| |
| |||||||
Log-Analyse und Auswertung: Trojaner "System Check" - letzte Schritte?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.03.2012, 16:53
| #1 |
 |  Trojaner "System Check" - letzte Schritte? Hallo, ich habe/hatte den Trojaner "System Check" auf dem Rechner. Nun habe ich zunächst Malwarebytes Anti-Malwere laufen lassen und dann noch den ESET-Online Scanner. Die Funde habe ich jeweils im Log (s.u.) und entfernt. Leider ist mein Desktop immer noch schwarz, Starmenü leer usw. Was tun? Vielen DANk für Eure Hilfe! |
|
01.03.2012, 21:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner "System Check" - letzte Schritte? CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
02.03.2012, 11:20
| #3 |
| | Trojaner "System Check" - letzte Schritte? Vielen Dank, Arne, für die schnelle Reaktion.
__________________Ich habe alles gemäß deinen Vorgaben ausgeführt. Beigefügt habe ich OTL.txt:vOTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2012 10:59:20 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\mn\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,15% Memory free 6,69 Gb Paging File | 5,42 Gb Available in Paging File | 81,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 405,66 Gb Free Space | 70,41% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32 Computer Name: MN-PC | User Name: mn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.08 12:47:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 12:47:36 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.06.28 06:29:17 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.03.29 11:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011.03.29 11:54:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2011.01.19 11:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2009.04.09 11:38:00 | 000,053,248 | ---- | M] () -- C:\Windows\System32\SearchRequire.dll MOD - [2009.03.22 19:47:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2009.02.06 19:37:44 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2009.02.06 19:37:42 | 000,236,544 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll MOD - [2008.12.01 21:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.10.13 23:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.07.27 19:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2008.07.27 19:03:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.09 08:08:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.10 22:21:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.07.16 16:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.7.7 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 12:47:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.28 19:19:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.28 18:15:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions [2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.08 12:32:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions [2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.08 12:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2009.02.06 19:37:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.01.08 12:47:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.09 15:07:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.09 15:07:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.09 15:07:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.09 15:07:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.09 15:07:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.09 15:07:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000..\Run: [AdobeBridge] File not found O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D723FB-EEA3-4269-8B3D-0C0D51F27767}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {14B6EB22-8A6C-6CF8-8D2D-C183D07264DD} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.02 10:57:49 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe [2012.03.01 12:15:40 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Malwarebytes [2012.03.01 12:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.01 12:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.03.01 12:14:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.01 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.01 11:52:15 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\Simply Super Software [2012.03.01 11:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Trojan Remover [2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Simply Super Software [2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Simply Super Software [2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.02.08 19:20:21 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\FAU [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe [2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 10:53:48 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.02 10:53:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.02 10:53:39 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012.03.01 21:33:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012.03.01 18:47:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.01 18:47:47 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.01 18:47:47 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.01 18:47:47 