ok
12:56:06.0562 2172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:56:06.0718 2172 cbidf2k - ok
12:56:06.0750 2172 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:56:06.0906 2172 CCDECODE - ok
12:56:06.0921 2172 cd20xrnt - ok
12:56:06.0953 2172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:56:07.0093 2172 Cdaudio - ok
12:56:07.0140 2172 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:56:07.0250 2172 Cdfs - ok
12:56:07.0281 2172 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:56:07.0421 2172 Cdrom - ok
12:56:07.0437 2172 Changer - ok
12:56:07.0500 2172 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:56:07.0609 2172 CmBatt - ok
12:56:07.0625 2172 CmdIde - ok
12:56:07.0656 2172 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:56:07.0796 2172 Compbatt - ok
12:56:07.0828 2172 Cpqarray - ok
12:56:07.0859 2172 dac2w2k - ok
12:56:07.0875 2172 dac960nt - ok
12:56:07.0906 2172 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:56:08.0015 2172 Disk - ok
12:56:08.0093 2172 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
12:56:08.0281 2172 dmboot - ok
12:56:08.0328 2172 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
12:56:08.0468 2172 dmio - ok
12:56:08.0500 2172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:56:08.0640 2172 dmload - ok
12:56:08.0687 2172 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:56:08.0812 2172 DMusic - ok
12:56:08.0843 2172 dpti2o - ok
12:56:08.0875 2172 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:56:09.0015 2172 drmkaud - ok
12:56:09.0062 2172 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:56:09.0203 2172 Fastfat - ok
12:56:09.0234 2172 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
12:56:09.0359 2172 Fdc - ok
12:56:09.0406 2172 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
12:56:09.0531 2172 Fips - ok
12:56:09.0546 2172 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:56:09.0687 2172 Flpydisk - ok
12:56:09.0718 2172 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:56:10.0125 2172 FltMgr - ok
12:56:10.0140 2172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:56:10.0265 2172 Fs_Rec - ok
12:56:10.0296 2172 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:56:10.0421 2172 Ftdisk - ok
12:56:10.0453 2172 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:56:10.0593 2172 Gpc - ok
12:56:10.0640 2172 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:56:10.0765 2172 HidUsb - ok
12:56:10.0781 2172 hpn - ok
12:56:10.0843 2172 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:56:10.0890 2172 HTTP - ok
12:56:10.0921 2172 i2omgmt - ok
12:56:10.0937 2172 i2omp - ok
12:56:10.0968 2172 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:56:11.0093 2172 i8042prt - ok
12:56:11.0140 2172 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:56:11.0265 2172 Imapi - ok
12:56:11.0296 2172 ini910u - ok
12:56:11.0312 2172 IntelIde - ok
12:56:11.0359 2172 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:56:11.0515 2172 Ip6Fw - ok
12:56:11.0546 2172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:56:11.0687 2172 IpFilterDriver - ok
12:56:11.0734 2172 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:56:11.0875 2172 IpInIp - ok
12:56:11.0921 2172 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:56:12.0359 2172 IpNat - ok
12:56:12.0421 2172 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:56:12.0531 2172 IPSec - ok
12:56:12.0578 2172 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:56:12.0640 2172 IRENUM - ok
12:56:12.0687 2172 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:56:12.0812 2172 isapnp - ok
12:56:12.0843 2172 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:56:12.0953 2172 Kbdclass - ok
12:56:13.0015 2172 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
12:56:13.0421 2172 kmixer - ok
12:56:13.0484 2172 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:56:13.0562 2172 KSecDD - ok
12:56:13.0609 2172 Ktp3 (255243a645451d407bb46bb16ec616f2) C:\WINDOWS\system32\DRIVERS\Ktp3.sys
12:56:13.0656 2172 Ktp3 - ok
12:56:13.0671 2172 lbrtfdc - ok
12:56:13.0796 2172 LVHybrid (7c12bb13661586035ca2c7d198c511a8) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
12:56:13.0890 2172 LVHybrid - ok
12:56:13.0968 2172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:56:14.0218 2172 mnmdd - ok
12:56:14.0281 2172 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
12:56:14.0406 2172 Modem - ok
12:56:14.0421 2172 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:56:14.0546 2172 Mouclass - ok
12:56:14.0593 2172 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:56:14.0718 2172 mouhid - ok
12:56:14.0750 2172 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:56:14.0875 2172 MountMgr - ok
12:56:14.0921 2172 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:56:15.0062 2172 MPE - ok
12:56:15.0078 2172 mraid35x - ok
12:56:15.0125 2172 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:56:15.0578 2172 MRxDAV - ok
