Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA-Trojaner entfernen? (https://www.trojaner-board.de/103592-bka-trojaner-entfernen.html)

MrOibe 22.09.2011 10:59
BKA-Trojaner entfernen?
 
Hallo!

Ich habe seit gestern Nacht diesen BKA-Trojaner. Um meinen PC wieder ansatzweise bedienen zu können, habe ich Windows im abgesicherten Modus gestartet und dann eine Systemwiederherstellung gemacht. Jetzt funktioniert es soweit wieder... (Hoffentlich nicht schimpfen :D)

Hier im Forum habe ich gelesen, dass ich Malwarebytes scannen lassen soll und die Logdatei hier posten soll (Anhang).

Ich hoffe ihr könnt mir helfen

MrOibe

cosinus 22.09.2011 12:46
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

MrOibe 22.09.2011 19:29
ok hab die Dinger jetzt entfernt..
und OTL hab ich auch laufen lassen.

cosinus 22.09.2011 20:53
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


MrOibe 23.09.2011 21:01
ist im Anhang. Und danke übrigens, dass Du mir hilfst..

cosinus 23.09.2011 21:05
Zitat:
C:\Users\Peter\AppData\Local\Temp\Facebook-Bot.zip
Bitte bei uns hochladen, damit wir uns das genauer anschauen können :)
Anleitung => http://www.trojaner-board.de/54791-a...ner-board.html

MrOibe 23.09.2011 21:13
ok. ist hochgeladen

cosinus 24.09.2011 10:43
Zitat:
C:\Users\Peter\Desktop\Downloads\registrybooster.exe

Finger weg von diesem riskanten Zeug!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=141.20.103.211:3128;http=141.20.103.211:3128;https=196.200.140.19:80
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "benefind"
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/watch?v=JngLM6XLajU&feature=related|http://de-de.facebook.com/"
FF - prefs.js..keyword.URL: "http://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "69.47.48.28"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
[2010.06.06 22:53:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.29 17:54:07 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.07.25 09:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\staged-xpis
[2010.11.04 16:06:38 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net
[2011.06.21 11:46:22 | 000,002,217 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\benefind.xml
[2011.06.29 17:54:19 | 000,005,212 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\ecosia.xml
[2010.10.21 11:27:34 | 000,010,567 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\gmx-suche.xml
[2011.09.17 23:11:17 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-1.xml
[2010.07.21 23:30:25 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-2.xml
[2010.07.25 11:46:01 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-3.xml
[2010.08.19 20:57:23 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-4.xml
[2010.10.20 13:35:27 | 000,000,950 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-5.xml
[2010.06.28 14:53:54 | 000,001,056 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin.xml
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dee0b2a7-a775-11df-b470-00265e9f5953}\Shell - "" = AutoRun
O33 - MountPoints2\{dee0b2a7-a775-11df-b470-00265e9f5953}\Shell\AutoRun\command - "" = E:\Startme.exe
[2010.07.24 15:30:21 | 000,000,000 | -HSD | M] -- C:\Users\Peter\AppData\Roaming\.#
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

MrOibe 24.09.2011 13:16
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "benefind" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.youtube.com/watch?v=JngLM6XLajU&feature=related|hxxp://de-de.facebook.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.no_proxies_on
Prefs.js: "69.47.48.28" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: 4 removed from network.proxy.socks_version
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\defaults\preferences folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\defaults folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}\chrome folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\staged-xpis\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\staged-xpis folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\amazon\page folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin\amazon folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\searchplugins folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\META-INF folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\amazon\page folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US\amazon folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\amazon\page folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE\amazon folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\searchengine folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\amazon\page folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content\amazon folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\1yc4ijbh.default\extensions\toolbar@gmx.net folder moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\benefind.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\ecosia.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\searchplugins\icqplugin.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dee0b2a7-a775-11df-b470-00265e9f5953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dee0b2a7-a775-11df-b470-00265e9f5953}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dee0b2a7-a775-11df-b470-00265e9f5953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dee0b2a7-a775-11df-b470-00265e9f5953}\ not found.
File E:\Startme.exe not found.
C:\Users\Peter\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:8173A019 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 526698 bytes
->Temporary Internet Files folder emptied: 59670 bytes
->FireFox cache emptied: 5927532 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 904450193 bytes
->Temporary Internet Files folder emptied: 45219152 bytes
->Java cache emptied: 12979178 bytes
->FireFox cache emptied: 46345208 bytes
->Google Chrome cache emptied: 115455899 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 73554 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171673183 bytes
RecycleBin emptied: 3174494323 bytes
 