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.01 12:15:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1 [2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1 [2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r [2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk [2012.02.27 17:48:26 | 000,017,408 | -H-- | M] () -- C:\Users\mn\AppData\Local\WebpageIcons.db [2012.02.23 21:09:01 | 000,016,896 | -H-- | M] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps [2012.02.23 21:09:01 | 000,015,872 | -H-- | M] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.01 12:15:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.01 11:51:57 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.03.01 11:51:57 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.03.01 11:51:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.03.01 11:51:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.03.01 11:43:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1r [2012.03.01 11:43:10 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1 [2012.03.01 11:26:07 | 000,000,609 | -H-- | C] () -- C:\Users\mn\Desktop\System Check.lnk [2012.03.01 11:26:05 | 000,000,464 | -H-- | C] () -- C:\ProgramData\XIvJR4QXlBU1q1 [2012.02.23 21:09:01 | 000,016,896 | -H-- | C] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps [2012.02.23 21:09:01 | 000,015,872 | -H-- | C] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps [2011.05.11 18:41:00 | 000,000,680 | -H-- | C] () -- C:\Users\mn\AppData\Local\d3d9caps.dat [2010.03.08 19:51:38 | 000,017,408 | -H-- | C] () -- C:\Users\mn\AppData\Local\WebpageIcons.db ========== LOP Check ========== [2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich [2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager [2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers [2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator [2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0 [2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ [2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org [2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software [2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird [2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\MT66 Software Update.job [2012.03.01 21:53:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich [2010.04.13 12:17:02 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Adobe [2009.03.04 00:40:15 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\AdobeAUM [2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager [2009.02.06 18:50:41 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ATI [2009.02.22 20:19:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Corel [2009.05.22 19:53:12 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\CyberLink [2012.02.28 17:07:14 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\dvdcss [2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers [2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator [2009.02.06 20:44:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Google [2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0 [2009.05.12 15:46:48 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\HP [2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ [2009.02.06 18:50:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Identities [2009.02.06 18:49:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Macromedia [2012.03.01 12:15:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Media Center Programs [2010.04.28 16:10:21 | 000,000,000 | --SD | M] -- C:\Users\mn\AppData\Roaming\Microsoft [2009.02.09 19:33:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Mozilla [2009.07.06 10:02:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Nero [2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org [2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software [2009.06.24 21:03:56 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Skype [2009.08.26 07:41:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\skypePM [2009.02.09 19:33:28 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Talkback [2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird [2009.02.19 18:37:47 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\vlc [2009.03.04 14:36:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.03.25 12:12:01 | 006,625,744 | -H-- | M] (High-Logic ) -- C:\Users\mn\AppData\Roaming\FontCreator\FontCreatorSetup.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | -H-- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | -H-- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.09 11:38:00 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\system32\Interop.SHDocVw.dll [2009.04.09 11:38:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SearchRequire.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > |
|
02.03.2012, 14:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun
O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe
O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe
[2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1
[2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r
[2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.03.2012, 16:08
| #5 |