12:56:15.0640 2172 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:56:15.0703 2172 MRxSmb - ok
12:56:15.0765 2172 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:56:15.0890 2172 Msfs - ok
12:56:15.0937 2172 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:56:16.0062 2172 MSKSSRV - ok
12:56:16.0093 2172 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:56:16.0234 2172 MSPCLOCK - ok
12:56:16.0265 2172 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:56:16.0421 2172 MSPQM - ok
12:56:16.0453 2172 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:56:16.0578 2172 mssmbios - ok
12:56:16.0625 2172 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:56:16.0750 2172 MSTEE - ok
12:56:16.0781 2172 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:56:16.0906 2172 Mup - ok
12:56:17.0000 2172 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:56:17.0125 2172 NABTSFEC - ok
12:56:17.0187 2172 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:56:17.0328 2172 NDIS - ok
12:56:17.0359 2172 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:56:17.0515 2172 NdisIP - ok
12:56:17.0546 2172 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:56:17.0656 2172 NdisTapi - ok
12:56:17.0687 2172 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:56:17.0812 2172 Ndisuio - ok
12:56:17.0828 2172 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:56:17.0968 2172 NdisWan - ok
12:56:17.0984 2172 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:56:18.0109 2172 NDProxy - ok
12:56:18.0140 2172 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:56:18.0265 2172 NetBIOS - ok
12:56:18.0328 2172 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:56:18.0453 2172 NetBT - ok
12:56:18.0515 2172 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:56:18.0640 2172 NIC1394 - ok
12:56:18.0671 2172 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:56:18.0796 2172 Npfs - ok
12:56:18.0890 2172 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
12:56:19.0328 2172 Ntfs - ok
12:56:19.0375 2172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:56:19.0531 2172 Null - ok
12:56:19.0562 2172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:56:19.0687 2172 NwlnkFlt - ok
12:56:19.0734 2172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:56:19.0875 2172 NwlnkFwd - ok
12:56:19.0906 2172 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:56:20.0062 2172 ohci1394 - ok
12:56:20.0109 2172 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
12:56:20.0234 2172 Parport - ok
12:56:20.0265 2172 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:56:20.0406 2172 PartMgr - ok
12:56:20.0453 2172 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
12:56:20.0593 2172 ParVdm - ok
12:56:20.0625 2172 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
12:56:20.0671 2172 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:56:20.0671 2172 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
12:56:20.0687 2172 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
12:56:20.0843 2172 PCI - ok
12:56:20.0859 2172 PCIDump - ok
12:56:20.0890 2172 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:56:21.0000 2172 PCIIde - ok
12:56:21.0046 2172 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
12:56:21.0062 2172 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
12:56:21.0062 2172 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
12:56:21.0109 2172 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:56:21.0218 2172 Pcmcia - ok
12:56:21.0250 2172 PDCOMP - ok
12:56:21.0265 2172 PDFRAME - ok
12:56:21.0281 2172 PDRELI - ok
12:56:21.0296 2172 PDRFRAME - ok
12:56:21.0328 2172 perc2 - ok
12:56:21.0343 2172 perc2hib - ok
12:56:21.0421 2172 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:56:21.0515 2172 PptpMiniport - ok
12:56:21.0562 2172 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
12:56:21.0703 2172 Processor - ok
12:56:21.0734 2172 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:56:21.0859 2172 PSched - ok
12:56:21.0890 2172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:56:22.0000 2172 Ptilink - ok
12:56:22.0031 2172 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:56:22.0031 2172 PxHelp20 - ok
12:56:22.0046 2172 ql1080 - ok
12:56:22.0078 2172 Ql10wnt - ok
12:56:22.0093 2172 ql12160 - ok
12:56:22.0109 2172 ql1240 - ok
12:56:22.0125 2172 ql1280 - ok
12:56:22.0156 2172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:56:22.0265 2172 RasAcd - ok
12:56:22.0312 2172 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:56:22.0421 2172 Rasl2tp - ok
12:56:22.0437 2172 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:56:22.0546 2172 RasPppoe - ok
12:56:22.0578 2172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:56:22.0703 2172 Raspti - ok
12:56:22.0750 2172 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:56:23.0140 2172 Rdbss - ok
12:56:23.0187 2172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:56:23.0328 2172 RDPCDD - ok
12:56:23.0375 2172 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