Total Files Cleaned = 4.270,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09242011_140811

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 24.09.2011 13:38
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

MrOibe 24.09.2011 14:51
Code:
15:44:59.0849 5172        TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
15:45:00.0046 5172        ============================================================
15:45:00.0046 5172        Current date / time: 2011/09/24 15:45:00.0046
15:45:00.0046 5172        SystemInfo:
15:45:00.0046 5172       
15:45:00.0046 5172        OS Version: 6.0.6001 ServicePack: 1.0
15:45:00.0046 5172        Product type: Workstation
15:45:00.0046 5172        ComputerName: PETER-PC
15:45:00.0047 5172        UserName: Peter
15:45:00.0047 5172        Windows directory: C:\Windows
15:45:00.0047 5172        System windows directory: C:\Windows
15:45:00.0047 5172        Processor architecture: Intel x86
15:45:00.0047 5172        Number of processors: 1
15:45:00.0047 5172        Page size: 0x1000
15:45:00.0047 5172        Boot type: Normal boot
15:45:00.0047 5172        ============================================================
15:45:00.0927 5172        Initialize success
15:45:49.0658 1428        ============================================================
15:45:49.0658 1428        Scan started
15:45:49.0658 1428        Mode: Manual;
15:45:49.0658 1428        ============================================================
15:45:50.0312 1428        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:45:50.0315 1428        ACPI - ok
15:45:50.0536 1428        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:45:50.0555 1428        adp94xx - ok
15:45:50.0716 1428        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:45:50.0748 1428        adpahci - ok
15:45:50.0851 1428        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:45:50.0884 1428        adpu160m - ok
15:45:51.0021 1428        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:45:51.0022 1428        adpu320 - ok
15:45:51.0197 1428        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
15:45:51.0249 1428        AFD - ok
15:45:51.0485 1428        AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
15:45:51.0500 1428        AgereSoftModem - ok
15:45:51.0689 1428        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:45:51.0715 1428        agp440 - ok
15:45:51.0850 1428        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:45:51.0869 1428        aic78xx - ok
15:45:51.0958 1428        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:45:51.0959 1428        aliide - ok
15:45:52.0160 1428        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:45:52.0199 1428        amdagp - ok
15:45:52.0314 1428        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:45:52.0332 1428        amdide - ok
15:45:52.0548 1428        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:45:52.0550 1428        AmdK7 - ok
15:45:52.0704 1428        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:45:52.0721 1428        AmdK8 - ok
15:45:52.0966 1428        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:45:52.0996 1428        arc - ok
15:45:53.0152 1428        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:45:53.0167 1428        arcsas - ok
15:45:53.0380 1428        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:53.0409 1428        AsyncMac - ok
15:45:53.0554 1428        atapi          (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
15:45:53.0577 1428        atapi - ok
15:45:53.0912 1428        athr            (09a644da1f4c144df1c9fe3cd75e22ed) C:\Windows\system32\DRIVERS\athr.sys
15:45:53.0935 1428        athr - ok
15:45:54.0157 1428        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:45:54.0215 1428        avgntflt - ok
15:45:54.0390 1428        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:45:54.0391 1428        avipbb - ok
15:45:54.0567 1428        bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:45:54.0592 1428        bcm4sbxp - ok
15:45:54.0814 1428        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:45:54.0823 1428        Beep - ok
15:45:55.0039 1428        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:45:55.0047 1428        blbdrive - ok
15:45:55.0304 1428        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
15:45:55.0313 1428        bowser - ok
15:45:55.0474 1428        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:45:55.0504 1428        BrFiltLo - ok
15:45:55.0683 1428        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:45:55.0710 1428        BrFiltUp - ok
15:45:55.0949 1428        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:45:55.0950 1428        Brserid - ok
15:45:56.0074 1428        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:45:56.0090 1428        BrSerWdm - ok
15:45:56.0144 1428        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:45:56.0150 1428        BrUsbMdm - ok
15:45:56.0182 1428        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:45:56.0187 1428        BrUsbSer - ok
15:45:56.0334 1428        BthEnum        (c7065fa296c91bf054f421b0ebf93461) C:\Windows\system32\DRIVERS\BthEnum.sys
15:45:56.0351 1428        BthEnum - ok
