Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO/TDss.A mit Virenscanner 3 xgefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2011, 00:10   #1
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Hallo zusammen,
in letzter Zeit habe ich etwas Probleme mit meinem Rechner.
Er öffnet aufgerufene Dateien mit Verzögerung und sehr oft habe ich einen "blauen Bildschirm und er fährt dann runter und startet neu.Auch kann ich keine automatischen Updates mehr über Microsoft machen und die automatische Datensicherung wird nicht erfolgreich ausgeführt.
Dann kommt noch recht oft die Fehlermeldung"Hostprozess für Windows.Dienste wurde beendet und geschlossen".
Ich habe dann einen Scan mit meinem vorhandenen Antivir gemacht und auf jedem Laufwerk jeweils den oben genannten Eintrag bekommen und den Hinweis das er nicht entfernt werden kann.
Was man so lesen kann bedeutet das ein neuaufsetzten des Systems?Ich bin grad dabei einen Komplettscan mit Malwarebyts auf C durchlaufen.
Danach will ich noch,wie in einem anderen Beitrag gelesen,einen Scan mit OTL machen und beide Logs hier einstellen.
Das ist erstmal das was mir aufgefallen ist was nicht stimmt am Rechner.Ach ja,unter Mozilla werden einfach so irgendwelche Seiten geöffnet.
Hier einmal ein Log,ich habe diesen Abgebrochen weil ich alle festplatten ausgewählt hatte und der Scan dann sicher einen ganzen Tag benötigt.
""

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5725

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

09.02.2011 23:56:30
mbam-log-2011-02-09 (23-56-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Durchsuchte Objekte: 73626
Laufzeit: 16 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Oliver

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5725

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

10.02.2011 08:46:52
mbam-log-2011-02-10 (08-46-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 553106
Laufzeit: 3 Stunde(n), 39 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 12
Infizierte Dateien: 50

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s_-j_2l (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C484332-8128-2096-94A6-DA812793D493} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\System32\s_-j_2l.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttondown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonhot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonnor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\bottomborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\leftborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\rightborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\titlepattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1 entfernen.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.


Und hier der zweiteOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2011 08:51:40 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Besitzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,21 Gb Total Space | 121,89 Gb Free Space | 55,10% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 51,00 Gb Free Space | 21,90% Space Free | Partition Type: NTFS
Drive E: | 11,67 Gb Total Space | 1,65 Gb Free Space | 14,17% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 0,53 Gb Free Space | 27,97% Space Free | Partition Type: FAT
Drive H: | 1,99 Gb Total Space | 0,05 Gb Free Space | 2,73% Space Free | Partition Type: FAT32
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVGLS\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Besitzer\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\AOL 9.0 VRa\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\AOL 9.0 VRa\waol.exe (AOL, LLC.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe (America Online, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GameConsoleService) --  File not found
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\WINDOWS\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (ggsemc) -- C:\WINDOWS\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (fssfltr) -- C:\WINDOWS\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s1018mdm) -- C:\WINDOWS\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (silabser) -- C:\WINDOWS\System32\drivers\silabser.sys (Silicon Laboratories)
DRV - (silabenm) -- C:\WINDOWS\System32\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (xtouch) -- C:\WINDOWS\System32\drivers\xtouch.sys ()
DRV - (seehcri) -- C:\WINDOWS\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files\Hp\QuickPlay\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (NWADI) -- C:\WINDOWS\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (EUTRON)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.5.112
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.364
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {26647ca4-a2a7-4eac-8a72-761aa9141de7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {0ae873a2-da32-8a94-9c57-7a7cc96c6c82}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_de&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVGLS\Firefox [2009.12.29 16:22:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVGLS\Toolbar\Firefox\avg@igeared [2009.12.31 17:46:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 22:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 22:59:33 | 000,000,000 | ---D | M]
 