| | Trojaner "System Check" - letzte Schritte? Habe alles wie beschrieben durchgeführt. Hier das Log: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E! Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found. C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\images folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\content folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content\images folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully. C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully. C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{120A8821-2BEE-4C29-BCDA-62C577781992} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found. File C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found. File I:\CD_Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739529f7-f475-11dd-a217-00242119886d}\ not found. File I:\menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\CD_Start.exe not found. C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully. C:\ProgramData\XIvJR4QXlBU1q1 moved successfully. C:\ProgramData\~XIvJR4QXlBU1q1 moved successfully. C:\ProgramData\~XIvJR4QXlBU1q1r moved successfully. C:\Users\mn\Desktop\System Check.lnk moved successfully. ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 83 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: mn ->Temp folder emptied: 1734214825 bytes ->Temporary Internet Files folder emptied: 34605194 bytes ->Java cache emptied: 36457175 bytes ->FireFox cache emptied: 89636239 bytes ->Flash cache emptied: 33760 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 771424 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 163974680 bytes RecycleBin emptied: 1823045089 bytes Total Files Cleaned = 3.703,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.34.0 log created on 03022012_154559 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
02.03.2012, 17:32
| #6 |
| | Trojaner "System Check" - letzte Schritte? Zwischenstatus: System Check is back ... Popups, Fehlermeldungen usw... ich krieg die Krise. |
|
02.03.2012, 18:18
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? 1. Jetzt NICHT mehr "wild" rumsurfen bis wir durch sind! 2. Mach bitte neue Vollscans mit Malwarebytes und ESET!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2012, 09:58
| #8 |
| | Trojaner "System Check" - letzte Schritte? Guten Morgen. In Ordnung. Ich werde mich daran halten. habe beide Scans durchgeführt. Unten die Logs von Malwarebytes, ESET hat nichts mehr gefunden (kam deswegen kein Log davon?). |
|
05.03.2012, 12:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2012, 14:20
| #10 |
| | Trojaner "System Check" - letzte Schritte?Code:
ATTFilter
14:16:56.0817 2464 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:16:56.0963 2464 ============================================================
14:16:56.0963 2464 Current date / time: 2012/03/05 14:16:56.0963
14:16:56.0963 2464 SystemInfo:
14:16:56.0963 2464
14:16:56.0963 2464 OS Version: 6.0.6001 ServicePack: 1.0
14:16:56.0963 2464 Product type: Workstation
14:16:56.0963 2464 ComputerName: MN-PC
14:16:56.0963 2464 UserName: mn
14:16:56.0963 2464 Windows directory: C:\Windows
14:16:56.0963 2464 System windows directory: C:\Windows
14:16:56.0963 2464 Processor architecture: Intel x86
14:16:56.0964 2464 Number of processors: 2
14:16:56.0964 2464 Page size: 0x1000
14:16:56.0964 2464 Boot type: Normal boot
14:16:56.0964 2464 ============================================================
14:16:58.0501 2464 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:58.0530 2464 \Device\Harddisk0\DR0:
14:16:58.0530 2464 MBR used
14:16:58.0530 2464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48054800
14:16:58.0573 2464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805503F, BlocksNum 0x2801E82
14:16:58.0674 2464 Initialize success
14:16:58.0674 2464 ============================================================
14:17:57.0586 3832 ============================================================
14:17:57.0586 3832 Scan started
14:17:57.0586 3832 Mode: Manual; SigCheck; TDLFS;
14:17:57.0586 3832 ============================================================
14:17:58.0080 3832 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:17:58.0217 3832 ACPI - ok
14:17:58.0289 3832 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
14:17:58.0301 3832 adfs - ok
14:17:58.0345 3832 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:17:58.0384 3832 adp94xx - ok
14:17:58.0414 3832 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:17:58.0433 3832 adpahci - ok
14:17:58.0463 3832 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:17:58.0477 3832 adpu160m - ok
14:17:58.0516 3832 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:17:58.0550 3832 adpu320 - ok
14:17:58.0610 3832 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:17:58.0677 3832 AFD - ok
14:17:58.0710 3832 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:17:58.0722 3832 agp440 - ok
14:17:58.0780 3832 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
14:17:58.0850 3832 ahcix86s - ok
14:17:58.0864 3832 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:17:58.0878 3832 aic78xx - ok
14:17:58.0900 3832 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:17:58.0911 3832 aliide - ok
14:17:58.0926 3832 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:17:58.0938 3832 amdagp - ok