15:45:56.0484 1428        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:45:56.0516 1428        BTHMODEM - ok
15:45:56.0727 1428        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:45:56.0732 1428        BthPan - ok
15:45:56.0948 1428        BTHPORT        (1712d956e5a96f866d6791869e99b1d6) C:\Windows\system32\Drivers\BTHport.sys
15:45:56.0950 1428        BTHPORT - ok
15:45:57.0101 1428        BTHUSB          (66088e161e769d11c3134bc23d0e6144) C:\Windows\system32\Drivers\BTHUSB.sys
15:45:57.0107 1428        BTHUSB - ok
15:45:57.0232 1428        btwaudio        (80afcd99f94bb8321f85ebafa28cf0b5) C:\Windows\system32\drivers\btwaudio.sys
15:45:57.0273 1428        btwaudio - ok
15:45:57.0420 1428        btwavdt        (07bd2be871455231de27bb346f6886e7) C:\Windows\system32\drivers\btwavdt.sys
15:45:57.0444 1428        btwavdt - ok
15:45:57.0655 1428        btwl2cap        (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:45:57.0683 1428        btwl2cap - ok
15:45:57.0933 1428        btwrchid        (bc53acabccc9946ad508a8737f2a39ea) C:\Windows\system32\DRIVERS\btwrchid.sys
15:45:57.0934 1428        btwrchid - ok
15:45:58.0144 1428        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:58.0177 1428        cdfs - ok
15:45:58.0326 1428        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:45:58.0359 1428        cdrom - ok
15:45:58.0516 1428        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:45:58.0580 1428        circlass - ok
15:45:58.0694 1428        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:45:58.0704 1428        CLFS - ok
15:45:58.0859 1428        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:45:58.0880 1428        CmBatt - ok
15:45:58.0920 1428        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:45:58.0921 1428        cmdide - ok
15:45:59.0090 1428        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:45:59.0115 1428        Compbatt - ok
15:45:59.0351 1428        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:45:59.0406 1428        crcdisk - ok
15:45:59.0552 1428        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:45:59.0569 1428        Crusoe - ok
15:45:59.0829 1428        CryptOSD        (c914d18ab66b132e9c73f19f8f805f1f) C:\Windows\system32\DRIVERS\CryptOSD.sys
15:45:59.0852 1428        CryptOSD - ok
15:46:00.0058 1428        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
15:46:00.0092 1428        DfsC - ok
15:46:00.0305 1428        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:46:00.0334 1428        disk - ok
15:46:00.0524 1428        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:46:00.0525 1428        drmkaud - ok
15:46:00.0728 1428        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:00.0742 1428        DXGKrnl - ok
15:46:00.0937 1428        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:46:00.0949 1428        E1G60 - ok
15:46:01.0096 1428        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:46:01.0135 1428        Ecache - ok
15:46:01.0326 1428        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:46:01.0361 1428        elxstor - ok
15:46:01.0492 1428        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:46:01.0493 1428        ErrDev - ok
15:46:01.0677 1428        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:46:01.0702 1428        exfat - ok
15:46:01.0847 1428        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:46:01.0856 1428        fastfat - ok
15:46:01.0977 1428        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:46:01.0981 1428        fdc - ok
15:46:02.0024 1428        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:46:02.0025 1428        FileInfo - ok
15:46:02.0093 1428        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:46:02.0111 1428        Filetrace - ok
15:46:02.0278 1428        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:02.0302 1428        flpydisk - ok
15:46:02.0473 1428        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:46:02.0493 1428        FltMgr - ok
15:46:02.0703 1428        fssfltr        (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
15:46:02.0742 1428        fssfltr - ok
15:46:03.0065 1428        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:03.0070 1428        Fs_Rec - ok
15:46:03.0242 1428        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:46:03.0254 1428        gagp30kx - ok
15:46:03.0469 1428        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:03.0487 1428        GEARAspiWDM - ok
15:46:03.0685 1428        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:46:03.0738 1428        HdAudAddService - ok
15:46:04.0026 1428        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:04.0027 1428        HDAudBus - ok
15:46:04.0341 1428        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:46:04.0342 1428        HidBth - ok
15:46:04.0476 1428        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:46:04.0477 1428        HidIr - ok
15:46:04.0603 1428        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:04.0604 1428        HidUsb - ok
15:46:04.0955 1428        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:46:04.0963 1428        HpCISSs - ok
15:46:05.0116 1428        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
15:46:05.0147 1428        HTTP - ok