[2009.01.04 11:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2010.06.29 17:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions
[2009.09.21 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.18 06:27:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.29 17:54:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.21 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\staged-xpis
[2011.02.10 00:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions
[2010.05.11 23:10:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 09:48:43 | 000,000,000 | ---D | M] (Freeware DE Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.01.05 18:28:52 | 000,000,000 | ---D | M] (Bookmark Backup [de]) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
[2010.04.12 19:30:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.29 17:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.04 21:39:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(211)
[2010.11.03 20:45:37 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.05.11 23:10:26 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010.03.11 01:05:57 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\toolbar@ask.com
[2010.01.20 12:18:46 | 000,000,925 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\conduit.xml
[2011.02.09 00:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-1.xml
[2010.09.16 19:12:29 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-2.xml
[2010.09.20 09:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-3.xml
[2010.10.21 10:18:48 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-4.xml
[2010.10.31 10:58:49 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-5.xml
[2010.11.03 21:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-6.xml
[2010.06.29 17:54:37 | 000,000,168 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.gif
[2010.06.29 17:54:37 | 000,000,618 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.src
[2010.09.02 23:15:54 | 000,001,056 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.xml
[2010.01.25 10:53:31 | 000,000,266 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\Search.xml
[2010.11.03 21:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.25 10:53:31 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{0ae873a2-da32-8a94-9c57-7a7cc96c6c82}
[2010.06.23 20:50:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 09:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.12.29 16:22:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVGLS\FIREFOX
[2009.12.31 17:46:24 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="3.011.025.005" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="hxxp://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVGLS\TOOLBAR\FIREFOX\AVG@IGEARED
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  File not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DW6]  File not found
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)]  File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell - "" = AutoRun
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell - "" = AutoRun
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell - "" = AutoRun
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell - "" = AutoRun
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell - "" = AutoRun
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell - "" = AutoRun
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell - "" = AutoRun
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell - "" = AutoRun
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.09 23:34:31 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2011.02.09 23:34:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.09 23:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 23:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.09 23:34:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.09 23:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.09 23:21:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2011.01.19 09:46:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.12 08:50:51 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 08:50:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009.10.15 01:01:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1652.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.10 08:56:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.10 08:50:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rxqkubtm.sys
[2011.02.10 08:45:15 | 000,063,544 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.02.10 08:45:15 | 000,063,544 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.10 08:44:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.10 03:08:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 03:08:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 00:02:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.10 00:02:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.09 23:34:14 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 23:21:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe
[2011.02.09 19:27:55 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.02.09 19:14:24 | 3219,562,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.09 19:06:31 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.09 19:06:31 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.09 19:06:31 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.09 19:06:31 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.09 18:00:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Besitzer.job
[2011.02.09 15:25:13 | 000,363,931 | ---- | M] () -- C:\Users\Besitzer\Documents\T-SV_AUDI_A4_B5_5112.pdf
[2011.02.09 12:07:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.02.08 00:56:17 | 000,019,968 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.06 20:45:15 | 000,008,484 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2011.01.21 16:28:32 | 001,353,721 | ---- | M] () -- C:\Users\Besitzer\Documents\FiltKombmSR100.jpg
[2011.01.20 09:25:59 | 328,833,173 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.19 09:44:33 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.19 09:44:33 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2011.01.19 09:44:33 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.01.19 00:56:47 | 000,002,365 | ---- | M] () -- C:\Users\Besitzer\Desktop\VAG-COM 311 Deutsch.lnk
 
========== Files Created - No Company Name ==========
 
[2011.02.10 08:50:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rxqkubtm.sys
[2011.02.09 23:34:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 15:25:08 | 000,363,931 | ---- | C] () -- C:\Users\Besitzer\Documents\T-SV_AUDI_A4_B5_5112.pdf
[2011.01.21 16:28:16 | 001,353,721 | ---- | C] () -- C:\Users\Besitzer\Documents\FiltKombmSR100.jpg
[2010.06.23 18:09:15 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.02.28 19:45:08 | 000,000,067 | ---- | C] () -- C:\Windows\w313830.ini
[2010.01.05 11:39:41 | 000,083,072 | ---- | C] () -- C:\Windows\System32\drivers\xtouch.sys
[2009.07.03 19:34:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.04 14:47:42 | 000,057,856 | ---- | C] () -- C:\Windows\System32\Skeylink.dll
[2009.01.29 23:43:48 | 000,000,216 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat
[2009.01.29 13:20:56 | 000,008,484 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2009.01.23 22:01:31 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.07 11:28:47 | 000,063,544 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.07 11:28:47 | 000,063,544 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.04 17:50:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.04 08:44:43 | 000,019,968 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.04 08:29:13 | 000,980,184 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.12.29 19:10:40 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.001
[2008.12.22 14:23:30 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.dat
[2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\QSwitch.txt
[2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DSwitch.txt
[2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\AtStart.txt
[2008.04.27 12:47:30 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.10.22 07:53:12 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.07 07:33:14 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.02.01 15:00:00 | 000,620,544 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 685 bytes -> C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 669 bytes -> C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV
 
< End of report >
         
--- --- ---


Ob mir evtl. jemand nur kurz sagen kann ob ich das System neu aufsetzten muss`?Banking mache ich nichtmehr usw

Danke euch

Oliver

Alt 11.02.2011, 20:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________

__________________

Alt 11.02.2011, 20:15   #3
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Zur Zeit sagt mir der Pc das der Abhängigkeitsdienst von dem Program nicht gestartet werden kann,ich starte mal grad neu.
Ich hatte noch die anderen Platten und den stick gescannt

Was das nervt....bis gleich

EDIT:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5725

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

09.02.2011 23:56:37
mbam-log-2011-02-09 (23-56-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Durchsuchte Objekte: 73626
Laufzeit: 16 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und noch eins


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5725

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

10.02.2011 08:46:52
mbam-log-2011-02-10 (08-46-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 553106
Laufzeit: 3 Stunde(n), 39 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 12
Infizierte Dateien: 50

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s_-j_2l (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C484332-8128-2096-94A6-DA812793D493} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\System32\s_-j_2l.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttondown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonhot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonnor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\bottomborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\leftborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\rightborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\skindirectflv\skin\Window\titlepattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\program files\registry_doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1 entfernen.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5731

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

10.02.2011 19:30:56
mbam-log-2011-02-10 (19-30-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|E:\|)
Durchsuchte Objekte: 331773
Laufzeit: 1 Stunde(n), 2 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5731

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

10.02.2011 14:55:46
mbam-log-2011-02-10 (14-55-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 185342
Laufzeit: 11 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Besitzer\downloads\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
__________________

Geändert von O Heinz (11.02.2011 um 20:34 Uhr)

Alt 11.02.2011, 23:22   #4
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Wie gehts nun weiter?
Oder soll ich einfach,so wie er ist alles kopieren und neu aufspielen?
Für eine Antwort würde ich sehr dankbar sein.