14:17:58.0987 3832 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
14:17:58.0995 3832 amdide - ok
14:17:59.0010 3832 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:17:59.0104 3832 AmdK7 - ok
14:17:59.0125 3832 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:17:59.0168 3832 AmdK8 - ok
14:17:59.0227 3832 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:17:59.0235 3832 arc - ok
14:17:59.0262 3832 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:17:59.0275 3832 arcsas - ok
14:17:59.0322 3832 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:59.0374 3832 AsyncMac - ok
14:17:59.0408 3832 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
14:17:59.0419 3832 atapi - ok
14:17:59.0592 3832 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
14:17:59.0891 3832 atikmdag - ok
14:17:59.0916 3832 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:17:59.0925 3832 AtiPcie - ok
14:18:00.0015 3832 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:18:00.0024 3832 avgio - ok
14:18:00.0071 3832 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
14:18:00.0091 3832 avgntflt - ok
14:18:00.0132 3832 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
14:18:00.0141 3832 avipbb - ok
14:18:00.0188 3832 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:18:00.0257 3832 Beep - ok
14:18:00.0313 3832 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:18:00.0358 3832 blbdrive - ok
14:18:00.0416 3832 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:18:00.0474 3832 bowser - ok
14:18:00.0507 3832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:18:00.0614 3832 BrFiltLo - ok
14:18:00.0630 3832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:18:00.0690 3832 BrFiltUp - ok
14:18:00.0735 3832 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:18:00.0907 3832 Brserid - ok
14:18:00.0973 3832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:18:01.0072 3832 BrSerWdm - ok
14:18:01.0140 3832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:18:01.0231 3832 BrUsbMdm - ok
14:18:01.0272 3832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:18:01.0355 3832 BrUsbSer - ok
14:18:01.0394 3832 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:18:01.0477 3832 BTHMODEM - ok
14:18:01.0529 3832 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:18:01.0577 3832 cdfs - ok
14:18:01.0598 3832 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:18:01.0633 3832 cdrom - ok
14:18:01.0659 3832 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:18:01.0708 3832 circlass - ok
14:18:01.0759 3832 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:18:01.0777 3832 CLFS - ok
14:18:01.0860 3832 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:18:01.0890 3832 cmdide - ok
14:18:01.0910 3832 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:18:01.0935 3832 Compbatt - ok
14:18:01.0957 3832 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:18:01.0970 3832 crcdisk - ok
14:18:01.0991 3832 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:18:02.0035 3832 Crusoe - ok
14:18:02.0136 3832 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:18:02.0171 3832 DfsC - ok
14:18:02.0218 3832 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:18:02.0224 3832 disk - ok
14:18:02.0271 3832 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:18:02.0298 3832 drmkaud - ok
14:18:02.0341 3832 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:18:02.0426 3832 DXGKrnl - ok
14:18:02.0468 3832 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:18:02.0524 3832 E1G60 - ok
14:18:02.0547 3832 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:18:02.0561 3832 Ecache - ok
14:18:02.0678 3832 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:18:02.0700 3832 elxstor - ok
14:18:02.0776 3832 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:18:02.0835 3832 ErrDev - ok
14:18:02.0881 3832 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:18:02.0934 3832 exfat - ok
14:18:02.0945 3832 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:18:03.0015 3832 fastfat - ok
14:18:03.0044 3832 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:18:03.0089 3832 fdc - ok
14:18:03.0118 3832 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:18:03.0130 3832 FileInfo - ok
14:18:03.0151 3832 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:18:03.0196 3832 Filetrace - ok
14:18:03.0223 3832 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:18:03.0262 3832 flpydisk - ok
14:18:03.0292 3832 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:18:03.0307 3832 FltMgr - ok
14:18:03.0325 3832 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:18:03.0358 3832 Fs_Rec - ok
14:18:03.0376 3832 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:18:03.0383 3832 gagp30kx - ok
14:18:03.0450 3832 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:18:03.0503 3832 HdAudAddService - ok
14:18:03.0541 3832 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:18:03.0593 3832 HDAudBus - ok
14:18:03.0626 3832 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:18:03.0704 3832 HidBth - ok
14:18:03.0745 3832 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:18:03.0792 3832 HidIr - ok
14:18:03.0840 3832 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:18:03.0877 3832 HidUsb - ok