15:46:05.0409 1428        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:46:05.0474 1428        i2omp - ok
15:46:05.0605 1428        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:05.0642 1428        i8042prt - ok
15:46:06.0775 1428        ialm            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:46:07.0046 1428        ialm - ok
15:46:07.0326 1428        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:07.0329 1428        iaStor - ok
15:46:07.0642 1428        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:46:07.0673 1428        iaStorV - ok
15:46:08.0545 1428        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:46:08.0642 1428        igfx - ok
15:46:08.0809 1428        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:46:08.0836 1428        iirsp - ok
15:46:09.0303 1428        IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys
15:46:09.0478 1428        IntcAzAudAddService - ok
15:46:09.0602 1428        IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
15:46:09.0631 1428        IntcHdmiAddService - ok
15:46:10.0000 1428        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:46:10.0054 1428        intelide - ok
15:46:10.0348 1428        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:10.0349 1428        intelppm - ok
15:46:10.0606 1428        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:10.0620 1428        IpFilterDriver - ok
15:46:10.0749 1428        IpInIp - ok
15:46:10.0881 1428        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:46:10.0926 1428        IPMIDRV - ok
15:46:11.0183 1428        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:46:11.0197 1428        IPNAT - ok
15:46:11.0350 1428        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:46:11.0392 1428        IRENUM - ok
15:46:11.0686 1428        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:46:11.0725 1428        isapnp - ok
15:46:11.0969 1428        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:11.0971 1428        iScsiPrt - ok
15:46:12.0273 1428        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:46:12.0274 1428        iteatapi - ok
15:46:12.0484 1428        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:46:12.0514 1428        iteraid - ok
15:46:12.0673 1428        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:12.0675 1428        kbdclass - ok
15:46:12.0768 1428        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:12.0782 1428        kbdhid - ok
15:46:12.0842 1428        KMDFMEMIO      (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
15:46:12.0842 1428        KMDFMEMIO - ok
15:46:13.0070 1428        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
15:46:13.0085 1428        KSecDD - ok
15:46:13.0407 1428        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:13.0426 1428        lltdio - ok
15:46:13.0664 1428        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:46:13.0678 1428        LSI_FC - ok
15:46:13.0821 1428        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:46:13.0836 1428        LSI_SAS - ok
15:46:14.0026 1428        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:46:14.0035 1428        LSI_SCSI - ok
15:46:14.0371 1428        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:46:14.0390 1428        luafv - ok
15:46:14.0494 1428        MBAMSwissArmy - ok
15:46:14.0580 1428        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:46:14.0600 1428        megasas - ok
15:46:14.0765 1428        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:46:14.0815 1428        MegaSR - ok
15:46:15.0085 1428        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:46:15.0091 1428        Modem - ok
15:46:15.0396 1428        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:46:15.0396 1428        monitor - ok
15:46:15.0553 1428        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:15.0555 1428        mouclass - ok
15:46:15.0632 1428        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:15.0649 1428        mouhid - ok
15:46:15.0797 1428        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:46:15.0798 1428        MountMgr - ok
15:46:15.0970 1428        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:46:15.0995 1428        mpio - ok
15:46:16.0025 1428        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:46:16.0045 1428        mpsdrv - ok
15:46:16.0167 1428        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:46:16.0179 1428        Mraid35x - ok
15:46:16.0300 1428        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:46:16.0302 1428        MRxDAV - ok
15:46:16.0540 1428        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:16.0551 1428        mrxsmb - ok
15:46:16.0751 1428        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:16.0813 1428        mrxsmb10 - ok
15:46:17.0060 1428        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:17.0085 1428        mrxsmb20 - ok
15:46:17.0252 1428        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:46:17.0253 1428        msahci - ok
15:46:17.0565 1428        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:46:17.0568 1428        msdsm - ok
15:46:17.0762 1428        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:46:17.0808 1428        Msfs - ok