Oliver

Alt 12.02.2011, 00:11   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Mach bitte erstmal ein Log mit dem Kaspersky-TDSS-Tool, du bist ja ganz offensichtlich Opfer des TDSS, das den MBR infiziert => http://www.trojaner-board.de/82358-t...entfernen.html

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2011, 00:28   #6
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Ok,wird jetzt erledigt....

Alt 12.02.2011, 00:48   #7
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



2011/02/12 00:30:09.0700 1268 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/12 00:30:11.0703 1268 ================================================================================
2011/02/12 00:30:11.0703 1268 SystemInfo:
2011/02/12 00:30:11.0703 1268
2011/02/12 00:30:11.0704 1268 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/12 00:30:11.0704 1268 Product type: Workstation
2011/02/12 00:30:11.0704 1268 ComputerName: BESITZER-PC
2011/02/12 00:30:11.0704 1268 UserName: Besitzer
2011/02/12 00:30:11.0704 1268 Windows directory: C:\Windows
2011/02/12 00:30:11.0704 1268 System windows directory: C:\Windows
2011/02/12 00:30:11.0704 1268 Processor architecture: Intel x86
2011/02/12 00:30:11.0704 1268 Number of processors: 2
2011/02/12 00:30:11.0704 1268 Page size: 0x1000
2011/02/12 00:30:11.0705 1268 Boot type: Normal boot
2011/02/12 00:30:11.0705 1268 ================================================================================
2011/02/12 00:30:21.0042 1268 Initialize success
2011/02/12 00:30:28.0275 3016 ================================================================================
2011/02/12 00:30:28.0275 3016 Scan started
2011/02/12 00:30:28.0275 3016 Mode: Manual;
2011/02/12 00:30:28.0275 3016 ================================================================================
2011/02/12 00:30:29.0853 3016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/12 00:30:30.0075 3016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/12 00:30:30.0262 3016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/12 00:30:30.0336 3016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/12 00:30:30.0478 3016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/12 00:30:30.0666 3016 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/12 00:30:30.0826 3016 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/12 00:30:30.0936 3016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/12 00:30:31.0038 3016 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/12 00:30:31.0153 3016 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/12 00:30:31.0256 3016 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/12 00:30:31.0390 3016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/12 00:30:31.0496 3016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/12 00:30:31.0809 3016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/12 00:30:31.0985 3016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/12 00:30:32.0106 3016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/12 00:30:32.0238 3016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/12 00:30:32.0421 3016 avfwim (1aad99ec3679bd773cb8320a3148987d) C:\Windows\system32\DRIVERS\avfwim.sys
2011/02/12 00:30:32.0585 3016 avfwot (e513bcdd34350c5b436dbe83d72ca651) C:\Windows\system32\DRIVERS\avfwot.sys
2011/02/12 00:30:32.0751 3016 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/12 00:30:32.0954 3016 AvgLdx86 (c9205ae415c96da28f5d22102fcd9313) C:\Windows\System32\Drivers\avgldx86.sys
2011/02/12 00:30:33.0165 3016 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/12 00:30:33.0321 3016 AvgTdiX (330fbb2afee662d0546669932ac22ffb) C:\Windows\System32\Drivers\avgtdix.sys
2011/02/12 00:30:33.0455 3016 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/12 00:30:33.0682 3016 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/12 00:30:33.0829 3016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/12 00:30:34.0110 3016 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
2011/02/12 00:30:34.0257 3016 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/12 00:30:34.0375 3016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/12 00:30:34.0519 3016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/12 00:30:34.0636 3016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/12 00:30:34.0760 3016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/12 00:30:34.0896 3016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/12 00:30:35.0013 3016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/12 00:30:35.0137 3016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/12 00:30:35.0273 3016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/12 00:30:35.0446 3016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/12 00:30:35.0552 3016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/12 00:30:35.0688 3016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/12 00:30:35.0877 3016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/12 00:30:36.0032 3016 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/12 00:30:36.0121 3016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/12 00:30:36.0255 3016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/12 00:30:36.0395 3016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/12 00:30:36.0549 3016 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/12 00:30:36.0751 3016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/12 00:30:36.0936 3016 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/12 00:30:37.0025 3016 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/12 00:30:37.0190 3016 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/12 00:30:37.0318 3016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/12 00:30:37.0463 3016 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/12 00:30:37.0626 3016 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/02/12 00:30:37.0759 3016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/12 00:30:37.0916 3016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/12 00:30:38.0055 3016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/12 00:30:38.0205 3016 eusk2par (f7955f5273f7ca5da13ebeef4f736c44) C:\Windows\system32\Drivers\eusk2par.sys
2011/02/12 00:30:38.0340 3016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/12 00:30:38.0470 3016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/12 00:30:38.0687 3016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/12 00:30:38.0796 3016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/12 00:30:38.0923 3016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/12 00:30:39.0040 3016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/12 00:30:39.0190 3016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/12 00:30:39.0373 3016 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/12 00:30:39.0467 3016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/12 00:30:39.0573 3016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/12 00:30:39.0697 3016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/12 00:30:39.0811 3016 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/02/12 00:30:39.0873 3016 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/02/12 00:30:40.0054 3016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/12 00:30:40.0201 3016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/12 00:30:40.0323 3016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/12 00:30:40.0392 3016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/12 00:30:40.0501 3016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/12 00:30:40.0645 3016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/12 00:30:40.0746 3016 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/02/12 00:30:40.0861 3016 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/02/12 00:30:41.0048 3016 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/12 00:30:41.0172 3016 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/02/12 00:30:41.0352 3016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/12 00:30:41.0513 3016 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/02/12 00:30:41.0718 3016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/12 00:30:41.0817 3016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/12 00:30:42.0013 3016 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/12 00:30:42.0195 3016 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/12 00:30:42.0295 3016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/12 00:30:42.0444 3016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/12 00:30:42.0671 3016 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/12 00:30:42.0909 3016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/12 00:30:42.0987 3016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/12 00:30:43.0198 3016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/12 00:30:43.0321 3016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/12 00:30:43.0456 3016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/12 00:30:43.0548 3016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/12 00:30:43.0709 3016 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/12 00:30:43.0785 3016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/12 00:30:43.0892 3016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/12 00:30:43.0969 3016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/12 00:30:44.0030 3016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/12 00:30:44.0198 3016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/12 00:30:44.0289 3016 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/12 00:30:44.0529 3016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/12 00:30:44.0651 3016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/12 00:30:44.0702 3016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/12 00:30:44.0822 3016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/12 00:30:44.0900 3016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/12 00:30:45.0031 3016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/12 00:30:45.0108 3016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/12 00:30:45.0165 3016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/12 00:30:45.0303 3016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/12 00:30:45.0405 3016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/12 00:30:45.0464 3016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/12 00:30:45.0593 3016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/12 00:30:45.0764 3016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/12 00:30:45.0943 3016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/12 00:30:46.0242 3016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/12 00:30:46.0524 3016 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/12 00:30:46.0673 3016 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/12 00:30:46.0868 3016 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/12 00:30:47.0072 3016 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/12 00:30:47.0193 3016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/12 00:30:47.0362 3016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/12 00:30:47.0533 3016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/12 00:30:47.0676 3016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/12 00:30:47.0743 3016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/12 00:30:47.0801 3016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/12 