14:18:03.0902 3832 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:18:03.0911 3832 HpCISSs - ok
14:18:03.0952 3832 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
14:18:03.0961 3832 HPFXBULK - ok
14:18:04.0019 3832 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:18:04.0118 3832 HTTP - ok
14:18:04.0161 3832 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:18:04.0181 3832 i2omp - ok
14:18:04.0214 3832 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:18:04.0240 3832 i8042prt - ok
14:18:04.0269 3832 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:18:04.0286 3832 iaStorV - ok
14:18:04.0306 3832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:18:04.0318 3832 iirsp - ok
14:18:04.0424 3832 IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
14:18:04.0580 3832 IntcAzAudAddService - ok
14:18:04.0611 3832 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:18:04.0623 3832 intelide - ok
14:18:04.0635 3832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:18:04.0677 3832 intelppm - ok
14:18:04.0713 3832 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:18:04.0756 3832 IpFilterDriver - ok
14:18:04.0769 3832 IpInIp - ok
14:18:04.0797 3832 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:18:04.0831 3832 IPMIDRV - ok
14:18:04.0862 3832 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:18:04.0900 3832 IPNAT - ok
14:18:04.0920 3832 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:18:04.0974 3832 IRENUM - ok
14:18:04.0998 3832 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:18:05.0021 3832 isapnp - ok
14:18:05.0075 3832 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:18:05.0089 3832 iScsiPrt - ok
14:18:05.0110 3832 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:18:05.0121 3832 iteatapi - ok
14:18:05.0167 3832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:18:05.0179 3832 iteraid - ok
14:18:05.0226 3832 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:18:05.0242 3832 kbdclass - ok
14:18:05.0259 3832 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:18:05.0304 3832 kbdhid - ok
14:18:05.0341 3832 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:18:05.0371 3832 KSecDD - ok
14:18:05.0405 3832 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:18:05.0438 3832 lltdio - ok
14:18:05.0518 3832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:18:05.0531 3832 LSI_FC - ok
14:18:05.0585 3832 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:18:05.0609 3832 LSI_SAS - ok
14:18:05.0627 3832 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:18:05.0641 3832 LSI_SCSI - ok
14:18:05.0667 3832 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:18:05.0717 3832 luafv - ok
14:18:05.0765 3832 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:18:05.0774 3832 MBAMProtector - ok
14:18:05.0824 3832 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:18:05.0835 3832 megasas - ok
14:18:05.0880 3832 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:18:05.0903 3832 MegaSR - ok
14:18:05.0933 3832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:18:05.0985 3832 Modem - ok
14:18:06.0028 3832 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:18:06.0077 3832 monitor - ok
14:18:06.0104 3832 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:18:06.0115 3832 mouclass - ok
14:18:06.0124 3832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:18:06.0185 3832 mouhid - ok
14:18:06.0207 3832 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:18:06.0219 3832 MountMgr - ok
14:18:06.0243 3832 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:18:06.0255 3832 mpio - ok
14:18:06.0274 3832 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:18:06.0309 3832 mpsdrv - ok
14:18:06.0363 3832 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:18:06.0374 3832 Mraid35x - ok
14:18:06.0384 3832 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:18:06.0456 3832 MRxDAV - ok
14:18:06.0508 3832 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:18:06.0554 3832 mrxsmb - ok
14:18:06.0603 3832 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:18:06.0635 3832 mrxsmb10 - ok
14:18:06.0644 3832 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:18:06.0682 3832 mrxsmb20 - ok
14:18:06.0709 3832 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:18:06.0727 3832 msahci - ok
14:18:06.0765 3832 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:18:06.0777 3832 msdsm - ok
14:18:06.0813 3832 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:18:06.0859 3832 Msfs - ok
14:18:06.0907 3832 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:18:06.0918 3832 msisadrv - ok
14:18:06.0950 3832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:18:06.0998 3832 MSKSSRV - ok
14:18:07.0026 3832 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:18:07.0059 3832 MSPCLOCK - ok
14:18:07.0106 3832 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:18:07.0155 3832 MSPQM - ok
14:18:07.0211 3832 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:18:07.0226 3832 MsRPC - ok
14:18:07.0264 3832 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:18:07.0286 3832 mssmbios - ok
14:18:07.0308 3832 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:18:07.0360 3832 MSTEE - ok
14:18:07.0369 3832 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:18:07.0381 3832 Mup - ok