15:46:17.0994 1428        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:46:18.0028 1428        msisadrv - ok
15:46:18.0268 1428        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:18.0277 1428        MSKSSRV - ok
15:46:18.0459 1428        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:18.0476 1428        MSPCLOCK - ok
15:46:18.0577 1428        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:46:18.0591 1428        MSPQM - ok
15:46:18.0630 1428        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:46:18.0662 1428        MsRPC - ok
15:46:18.0759 1428        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:18.0760 1428        mssmbios - ok
15:46:18.0825 1428        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:46:18.0829 1428        MSTEE - ok
15:46:18.0868 1428        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:46:18.0876 1428        Mup - ok
15:46:18.0960 1428        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:18.0963 1428        NativeWifiP - ok
15:46:19.0070 1428        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:46:19.0077 1428        NDIS - ok
15:46:19.0178 1428        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:19.0183 1428        NdisTapi - ok
15:46:19.0292 1428        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:19.0308 1428        Ndisuio - ok
15:46:19.0415 1428        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:19.0442 1428        NdisWan - ok
15:46:19.0482 1428        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:46:19.0499 1428        NDProxy - ok
15:46:19.0763 1428        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:46:19.0769 1428        NetBIOS - ok
15:46:20.0012 1428        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:46:20.0054 1428        netbt - ok
15:46:20.0608 1428        NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:46:20.0750 1428        NETw3v32 - ok
15:46:20.0977 1428        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:46:20.0999 1428        nfrd960 - ok
15:46:21.0212 1428        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:46:21.0228 1428        Npfs - ok
15:46:21.0446 1428        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:46:21.0464 1428        nsiproxy - ok
15:46:21.0687 1428        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:46:21.0734 1428        Ntfs - ok
15:46:21.0946 1428        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:46:21.0969 1428        ntrigdigi - ok
15:46:22.0147 1428        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:46:22.0178 1428        Null - ok
15:46:22.0280 1428        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:46:22.0295 1428        nvraid - ok
15:46:22.0335 1428        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:46:22.0342 1428        nvstor - ok
15:46:22.0624 1428        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:46:22.0626 1428        nv_agp - ok
15:46:22.0727 1428        NwlnkFlt - ok
15:46:22.0938 1428        NwlnkFwd - ok
15:46:23.0611 1428        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:23.0667 1428        ohci1394 - ok
15:46:24.0131 1428        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:46:24.0140 1428        Parport - ok
15:46:24.0249 1428        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:46:24.0285 1428        partmgr - ok
15:46:24.0351 1428        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:46:24.0372 1428        Parvdm - ok
15:46:24.0531 1428        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:46:24.0533 1428        pci - ok
15:46:24.0728 1428        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:46:24.0751 1428        pciide - ok
15:46:24.0925 1428        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:25.0000 1428        pcmcia - ok
15:46:25.0228 1428        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:46:25.0309 1428        PEAUTH - ok
15:46:25.0629 1428        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:25.0638 1428        PptpMiniport - ok
15:46:25.0829 1428        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:46:25.0841 1428        Processor - ok
15:46:26.0013 1428        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:46:26.0027 1428        PSched - ok
15:46:26.0296 1428        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:46:26.0329 1428        ql2300 - ok
15:46:26.0456 1428        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:46:26.0487 1428        ql40xx - ok
15:46:26.0629 1428        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:46:26.0632 1428        QWAVEdrv - ok
15:46:26.0956 1428        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:26.0975 1428        RasAcd - ok
15:46:27.0240 1428        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:27.0281 1428        Rasl2tp - ok
15:46:27.0438 1428        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:27.0483 1428        RasPppoe - ok
15:46:27.0684 1428        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:27.0696 1428        RasSstp - ok
15:46:27.0843 1428        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:27.0884 1428        rdbss - ok
15:46:28.0130 1428        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:28.0137 1428        RDPCDD - ok