00:30:47.0945 3016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/12 00:30:48.0128 3016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/12 00:30:48.0266 3016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/12 00:30:48.0341 3016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/12 00:30:48.0504 3016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/12 00:30:48.0637 3016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/12 00:30:48.0801 3016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/12 00:30:48.0960 3016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/12 00:30:49.0117 3016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/12 00:30:49.0200 3016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/12 00:30:49.0371 3016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/12 00:30:49.0443 3016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/12 00:30:49.0691 3016 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/02/12 00:30:49.0916 3016 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/02/12 00:30:50.0223 3016 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/02/12 00:30:50.0384 3016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/12 00:30:50.0487 3016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/12 00:30:50.0658 3016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/12 00:30:50.0797 3016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/12 00:30:50.0978 3016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/12 00:30:51.0129 3016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/12 00:30:51.0549 3016 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/12 00:30:52.0077 3016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/12 00:30:52.0252 3016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/12 00:30:52.0339 3016 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/12 00:30:52.0487 3016 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys
2011/02/12 00:30:52.0664 3016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/12 00:30:52.0828 3016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/12 00:30:52.0896 3016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/12 00:30:52.0944 3016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/12 00:30:53.0128 3016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/12 00:30:53.0183 3016 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/12 00:30:53.0346 3016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/12 00:30:53.0451 3016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/12 00:30:53.0745 3016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/12 00:30:53.0865 3016 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/12 00:30:54.0061 3016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/12 00:30:54.0237 3016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/12 00:30:54.0411 3016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/12 00:30:54.0547 3016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/12 00:30:54.0706 3016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/12 00:30:54.0837 3016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/12 00:30:55.0023 3016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/12 00:30:55.0110 3016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/12 00:30:55.0237 3016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/12 00:30:55.0330 3016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/12 00:30:55.0461 3016 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/12 00:30:55.0565 3016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/12 00:30:55.0685 3016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/12 00:30:55.0882 3016 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/12 00:30:55.0975 3016 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/12 00:30:56.0165 3016 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/12 00:30:56.0281 3016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/12 00:30:56.0435 3016 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/02/12 00:30:56.0540 3016 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/02/12 00:30:56.0684 3016 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/02/12 00:30:56.0807 3016 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/02/12 00:30:56.0914 3016 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/02/12 00:30:57.0029 3016 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/02/12 00:30:57.0166 3016 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/02/12 00:30:57.0264 3016 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/02/12 00:30:57.0333 3016 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/02/12 00:30:57.0478 3016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/12 00:30:57.0731 3016 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/12 00:30:57.0918 3016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/12 00:30:58.0057 3016 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/02/12 00:30:58.0211 3016 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
2011/02/12 00:30:58.0318 3016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/12 00:30:58.0473 3016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/12 00:30:58.0556 3016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/12 00:30:58.0730 3016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/12 00:30:58.0792 3016 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/12 00:30:58.0935 3016 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/12 00:30:59.0050 3016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/12 00:30:59.0204 3016 silabenm (c16173316918a1360dc22947c4ff6352) C:\Windows\system32\DRIVERS\silabenm.sys
2011/02/12 00:30:59.0287 3016 silabser (1be2ced35fb9f377bda14fc035691f38) C:\Windows\system32\DRIVERS\silabser.sys
2011/02/12 00:30:59.0447 3016 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/12 00:30:59.0535 3016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/12 00:30:59.0684 3016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/12 00:30:59.0809 3016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/12 00:30:59.0947 3016 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
2011/02/12 00:31:00.0175 3016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/12 00:31:00.0362 3016 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/12 00:31:00.0424 3016 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/12 00:31:00.0555 3016 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/12 00:31:00.0766 3016 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/12 00:31:01.0006 3016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/12 00:31:01.0072 3016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/12 00:31:01.0289 3016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/12 00:31:01.0343 3016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/12 00:31:01.0475 3016 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/12 00:31:01.0743 3016 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/12 00:31:01.0931 3016 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/12 00:31:02.0079 3016 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2011/02/12 00:31:02.0158 3016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/12 00:31:02.0281 3016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/12 00:31:02.0339 3016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/12 00:31:02.0410 3016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/12 00:31:02.0534 3016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/12 00:31:02.0678 3016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/12 00:31:02.0830 3016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/12 00:31:02.0964 3016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/12 00:31:03.0064 3016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/12 00:31:03.0267 3016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/12 00:31:03.0391 3016 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/12 00:31:03.0565 3016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/12 00:31:03.0651 3016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/12 00:31:03.0817 3016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/12 00:31:03.0925 3016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/12 00:31:04.0080 3016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/12 00:31:04.0227 3016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/12 00:31:04.0360 3016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/12 00:31:04.0464 3016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/12 00:31:04.0524 3016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/12 00:31:04.0622 3016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/12 00:31:04.0720 3016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/12 00:31:04.0853 3016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/12 00:31:04.0948 3016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/12 00:31:05.0106 3016 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/12 00:31:05.0250 3016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/12 00:31:05.0385 3016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/12 00:31:05.0519 3016 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/12 00:31:05.0599 3016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/12 00:31:05.0685 3016 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/12 00:31:05.0749 3016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/12 00:31:05.0864 3016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/12 00:31:05.0979 3016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/12 00:31:06.0113 3016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/12 00:31:06.0273 3016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/12 00:31:06.0390 3016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 00:31:06.0464 3016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 00:31:06.0634 3016 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/02/12 00:31:06.0734 3016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/12 00:31:06.0881 3016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/12 00:31:07.0119 3016 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/02/12 00:31:07.0333 3016 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/02/12 00:31:07.0440 3016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/12 00:31:07.0627 3016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/12 00:31:07.0713 3016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/12 00:31:07.0921 3016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/12 00:31:08.0148 3016 xtouch (444c391466fcf997586846db2df49cbd) C:\Windows\system32\DRIVERS\xtouch.sys
2011/02/12 00:31:08.0355 3016 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\QuickPlay\000.fcl
2011/02/12 00:31:08.0498 3016 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/12 00:31:08.0536 3016 ================================================================================
2011/02/12 00:31:08.0536 3016 Scan finished
2011/02/12 00:31:08.0536 3016 ================================================================================
2011/02/12 00:31:08.0565 3616 Detected object count: 1
2011/02/12 00:31:20.0861 3616 \HardDisk1 - will be cured after reboot
2011/02/12 00:31:20.0863 3616 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/02/12 00:31:43.0320 3108 Deinitialize success