12:56:23.0765 2172 RDPWD - ok
12:56:23.0828 2172 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:56:23.0953 2172 redbook - ok
12:56:24.0000 2172 rmedia (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
12:56:24.0031 2172 rmedia - ok
12:56:24.0062 2172 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:56:24.0203 2172 ROOTMODEM - ok
12:56:24.0250 2172 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
12:56:24.0312 2172 RTL8023xp - ok
12:56:24.0359 2172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:56:24.0484 2172 rtl8139 - ok
12:56:24.0546 2172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:56:24.0984 2172 Secdrv - ok
12:56:25.0015 2172 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:56:25.0140 2172 Serenum - ok
12:56:25.0171 2172 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
12:56:25.0281 2172 Serial - ok
12:56:25.0312 2172 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:56:25.0437 2172 Sfloppy - ok
12:56:25.0453 2172 Simbad - ok
12:56:25.0484 2172 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:56:25.0609 2172 SLIP - ok
12:56:25.0640 2172 Sparrow - ok
12:56:25.0671 2172 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
12:56:26.0031 2172 splitter - ok
12:56:26.0078 2172 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
12:56:26.0156 2172 sr - ok
12:56:26.0218 2172 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:56:26.0281 2172 Srv - ok
12:56:26.0328 2172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:56:26.0343 2172 ssmdrv - ok
12:56:26.0375 2172 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:56:26.0484 2172 streamip - ok
12:56:26.0531 2172 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:56:26.0671 2172 swenum - ok
12:56:26.0718 2172 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:56:26.0859 2172 swmidi - ok
12:56:26.0890 2172 symc810 - ok
12:56:26.0906 2172 symc8xx - ok
12:56:26.0921 2172 sym_hi - ok
12:56:26.0937 2172 sym_u3 - ok
12:56:26.0984 2172 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:56:27.0125 2172 sysaudio - ok
12:56:27.0187 2172 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:56:27.0281 2172 Tcpip - ok
12:56:27.0343 2172 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:56:27.0484 2172 TDPIPE - ok
12:56:27.0515 2172 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:56:27.0656 2172 TDTCP - ok
12:56:27.0687 2172 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:56:27.0828 2172 TermDD - ok
12:56:27.0859 2172 TosIde - ok
12:56:27.0921 2172 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:56:28.0046 2172 Udfs - ok
12:56:28.0062 2172 ultra - ok
12:56:28.0109 2172 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:56:28.0234 2172 Update - ok
12:56:28.0296 2172 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
12:56:28.0406 2172 usbaudio - ok
12:56:28.0453 2172 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:56:28.0609 2172 usbccgp - ok
12:56:28.0640 2172 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:56:28.0765 2172 usbehci - ok
12:56:28.0796 2172 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:56:28.0937 2172 usbhub - ok
12:56:28.0953 2172 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:56:29.0093 2172 usbohci - ok
12:56:29.0140 2172 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:56:29.0296 2172 usbscan - ok
12:56:29.0328 2172 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:56:29.0484 2172 USBSTOR - ok
12:56:29.0531 2172 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
12:56:29.0531 2172 VComm ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0531 2172 VComm - detected UnsignedFile.Multi.Generic (1)
12:56:29.0578 2172 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:56:29.0593 2172 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0593 2172 VcommMgr - detected UnsignedFile.Multi.Generic (1)
12:56:29.0625 2172 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:56:29.0750 2172 VgaSave - ok
12:56:29.0765 2172 ViaIde - ok
12:56:29.0843 2172 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
12:56:29.0843 2172 VNUSB ( UnsignedFile.Multi.Generic ) - warning
12:56:29.0843 2172 VNUSB - detected UnsignedFile.Multi.Generic (1)
12:56:29.0890 2172 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
12:56:30.0046 2172 VolSnap - ok
12:56:30.0109 2172 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:56:30.0250 2172 Wanarp - ok
12:56:30.0265 2172 wanatw - ok
12:56:30.0281 2172 WDICA - ok
12:56:30.0328 2172 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
12:56:30.0765 2172 wdmaud - ok
12:56:30.0875 2172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:56:30.0937 2172 WpdUsb - ok
12:56:30.0984 2172 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:56:31.0093 2172 WSTCODEC - ok
12:56:31.0140 2172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:56:31.0171 2172 WudfPf - ok
12:56:31.0218 2172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:56:31.0250 2172 WudfRd - ok