14:18:07.0424 3832 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:18:07.0469 3832 NativeWifiP - ok
14:18:07.0516 3832 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:18:07.0557 3832 NDIS - ok
14:18:07.0566 3832 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:18:07.0603 3832 NdisTapi - ok
14:18:07.0621 3832 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:18:07.0646 3832 Ndisuio - ok
14:18:07.0678 3832 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:18:07.0714 3832 NdisWan - ok
14:18:07.0726 3832 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:18:07.0760 3832 NDProxy - ok
14:18:07.0830 3832 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:18:07.0872 3832 NetBIOS - ok
14:18:07.0922 3832 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:18:07.0968 3832 netbt - ok
14:18:08.0032 3832 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
14:18:08.0116 3832 netr28u - ok
14:18:08.0162 3832 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:18:08.0180 3832 nfrd960 - ok
14:18:08.0233 3832 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
14:18:08.0299 3832 nmwcd - ok
14:18:08.0329 3832 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
14:18:08.0367 3832 nmwcdc - ok
14:18:08.0391 3832 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:18:08.0457 3832 Npfs - ok
14:18:08.0482 3832 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:18:08.0532 3832 nsiproxy - ok
14:18:08.0595 3832 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:18:08.0689 3832 Ntfs - ok
14:18:08.0722 3832 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:18:08.0802 3832 ntrigdigi - ok
14:18:08.0830 3832 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:18:08.0878 3832 Null - ok
14:18:08.0906 3832 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:18:08.0942 3832 nvraid - ok
14:18:08.0966 3832 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:18:08.0978 3832 nvstor - ok
14:18:09.0000 3832 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:18:09.0014 3832 nv_agp - ok
14:18:09.0022 3832 NwlnkFlt - ok
14:18:09.0035 3832 NwlnkFwd - ok
14:18:09.0096 3832 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:18:09.0139 3832 ohci1394 - ok
14:18:09.0183 3832 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:18:09.0260 3832 Parport - ok
14:18:09.0294 3832 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:18:09.0306 3832 partmgr - ok
14:18:09.0346 3832 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:18:09.0422 3832 Parvdm - ok
14:18:09.0464 3832 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:18:09.0477 3832 pci - ok
14:18:09.0502 3832 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:18:09.0513 3832 pciide - ok
14:18:09.0550 3832 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:18:09.0564 3832 pcmcia - ok
14:18:09.0617 3832 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:18:09.0733 3832 PEAUTH - ok
14:18:09.0779 3832 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:18:09.0801 3832 PptpMiniport - ok
14:18:09.0834 3832 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:18:09.0872 3832 Processor - ok
14:18:09.0924 3832 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:18:09.0962 3832 PSched - ok
14:18:09.0995 3832 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
14:18:10.0005 3832 PxHelp20 - ok
14:18:10.0072 3832 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:18:10.0156 3832 ql2300 - ok
14:18:10.0186 3832 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:18:10.0198 3832 ql40xx - ok
14:18:10.0243 3832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:18:10.0274 3832 QWAVEdrv - ok
14:18:10.0292 3832 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:18:10.0326 3832 RasAcd - ok
14:18:10.0363 3832 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:18:10.0399 3832 Rasl2tp - ok
14:18:10.0423 3832 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:18:10.0457 3832 RasPppoe - ok
14:18:10.0466 3832 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:18:10.0503 3832 RasSstp - ok
14:18:10.0529 3832 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:18:10.0584 3832 rdbss - ok
14:18:10.0594 3832 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:18:10.0649 3832 RDPCDD - ok
14:18:10.0675 3832 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:18:10.0714 3832 rdpdr - ok
14:18:10.0725 3832 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:18:10.0789 3832 RDPENCDD - ok
14:18:10.0866 3832 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:18:10.0904 3832 RDPWD - ok
14:18:10.0959 3832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:18:10.0994 3832 rspndr - ok
14:18:11.0021 3832 RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys
14:18:11.0034 3832 RTHDMIAzAudService - ok
14:18:11.0073 3832 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:18:11.0120 3832 RTL8169 - ok
14:18:11.0149 3832 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:18:11.0174 3832 sbp2port - ok
14:18:11.0202 3832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:18:11.0295 3832 secdrv - ok
14:18:11.0327 3832 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:18:11.0361 3832 Serenum - ok
14:18:11.0390 3832 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:18:11.0434 3832 Serial - ok
14:18:11.0451 3832 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:18:11.0508 3832 sermouse - ok