Geändert von O Heinz (12.02.2011 um 01:11 Uhr)

Alt 12.02.2011, 10:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
@Alternate Data Stream - 685 bytes -> C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 669 bytes -> C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV
[2011.02.10 08:50:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rxqkubtm.sys
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell - "" = AutoRun
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell - "" = AutoRun
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell - "" = AutoRun
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell - "" = AutoRun
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell - "" = AutoRun
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell - "" = AutoRun
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell - "" = AutoRun
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell - "" = AutoRun
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O4 - HKCU..\Run: [DW6]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2011, 11:10   #9
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



All processes killed
========== OTL ==========
ADS C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty deleted successfully.
ADS C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty deleted successfully.
Unable to delete ADS C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV .
Unable to delete ADS C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV .
Unable to delete ADS C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV .
Unable to delete ADS C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV .
File C:\Windows\System32\drivers\rxqkubtm.sys not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File E:\AUTOMODE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77b-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77b-90ae-11de-a350-e474c5728839}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77c-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77c-90ae-11de-a350-e474c5728839}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77f-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77f-90ae-11de-a350-e474c5728839}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bcea8-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bcea8-8e67-11de-ae73-00038a000015}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bceaa-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bceaa-8e67-11de-ae73-00038a000015}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found.
File K:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Besitzer
->Temp folder emptied: 192933 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8842205 bytes
->Flash cache emptied: 37 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xxxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xxxx
->Flash cache emptied: 0 bytes

User: xxxx
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1163105681 bytes

Total Files Cleaned = 1.118,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02122011_105717

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 12.02.2011, 11:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2011, 12:55   #11
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-11.02 - Besitzer 12.02.2011  12:17:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1771 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\programdata\hpe1652.dll
c:\users\Besitzer\AppData\Roaming\Desktopicon
c:\users\Besitzer\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Besitzer\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\KBL.LOG

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-12 bis 2011-02-12  ))))))))))))))))))))))))))))))
.