15:46:28.0435 1428        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:46:28.0470 1428        rdpdr - ok
15:46:28.0687 1428        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:46:28.0696 1428        RDPENCDD - ok
15:46:28.0964 1428        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:46:28.0991 1428        RDPWD - ok
15:46:29.0131 1428        RFCOMM          (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:29.0132 1428        RFCOMM - ok
15:46:29.0397 1428        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:29.0399 1428        rspndr - ok
15:46:29.0653 1428        RTL8169        (eeff14cd2baf7b9d176980c855c9b5d1) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:46:29.0683 1428        RTL8169 - ok
15:46:30.0023 1428        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
15:46:30.0062 1428        s1018bus - ok
15:46:30.0238 1428        s1018mdfl      (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
15:46:30.0253 1428        s1018mdfl - ok
15:46:30.0435 1428        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
15:46:30.0436 1428        s1018mdm - ok
15:46:30.0729 1428        s1018mgmt      (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
15:46:30.0770 1428        s1018mgmt - ok
15:46:31.0020 1428        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
15:46:31.0021 1428        s1018nd5 - ok
15:46:31.0215 1428        s1018obex      (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
15:46:31.0241 1428        s1018obex - ok
15:46:31.0400 1428        s1018unic      (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
15:46:31.0401 1428        s1018unic - ok
15:46:31.0579 1428        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:46:31.0581 1428        sbp2port - ok
15:46:31.0720 1428        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:46:31.0747 1428        sdbus - ok
15:46:31.0834 1428        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:46:31.0867 1428        secdrv - ok
15:46:32.0006 1428        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:46:32.0019 1428        Serenum - ok
15:46:32.0067 1428        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:46:32.0082 1428        Serial - ok
15:46:32.0264 1428        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:46:32.0287 1428        sermouse - ok
15:46:32.0481 1428        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:46:32.0486 1428        sffdisk - ok
15:46:32.0614 1428        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:32.0615 1428        sffp_mmc - ok
15:46:32.0749 1428        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:46:32.0778 1428        sffp_sd - ok
15:46:32.0991 1428        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:46:33.0024 1428        sfloppy - ok
15:46:33.0335 1428        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:46:33.0357 1428        sisagp - ok
15:46:33.0487 1428        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:46:33.0498 1428        SiSRaid2 - ok
15:46:33.0541 1428        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:46:33.0568 1428        SiSRaid4 - ok
15:46:33.0690 1428        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:46:33.0698 1428        Smb - ok
15:46:33.0965 1428        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:46:34.0003 1428        spldr - ok
15:46:34.0375 1428        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
15:46:34.0385 1428        srv - ok
15:46:34.0510 1428        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
15:46:34.0521 1428        srv2 - ok
15:46:34.0588 1428        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:34.0614 1428        srvnet - ok
15:46:34.0753 1428        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:46:34.0786 1428        ssmdrv - ok
15:46:34.0919 1428        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:46:34.0931 1428        swenum - ok
15:46:34.0971 1428        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:46:34.0992 1428        Symc8xx - ok
15:46:35.0199 1428        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:46:35.0206 1428        Sym_hi - ok
15:46:35.0387 1428        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:46:35.0424 1428        Sym_u3 - ok
15:46:35.0608 1428        SynTP          (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
15:46:35.0636 1428        SynTP - ok
15:46:35.0912 1428        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
15:46:35.0944 1428        Tcpip - ok
15:46:36.0159 1428        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:36.0173 1428        Tcpip6 - ok
15:46:36.0400 1428        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:46:36.0416 1428        tcpipreg - ok
15:46:36.0573 1428        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:46:36.0574 1428        TDPIPE - ok
15:46:36.0775 1428        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:46:36.0781 1428        TDTCP - ok
15:46:37.0000 1428        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:46:37.0013 1428        tdx - ok
15:46:37.0183 1428        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:46:37.0192 1428        TermDD - ok