14:18:11.0565 3832 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:18:11.0589 3832 sffdisk - ok
14:18:11.0616 3832 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:18:11.0656 3832 sffp_mmc - ok
14:18:11.0678 3832 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:18:11.0751 3832 sffp_sd - ok
14:18:11.0789 3832 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:18:11.0860 3832 sfloppy - ok
14:18:11.0918 3832 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:18:11.0930 3832 sisagp - ok
14:18:11.0971 3832 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:18:12.0000 3832 SiSRaid2 - ok
14:18:12.0021 3832 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:18:12.0034 3832 SiSRaid4 - ok
14:18:12.0061 3832 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:18:12.0111 3832 Smb - ok
14:18:12.0181 3832 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:18:12.0192 3832 spldr - ok
14:18:12.0249 3832 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:18:12.0303 3832 srv - ok
14:18:12.0355 3832 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:18:12.0435 3832 srv2 - ok
14:18:12.0488 3832 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:18:12.0529 3832 srvnet - ok
14:18:12.0628 3832 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:18:12.0636 3832 ssmdrv - ok
14:18:12.0713 3832 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:18:12.0724 3832 swenum - ok
14:18:12.0744 3832 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:18:12.0756 3832 Symc8xx - ok
14:18:12.0777 3832 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:18:12.0788 3832 Sym_hi - ok
14:18:12.0816 3832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:18:12.0827 3832 Sym_u3 - ok
14:18:12.0923 3832 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
14:18:12.0975 3832 Tcpip - ok
14:18:13.0044 3832 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
14:18:13.0082 3832 Tcpip6 - ok
14:18:13.0129 3832 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:18:13.0177 3832 tcpipreg - ok
14:18:13.0200 3832 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:18:13.0234 3832 TDPIPE - ok
14:18:13.0272 3832 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:18:13.0306 3832 TDTCP - ok
14:18:13.0338 3832 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:18:13.0383 3832 tdx - ok
14:18:13.0409 3832 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:18:13.0427 3832 TermDD - ok
14:18:13.0487 3832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:18:13.0528 3832 tssecsrv - ok
14:18:13.0568 3832 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:18:13.0596 3832 tunmp - ok
14:18:13.0636 3832 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
14:18:13.0662 3832 tunnel - ok
14:18:13.0688 3832 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:18:13.0700 3832 uagp35 - ok
14:18:13.0747 3832 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:18:13.0786 3832 udfs - ok
14:18:13.0841 3832 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:18:13.0853 3832 uliagpkx - ok
14:18:13.0911 3832 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:18:13.0930 3832 uliahci - ok
14:18:13.0976 3832 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:18:13.0990 3832 UlSata - ok
14:18:14.0034 3832 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:18:14.0071 3832 ulsata2 - ok
14:18:14.0086 3832 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:18:14.0120 3832 umbus - ok
14:18:14.0164 3832 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:18:14.0196 3832 upperdev - ok
14:18:14.0239 3832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:18:14.0278 3832 usbccgp - ok
14:18:14.0306 3832 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:18:14.0388 3832 usbcir - ok
14:18:14.0413 3832 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:18:14.0461 3832 usbehci - ok
14:18:14.0497 3832 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:18:14.0560 3832 usbhub - ok
14:18:14.0591 3832 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
14:18:14.0643 3832 usbohci - ok
14:18:14.0680 3832 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:18:14.0714 3832 usbprint - ok
14:18:14.0753 3832 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:18:14.0787 3832 usbscan - ok
14:18:14.0834 3832 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
14:18:14.0876 3832 usbser - ok
14:18:14.0911 3832 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:18:14.0936 3832 UsbserFilt - ok
14:18:14.0994 3832 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:18:15.0059 3832 USBSTOR - ok
14:18:15.0087 3832 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:18:15.0112 3832 usbuhci - ok
14:18:15.0126 3832 uxddrv - ok
14:18:15.0161 3832 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:18:15.0206 3832 vga - ok
14:18:15.0227 3832 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:18:15.0277 3832 VgaSave - ok
14:18:15.0332 3832 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:18:15.0345 3832 viaagp - ok
14:18:15.0383 3832 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:18:15.0433 3832 ViaC7 - ok
14:18:15.0457 3832 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:18:15.0468 3832 viaide - ok
14:18:15.0489 3832 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:18:15.0501 3832 volmgr - ok