2011-02-12 11:33 . 2011-02-12 11:34	--------	d-----w-	c:\users\Besitzer\AppData\Local\temp
2011-02-12 11:33 . 2011-02-12 11:33	--------	d-----w-	c:\users\Moni\AppData\Local\temp
2011-02-12 11:33 . 2011-02-12 11:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-12 09:34 . 2011-02-12 09:34	--------	d-----w-	C:\_OTL
2011-02-12 00:38 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D081E7A-D29E-43EE-BADF-33BB9BDD653A}\mpengine.dll
2011-02-09 22:34 . 2011-02-09 22:34	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Malwarebytes
2011-02-09 22:34 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 22:34 . 2011-02-09 22:34	--------	d-----w-	c:\programdata\Malwarebytes
2011-02-09 22:34 . 2011-02-09 22:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-09 22:34 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-19 08:46 . 2011-01-19 08:46	--------	d-----w-	c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:07	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 07:50	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 07:50	1169408	----a-w-	c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 09:34	1197448	----a-w-	c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-06-23 434176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"Mobile Partner"="c:\program files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe" [2010-02-11 114688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HostManager"="c:\program files\Common Files\AOL\1231093279\ee\AOLSoftware.exe" [2006-09-26 50736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-02-11 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 16:38	1226288	----a-w-	c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2004-06-23 24786]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-10-15 13224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-02-19 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-02-19 62592]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 xtouch;xtouch;c:\windows\system32\DRIVERS\xtouch.sys [2008-01-17 83072]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2006-11-24 217088]
S2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2006-11-24 368640]
S2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2006-11-24 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSgate.exe [2006-11-24 81920]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners

2011-02-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 19:46]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 19:03]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 19:03]

2011-02-09 c:\windows\Tasks\Norton Security Scan for Besitzer.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 18:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_de&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {0ae873a2-da32-8a94-9c57-7a7cc96c6c82} - c:\program files\Mozilla Firefox\extensions\{0ae873a2-da32-8a94-9c57-7a7cc96c6c82}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Freeware DE Toolbar: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - %profile%\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
FF - Ext: @@toolbarname@@: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
AddRemove-eBay Icon - c:\users\Besitzer\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-web'n'walk Manager - c:\program files\T-Mobile\web'n'walk Manager\uninst.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-12 12:34
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?2.tmp?FiG1?T\]??X???????A1?SU]???? ??????????????????????1??S]???7??(???am Files\T-Mobile\T-Mobile Internet Manager\?]??c:\users????^]??c:\Program Files\T-Mobile\T-Mobile Internet Mana 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-12  12:51:23
ComboFix-quarantined-files.txt  2011-02-12 11:51

Vor Suchlauf: 19 Verzeichnis(se), 127.870.722.048 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 127.798.407.168 Bytes frei

- - End Of File - - FF54CA807FB289108BC6763E8B45B993
         
--- --- ---


CCleaner auch gemacht.

Geändert von O Heinz (12.02.2011 um 13:18 Uhr)