15:46:37.0540 1428        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:37.0542 1428        tssecsrv - ok
15:46:37.0753 1428        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:46:37.0776 1428        tunmp - ok
15:46:37.0967 1428        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:37.0984 1428        tunnel - ok
15:46:38.0110 1428        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:46:38.0162 1428        uagp35 - ok
15:46:38.0349 1428        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:46:38.0354 1428        udfs - ok
15:46:38.0536 1428        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:46:38.0545 1428        uliagpkx - ok
15:46:38.0841 1428        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:46:38.0892 1428        uliahci - ok
15:46:39.0122 1428        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:46:39.0150 1428        UlSata - ok
15:46:39.0340 1428        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:46:39.0374 1428        ulsata2 - ok
15:46:39.0552 1428        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:46:39.0580 1428        umbus - ok
15:46:39.0718 1428        USBAAPL        (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
15:46:39.0725 1428        USBAAPL - ok
15:46:39.0801 1428        usbccgp        (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:39.0830 1428        usbccgp - ok
15:46:39.0969 1428        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:46:39.0970 1428        usbcir - ok
15:46:40.0196 1428        usbehci        (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
15:46:40.0201 1428        usbehci - ok
15:46:40.0542 1428        usbhub          (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:40.0554 1428        usbhub - ok
15:46:40.0686 1428        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:46:40.0701 1428        usbohci - ok
15:46:41.0000 1428        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:41.0037 1428        usbprint - ok
15:46:41.0334 1428        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:41.0342 1428        USBSTOR - ok
15:46:41.0543 1428        usbuhci        (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:41.0544 1428        usbuhci - ok
15:46:41.0676 1428        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:46:41.0677 1428        usbvideo - ok
15:46:41.0919 1428        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:41.0939 1428        vga - ok
15:46:42.0119 1428        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:46:42.0157 1428        VgaSave - ok
15:46:42.0353 1428        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:46:42.0381 1428        viaagp - ok
15:46:42.0558 1428        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:46:42.0566 1428        ViaC7 - ok
15:46:42.0752 1428        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:46:42.0770 1428        viaide - ok
15:46:43.0013 1428        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:46:43.0037 1428        volmgr - ok
15:46:43.0310 1428        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:46:43.0329 1428        volmgrx - ok
15:46:43.0553 1428        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:46:43.0585 1428        volsnap - ok
15:46:43.0687 1428        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:46:43.0725 1428        vsmraid - ok
15:46:43.0827 1428        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:46:43.0843 1428        WacomPen - ok
15:46:43.0970 1428        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:43.0971 1428        Wanarp - ok
15:46:44.0004 1428        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:44.0006 1428        Wanarpv6 - ok
15:46:44.0073 1428        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:46:44.0080 1428        Wd - ok
15:46:44.0205 1428        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:46:44.0223 1428        Wdf01000 - ok
15:46:44.0492 1428        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:46:44.0497 1428        WmiAcpi - ok
15:46:44.0655 1428        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:46:44.0673 1428        WpdUsb - ok
15:46:44.0803 1428        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:44.0808 1428        ws2ifsl - ok
15:46:45.0050 1428        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:45.0091 1428        WUDFRd - ok
15:46:45.0236 1428        MBR (0x1B8)    (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
15:46:45.0984 1428        \Device\Harddisk0\DR0 - ok
15:46:46.0008 1428        Boot (0x1200)  (8d29daffec3e5c041878134e563abc55) \Device\Harddisk0\DR0\Partition0
15:46:46.0010 1428        \Device\Harddisk0\DR0\Partition0 - ok
15:46:46.0045 1428        Boot (0x1200)  (65366997e0ba32acfae6b1835a4f3c3c) \Device\Harddisk0\DR0\Partition1
15:46:46.0046 1428        \Device\Harddisk0\DR0\Partition1 - ok
15:46:46.0057 1428        ============================================================
15:46:46.0057 1428        Scan finished
15:46:46.0057 1428        ============================================================
15:46:46.0080 6008        Detected object count: 0
15:46:46.0080 6008        Actual detected object count: 0
das andere hab ich jetzt mal nicht gemacht weil bei mir nichts verschwunden ist. soll ichs trotzdem machen?