12:56:31.0328 2172 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
12:56:31.0640 2172 \Device\Harddisk0\DR0 - ok
12:56:31.0656 2172 Boot (0x1200) (c2a45f1dca5aeb3928f61b90caa600a8) \Device\Harddisk0\DR0\Partition0
12:56:31.0656 2172 \Device\Harddisk0\DR0\Partition0 - ok
12:56:31.0671 2172 Boot (0x1200) (8263ee10114c8d4dde341e12dd952423) \Device\Harddisk0\DR0\Partition1
12:56:31.0671 2172 \Device\Harddisk0\DR0\Partition1 - ok
12:56:31.0671 2172 ============================================================
12:56:31.0671 2172 Scan finished
12:56:31.0671 2172 ============================================================
12:56:31.0796 3492 Detected object count: 12
12:56:31.0796 3492 Actual detected object count: 12
12:56:55.0687 3492 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0687 3492 BT ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0687 3492 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0703 3492 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0703 3492 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0718 3492 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0718 3492 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:56:55.0718 3492 VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user
12:56:55.0718 3492 VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
j. |
|
06.01.2012, 15:02
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 16:50
| #14 |
| | Windows blockiert aus Sicherheitsgründen-Trojaner hier das log von combofix Combofix Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - julchen 06.01.2012 16:34:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.43.1031.18.511.268 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\julchen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\IsUn0407.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-05 15:37 . 2012-01-05 15:37 -------- d-----w- C:\_OTL
2012-01-02 12:15 . 2012-01-02 12:15 -------- d-----w- c:\programme\ESET
2012-01-01 16:28 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-01 16:28 . 2012-01-01 16:28 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-01-01 16:21 . 2012-01-01 16:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-09 16:29 . 2011-12-09 16:30 -------- d-----w- c:\dokumente und einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr
2011-12-09 16:27 . 2011-12-09 16:27 -------- d-----w- c:\programme\Vizzed
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 88363]
"KTPWare"="c:\programme\Elantech\ktp3.exe" [2005-01-17 258048]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-12-09 14:38 1937408 ----a-w- c:\programme\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-02-18 00:49 110744 ----a-w- c:\programme\CyberLink\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01 220552 ----a-w- c:\programme\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-02-17 19:04 26112 ----a-w- c:\programme\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-10 00:22 39408 ----a-w- c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Programme\\Ahead\\SIPPS\\SIPPS.exe"=
"c:\\Programme\\Pinnacle\\Studio 9\\InstantInfo\\InstantInfo.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.12.2010 12:48 136360]
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [17.02.2005 13:46 148480]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [17.02.2005 14:00 24704]
S3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [17.02.2005 13:45 1012608]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 22799970
*Deregistered* - 22799970
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-01-02 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-16 07:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\julchen\Anwendungsdaten\Mozilla\Firefox\Profiles\2ae6qcu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-OEM-Reset - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 16:42
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-01-06 16:44:21
ComboFix-quarantined-files.txt 2012-01-06 15:44
.
Vor Suchlauf: 12 Verzeichnis(se), 41.094.557.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 41.114.988.544 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AllwaysOff /fastdetect
.
- - End Of File - - 6C9F5DF871137A0B7B2C1A2A0BAC425F
schönen feierabend,j. |
|
06.01.2012, 19:02
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert aus Sicherheitsgründen-Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dirlook::
c:\dokumente und einstellungen\julchen\Lokale Einstellungen\Anwendungsdaten\VizzedRgr
c:\programme\Vizzed
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows blockiert aus Sicherheitsgründen-Trojaner |
| administrator, antivir, autostart, avira, blockiert, dateien, dateisystem, downloader, escan, exe, explorer, festplatte, format, gelöscht, heuristiks/extra, heuristiks/shuriken, home, logfile, malwarebytes, microsoft, notebook, realtek, scan, tdss, trojaner, variant, win32/adware.adon, win32/agent.dyxwumy, win32/softonicdownloader.a, win32/toolbar.mywebsearch.o, windows, wurm |
Linear-Darstellung