Alt 12.02.2011, 13:21   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2011, 13:55   #13
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:53:12 on 12.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Norton Security Scan for Besitzer.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
"ElsaCfg.cpl" - "Volkswagen AG" - C:\Windows\system32\ElsaCfg.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\Besitzer\AppData\Local\Temp\catchme.sys  (File not found)
"EUTRON SmartKey Parallel Driver" (eusk2par) - "EUTRON" - C:\Windows\system32\Drivers\eusk2par.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"fwriikod" (fwriikod) - ? - C:\Users\Besitzer\AppData\Local\Temp\fwriikod.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\Windows\System32\drivers\PCASp50.sys  (File not found)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? -   (File not found | COM-object registry key not found)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? -   (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} "WiProtokollHandler Class" - "TODO: <Company name>" - C:\ElsaWin\bin\wiProt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{00000000-0000-0000-0000-000000000000}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "MSN Toolbar" - "Microsoft Corp." - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "MSN Toolbar Helper" - "Microsoft Corp." - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
"Mobile Partner" - ? - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe"
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
"HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1231093279\ee\AOLSoftware.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"Windows Mobile-based device management" - "Microsoft Corporation" - %windir%\WindowsMobile\wmdc.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"ELSA APOSpro Server" (LcSvrSaz) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrSaz.exe
"ELSA Historie Server" (LcSvrHis) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrHis.exe
"ELSA PASS Server" (LcSvrPAS) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrPas.exe
"ELSA Vaudis Service" (VSGate) - "Volkswagen AG" - C:\ElsaWin\bin\VSgate.exe
"GameConsoleService" (GameConsoleService) - ? - "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe"  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 12.02.2011, 14:00   #14
O Heinz
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 160):
0x8264C000 \SystemRoot\system32\ntkrnlpa.exe
0x82619000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80684000 \SystemRoot\system32\PSHED.dll
0x80695000 \SystemRoot\system32\BOOTVID.dll
0x8069D000 \SystemRoot\system32\CLFS.SYS
0x806DE000 \SystemRoot\system32\CI.dll
0x8A802000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A87E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A88B000 \SystemRoot\system32\drivers\acpi.sys
0x8A8D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A8DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A8E2000 \SystemRoot\system32\drivers\pci.sys
0x8A909000 \SystemRoot\System32\drivers\partmgr.sys
0x8A918000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A91B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A925000 \SystemRoot\system32\drivers\volmgr.sys
0x8A934000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A97E000 \SystemRoot\system32\drivers\intelide.sys
0x8A985000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A993000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AA0D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AAD4000 \SystemRoot\system32\drivers\atapi.sys
0x8AADC000 \SystemRoot\system32\drivers\ataport.SYS
0x8AAFA000 \SystemRoot\system32\drivers\msahci.sys
0x8AB03000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AB35000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AB45000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC09000 \SystemRoot\system32\drivers\ndis.sys
0x8AD14000 \SystemRoot\system32\drivers\msrpc.sys
0x8AD3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE00000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEEA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B009000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B119000 \SystemRoot\system32\drivers\volsnap.sys
0x8B152000 \SystemRoot\System32\Drivers\spldr.sys
0x8B15A000 \SystemRoot\System32\Drivers\mup.sys
0x8B169000 \SystemRoot\System32\drivers\ecache.sys
0x8B190000 \SystemRoot\system32\drivers\disk.sys
0x8B1A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B1CB000 \SystemRoot\system32\drivers\BMLoad.sys
0x8B1DE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B1E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B1F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B1F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AFCC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91006000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91977000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91E0A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91EAB000 \SystemRoot\System32\drivers\watchdog.sys
0x91EB7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91EC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91F00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91F0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9200F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x92398000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x923B4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x923C4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x923D2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x923EC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91F9C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x91979000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x923FB000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x91FB0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91FC0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x92007000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x91FD3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x919CA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9200C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91FDE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AFDB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91FE9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8AD7A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ADA9000 \SystemRoot\system32\DRIVERS\storport.sys
0x91FEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ABB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AFF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ABCD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ADEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A9A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A9B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91FFA000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8ABF0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91E00000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x923FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A9CC000 \SystemRoot\system32\DRIVERS\ks.sys
0x807BE000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807E9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92804000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92839000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x92841000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x9284A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x92853000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92A0E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92864000 \SystemRoot\system32\drivers\portcls.sys
0x92891000 \SystemRoot\system32\drivers\drmk.sys
0x928B6000 \SystemRoot\system32\DRIVERS\smserial.sys
0x92BE9000 \SystemRoot\system32\drivers\modem.sys
0x929A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x929BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x929D3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x92BF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x92A00000 \SystemRoot\System32\Drivers\Null.SYS
0x92A07000 \SystemRoot\System32\Drivers\Beep.SYS
0x929F4000 \SystemRoot\System32\drivers\vga.sys
0x92E0A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92E2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92E33000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92E3B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92E46000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92E54000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92E5D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92E73000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0x92E78000 \SystemRoot\system32\DRIVERS\smb.sys
0x92E8C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92EBE000 \SystemRoot\system32\drivers\afd.sys
0x92F06000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92F1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92F2A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92F3D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92F79000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92F89000 \SystemRoot\System32\Drivers\dfsc.sys
0x92FA0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92FC8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AF05000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x946A0000 \SystemRoot\System32\win32k.sys
0x92FD5000 \SystemRoot\System32\drivers\Dxapi.sys
0x92FDF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x948C0000 \SystemRoot\System32\TSDDD.dll
0x948E0000 \SystemRoot\System32\cdd.dll
0x82208000 \SystemRoot\system32\drivers\luafv.sys
0x8222B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8223B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82265000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8226F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82282000 \SystemRoot\system32\drivers\spsys.sys
0x82332000 \SystemRoot\system32\drivers\HTTP.sys
0x8239F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x823BC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x823D5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0204000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0225000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0244000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA027D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0295000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA02BD000 \SystemRoot\System32\DRIVERS\srv.sys
0xA030B000 \SystemRoot\system32\drivers\peauth.sys
0xA03E9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA03F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x823EA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x92FEE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA2E05000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xA2E22000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2E4A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2E62000 \??\C:\Users\Besitzer\AppData\Local\Temp\fwriikod.sys
0x77A70000 \WINDOWS\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
480 C:\WINDOWS\System32\smss.exe
612 csrss.exe
664 C:\WINDOWS\System32\wininit.exe
676 csrss.exe
708 C:\WINDOWS\System32\services.exe
720 C:\WINDOWS\System32\lsass.exe
732 C:\WINDOWS\System32\lsm.exe
820 C:\WINDOWS\System32\winlogon.exe
916 C:\WINDOWS\System32\svchost.exe
960 C:\WINDOWS\System32\nvvsvc.exe
996 C:\WINDOWS\System32\svchost.exe
1036 C:\WINDOWS\System32\svchost.exe
1088 C:\WINDOWS\System32\svchost.exe
1120 C:\WINDOWS\System32\svchost.exe
1148 C:\WINDOWS\System32\svchost.exe
1212 C:\WINDOWS\System32\audiodg.exe
1232 C:\WINDOWS\System32\svchost.exe
1248 C:\WINDOWS\System32\SLsvc.exe
1360 C:\WINDOWS\System32\svchost.exe
1380 C:\WINDOWS\System32\svchost.exe
1580 C:\WINDOWS\System32\spoolsv.exe
1608 C:\WINDOWS\System32\svchost.exe
1804 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1816 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1832 C:\Program Files\Bonjour\mDNSResponder.exe
1856 C:\WINDOWS\System32\svchost.exe
1900 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
124 C:\ElsaWin\bin\LcSvrHis.exe
228 C:\ElsaWin\bin\LcSvrPas.exe
356 C:\ElsaWin\bin\LcSvrSaz.exe
500 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
660 C:\WINDOWS\System32\IoctlSvc.exe
472 C:\WINDOWS\System32\svchost.exe
1060 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
1616 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
680 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2080 C:\WINDOWS\System32\svchost.exe
2112 C:\ElsaWin\bin\VSGate.exe
2164 C:\WINDOWS\System32\svchost.exe
2192 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2236 C:\WINDOWS\System32\SearchIndexer.exe
2284 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2344 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2404 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2760 C:\WINDOWS\System32\taskeng.exe
2788 WUDFHost.exe
2868 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe
2920 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3040 C:\WINDOWS\System32\nvvsvc.exe
3208 C:\WINDOWS\System32\alg.exe
3668 C:\WINDOWS\System32\dwm.exe
3696 C:\WINDOWS\System32\taskeng.exe
3724 C:\WINDOWS\explorer.exe
2648 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2704 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2708 C:\WINDOWS\RtHDVCpl.exe
880 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2856 C:\Program Files\Hp\QuickPlay\QPService.exe
836 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
1316 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1356 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2552 C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe
2528 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2748 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
2852 C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
3280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1104 C:\WINDOWS\WindowsMobile\wmdc.exe
3108 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3976 C:\WINDOWS\System32\wbem\unsecapp.exe
3908 WmiPrvSE.exe
2232 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2440 C:\WINDOWS\System32\svchost.exe
3052 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3304 C:\Program Files\Windows Media Player\wmpnscfg.exe
3128 C:\WINDOWS\System32\mobsync.exe
4224 C:\Program Files\Windows Media Player\wmpnetwk.exe
4336 C:\Program Files\Mozilla Firefox\firefox.exe
4392 C:\Users\Besitzer\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
4952 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
4996 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
5584 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6060 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3800 C:\WINDOWS\System32\taskeng.exe
4216 C:\WINDOWS\System32\sdclt.exe
3836 C:\WINDOWS\System32\svchost.exe
4156 C:\Users\Besitzer\Downloads\osam_autorun_manager_5_0_portable\osam.exe
2436 C:\WINDOWS\System32\conime.exe
4712 C:\WINDOWS\System32\SearchProtocolHost.exe
5836 C:\WINDOWS\System32\SearchFilterHost.exe
5484 dllhost.exe
2936 dllhost.exe
2676 C:\Users\Besitzer\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`4d611a00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P
PhysicalDrive1 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Alt 12.02.2011, 15:26   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.A mit Virenscanner 3 xgefunden - Standard