14:18:15.0556 3832 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:18:15.0608 3832 volmgrx - ok
14:18:15.0633 3832 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:18:15.0650 3832 volsnap - ok
14:18:15.0700 3832 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:18:15.0714 3832 vsmraid - ok
14:18:15.0756 3832 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:18:15.0818 3832 WacomPen - ok
14:18:15.0836 3832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:15.0881 3832 Wanarp - ok
14:18:15.0886 3832 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:15.0912 3832 Wanarpv6 - ok
14:18:15.0967 3832 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:18:15.0991 3832 Wd - ok
14:18:16.0079 3832 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:18:16.0106 3832 Wdf01000 - ok
14:18:16.0192 3832 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:18:16.0219 3832 WmiAcpi - ok
14:18:16.0276 3832 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:18:16.0310 3832 WpdUsb - ok
14:18:16.0331 3832 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:18:16.0369 3832 ws2ifsl - ok
14:18:16.0413 3832 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:16.0446 3832 WUDFRd - ok
14:18:16.0479 3832 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:18:16.0699 3832 \Device\Harddisk0\DR0 - ok
14:18:16.0713 3832 Boot (0x1200) (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0
14:18:16.0714 3832 \Device\Harddisk0\DR0\Partition0 - ok
14:18:16.0740 3832 Boot (0x1200) (13e2595abc27cbebe285eb718885414d) \Device\Harddisk0\DR0\Partition1
14:18:16.0740 3832 \Device\Harddisk0\DR0\Partition1 - ok
14:18:16.0741 3832 ============================================================
14:18:16.0741 3832 Scan finished
14:18:16.0741 3832 ============================================================
14:18:16.0758 3592 Detected object count: 0
14:18:16.0758 3592 Actual detected object count: 0
Geändert von wrimpus (05.03.2012 um 15:02 Uhr) |
|
05.03.2012, 14:58
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? Warum postest du die Log smal so, mal so?  Bitte immer in CODE-Tags!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2012, 15:03
| #12 |
| | Trojaner "System Check" - letzte Schritte? hab ich mich auch gefragt - beim ersten Mal ging's automatisch ... Hab's jetzt geändert. Bin ich dann jetzt entgültig "clean"? |
|
05.03.2012, 15:06
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2012, 15:33
| #14 |
| | Trojaner "System Check" - letzte Schritte? Combofix Logfile: Code:
ATTFilter ComboFix 12-03-04.02 - mn 05.03.2012 15:24:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3325.2085 [GMT 1:00]
ausgeführt von:: c:\users\mn\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\mn\AppData\Local\assembly\tmp
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 14:29 . 2012-03-05 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 13:51 . 2012-03-05 13:51 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\offreg.dll ERROR(0x00000005)
2012-03-02 21:00 . 2012-03-02 21:00 -------- d-----w- c:\program files\ESET
2012-03-02 14:45 . 2012-03-02 14:45 -------- d-----w- C:\_OTL
2012-03-02 10:01 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\mpengine.dll ERROR(0x00000005)
2012-03-01 11:15 . 2012-03-01 11:15 -------- d-----w- c:\users\mn\AppData\Roaming\Malwarebytes
2012-03-01 11:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:14 . 2012-03-01 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-01 10:51 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-01 10:51 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-01 10:51 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-01 10:51 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-01 10:51 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-03-01 10:51 . 2012-03-05 13:41 -------- d-----w- c:\program files\Trojan Remover
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2008-11-24 09:42 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-01-29 04:10 . 2009-11-11 20:23 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-08 11:47 . 2011-05-08 15:02 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-02 16:05 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]
.
2012-03-02 c:\windows\Tasks\MT66 Software Update.job
- c:\program files\Common Files\MT66 Software Update\UpdateClient.exe [2011-12-05 17:44]
.
2012-03-05 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mn\AppData\Roaming\Mozilla\Firefox\Profiles\43puv1li.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-05 15:29
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-05 15:30:46
ComboFix-quarantined-files.txt 2012-03-05 14:30
.
Vor Suchlauf: 12 Verzeichnis(se), 437.604.986.880 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 437.525.524.480 Bytes frei
.
- - End Of File - - 4216B0FF2F7DF52F4DD5FB7A7E70E5F9
|
|
05.03.2012, 16:05
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "System Check" - letzte Schritte? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner "System Check" - letzte Schritte? |
| check, desktop, entfern, eset-online, funde, hilfe!, laufe, laufen, leer, log, malwarebytes, scan, schritte, schwarz, system, system check, troja, trojaner, was tun, zunächst |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