cosinus 24.09.2011 14:57
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

MrOibe 25.09.2011 11:01
Code:
ComboFix 11-09-24.01 - Peter 24.09.2011  17:49:21.1.1 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3004.1955 [GMT 2:00]
ausgeführt von:: c:\users\Peter\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msisip32.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-24 bis 2011-09-24  ))))))))))))))))))))))))))))))
.
.
2011-09-24 16:02 . 2011-09-24 16:02        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE87E342-81C2-4578-8F51-7BD63D1C259C}\offreg.dll
2011-09-24 16:00 . 2011-09-24 16:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-09-24 16:00 . 2011-09-24 16:00        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2011-09-24 12:08 . 2011-09-24 12:08        --------        d-----w-        C:\_OTL
2011-09-23 23:58 . 2011-09-12 23:14        7269712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE87E342-81C2-4578-8F51-7BD63D1C259C}\mpengine.dll
2011-09-23 10:25 . 2011-09-23 10:25        --------        d-----w-        c:\program files\ESET
2011-09-22 07:52 . 2011-09-22 07:52        --------        d-----w-        c:\users\Peter\AppData\Roaming\Malwarebytes
2011-09-22 07:52 . 2011-09-22 07:52        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-22 07:52 . 2011-09-22 09:49        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-09-22 07:52 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-16 08:57 . 2011-09-16 08:57        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 14:56 . 2011-08-10 11:35        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 06:42 . 2010-04-18 09:05        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-29 06:42 . 2010-04-18 09:05        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-8 912344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-06-18 08:04        772096        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-05-12 31232]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 15:43]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 15:43]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{BD780150-F2D8-4AF9-BA03-E51C052E844F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4ijbh.default\
FF - prefs.js: browser.search.selectedEngine - benefind
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-24 18:04
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\GURD26B.tmp 0 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2952)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-24  18:15:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-24 16:15
.
Vor Suchlauf: 5.352.898.560 Bytes frei
Nach Suchlauf: 5.280.657.408 Bytes frei
.
- - End Of File - - 7A62FAF316B74B1BA1A416E6B7EF650C

cosinus 26.09.2011 10:25
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55