BOO/TDss.A mit Virenscanner 3 xgefunden



GMER wollte nicht?

Zitat:
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Dein MBR ist entweder infiziert oder nicht standardgemäß.
Bevor wir den manuell fixen bitte zuerst mal des TDSS-Tool von Kaspersky drüberlaufen lassen => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu BOO/TDss.A mit Virenscanner 3 xgefunden
adware.adrotator, adware.flvplayer, alternate, antivir, automatische, automatischen, avg security toolbar, avgntflt.sys, beendet, beendet und geschlossen, besitzer, bildschirm, boo/tdss.a, bookmark, corp./icp, dateien, datensicherung, einfach, fast start, fehlermeldung, hallo zusammen, home premium, hostprozess, iastor.sys, install.exe, intranet, laufwerk, launch, location, microsoft, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, probleme, programdata, prozess, rogue.registrydoctor, rogue.registrydoktor, runter, safer networking, scan, scanner, sched.exe, searchplugins, security scan, seite, seiten, start menu, startet, super, system neu, t-mobile, updates, virenscanner, öffnet




Ähnliche Themen: BOO/TDss.A mit Virenscanner 3 xgefunden


  1. PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner?
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (2)
  2. BOO/TDss.O
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (3)
  3. Boo/TDss.D
    Log-Analyse und Auswertung - 30.10.2011 (14)
  4. BOO/TDss.D
    Log-Analyse und Auswertung - 25.10.2011 (16)
  5. BOO/TDss.d
    Log-Analyse und Auswertung - 25.10.2011 (5)
  6. BOO/Tdss.M
    Log-Analyse und Auswertung - 13.10.2011 (1)
  7. boo tdss.m
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (1)
  8. TR/TDss.17.35
    Log-Analyse und Auswertung - 25.03.2011 (9)
  9. BOO/TDss.A
    Plagegeister aller Art und deren Bekämpfung - 06.03.2011 (30)
  10. BOO/TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (25)
  11. Rootkit.Win32.TDSS - Endlich "one click" Entfernung mit Virenscanner?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (2)
  12. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  13. TR/TDss.AT.881
    Log-Analyse und Auswertung - 07.02.2009 (9)
  14. BDS/TDSS.adb, BDS/TDSS.JW und einiges mehr
    Log-Analyse und Auswertung - 14.01.2009 (28)
  15. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  16. Backdoor.TDSS.asz und TDSS.atb gefunden
    Mülltonne - 28.11.2008 (0)
  17. Virenscanner als Virenscanner unzulässige Win32 Anwendung, mrofinu1386.exe
    Plagegeister aller Art und deren Bekämpfung - 05.03.2008 (48)

Zum Thema BOO/TDss.A mit Virenscanner 3 xgefunden - Hallo zusammen, in letzter Zeit habe ich etwas Probleme mit meinem Rechner. Er öffnet aufgerufene Dateien mit Verzögerung und sehr oft habe ich einen "blauen Bildschirm und er fährt dann - BOO/TDss.A mit Virenscanner 3 xgefunden...
Archiv
Du betrachtest: BOO/TDss.A mit Virenscanner 3 xgefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.