|
Log-Analyse und Auswertung: TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.06.2011, 21:27 | #1 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Hallo liebe Forums-Ritter, ich habe die o.g. Trojaner auf dem Labtop. Bildschirm schwarz, kein Zugriff auf Daten, keine Möglichkeit, einen Browser zu öffnen, Avira meldete erst den ersten Virus, und heute beim Versuch, die Defogger-Anwendung und OTL aufs Desktop zu bringen via USB-Stick, zeigte Avira noch Kazy3281 an (oder so, konnte nicht so schnell auf alles achten). Ich konnte den Defogger rüberschieben und starten, klickte dann auf die entstandene Textdatei, schrieb den Inhalt glücklicherweise ab, und gleich darauf war die Datei vom Desktop verschwunden: "defogger_disable by jpshortstuff (23.02.10.1) Log created at22:04 on 27/06/2011 (Taettchen) Checking for autostart values HKCU\~\Run values retrieved HKLM\~\Run values retrieved Checking for services/drivers..." Kurz darauf fuhr sich der Computer (Windows Vista) wieder selbst runter. Und - hilfe - ich sehe gerade, dass sich "Windows Recovery" selbst ausgelöst hat und mir nun "11 errors" meldet. Und ständig kommt eine "RunDLL"-Fehlermeldung. Was nun? Ich bin sehr dankbar über Eure Hilfe!! Grüße! Taddele (Ich schreibe dies von einem anderen Computer.) Ergänzung: Habe runtergefahren und neu gestartet, OTL gestartet, es hing sich auf, und Avira zeigt nun einen neuen Fund: "TR/Crypt.XPACK.Gen4"; habe nun nochmal runtergefahren und versuche Neustart. So, ich habe es knapp geschafft mithilfe des USB-Sticks, nun hat sich's wieder runtergefahren...:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2011 23:00:22 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Taettchen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,13% Memory free 6,19 Gb Paging File | 5,11 Gb Available in Paging File | 82,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 143,26 Gb Free Space | 32,53% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,55 Gb Free Space | 49,46% Space Free | Partition Type: FAT32 Drive F: | 979,70 Mb Total Space | 978,67 Mb Free Space | 99,89% Space Free | Partition Type: FAT Computer Name: WILMA | User Name: Taettchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Taettchen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\trwKcwHFGPMgtX.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Taettchen\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 21:43:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:43:33 | 000,000,000 | ---D | M] [2009.08.03 13:57:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Extensions [2011.05.01 18:58:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions [2009.09.02 21:51:43 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.12 13:57:05 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.10 17:21:05 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.03.23 00:30:14 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.12 13:57:09 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\engine@conduit.com [2010.06.10 18:18:35 | 000,000,881 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\conduit.xml [2010.10.12 22:34:25 | 000,001,340 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\wikipedia-en.xml [2010.05.14 03:53:23 | 000,002,064 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\youtube-videosuche.xml [2010.11.15 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.02 19:48:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.02 19:48:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.02 19:48:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.02 19:48:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.02 19:48:07 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{33AEBC9B-1CD9-B392-4C34-8127573B0594}] C:\Users\Taettchen\AppData\Roaming\Gidimo\esyq.exe () O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Klosecavaleg] C:\Users\Taettchen\AppData\Local\PURPScol.dll () O4 - HKCU..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taettchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.27 22:24:36 | 000,000,000 | -H-D | C] -- C:\Users\Taettchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.06.27 22:05:42 | 000,579,072 | -H-- | C] (OldTimer Tools) -- C:\Users\Taettchen\Desktop\OTL.exe [2009.02.27 19:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.02.27 19:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.06.27 23:03:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.27 23:00:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.06.27 22:57:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.27 22:57:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.27 22:57:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.27 22:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.27 22:56:30 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2011.06.27 22:50:33 | 000,632,956 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.27 22:50:33 | 000,599,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.27 22:50:33 | 000,130,450 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.27 22:50:33 | 000,107,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.27 22:24:38 | 000,000,587 | -H-- | M] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.06.27 22:24:28 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41672440 [2011.06.27 22:24:16 | 000,438,784 | -H-- | M] () -- C:\ProgramData\41672440.exe [2011.06.27 22:04:57 | 000,000,000 | -H-- | M] () -- C:\Users\Taettchen\defogger_reenable [2011.06.27 22:00:50 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31953012-17AF-49BF-8516-FE30368E878C}.job [2011.06.27 21:57:29 | 000,000,000 | -H-- | M] () -- C:\Users\Taettchen\AppData\Local\Uremikikik.bin [2011.06.27 21:52:14 | 000,579,072 | -H-- | M] (OldTimer Tools) -- C:\Users\Taettchen\Desktop\OTL.exe [2011.06.27 21:49:24 | 000,050,477 | -H-- | M] () -- C:\Users\Taettchen\Desktop\Defogger.exe ========== Files Created - No Company Name ========== [2011.06.27 22:24:38 | 000,000,587 | -H-- | C] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.06.27 22:24:28 | 000,000,336 | -H-- | C] () -- C:\ProgramData\41672440 [2011.06.27 22:24:15 | 000,438,784 | -H-- | C] () -- C:\ProgramData\41672440.exe [2011.06.27 22:04:57 | 000,000,000 | -H-- | C] () -- C:\Users\Taettchen\defogger_reenable [2011.06.27 22:03:36 | 000,050,477 | -H-- | C] () -- C:\Users\Taettchen\Desktop\Defogger.exe [2011.05.10 22:56:16 | 000,000,000 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\Uremikikik.bin [2011.05.10 22:56:15 | 000,000,120 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\Bnamoz.dat [2011.02.12 20:09:12 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\09C10B4EB8.sys [2010.04.12 18:22:54 | 000,000,680 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\d3d9caps.dat [2010.02.01 20:13:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.02.01 20:13:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.02.01 20:13:13 | 000,409,287 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\mdbu.bin [2009.12.30 15:00:30 | 000,000,182 | ---- | C] () -- C:\Windows\PAVER01.INI [2009.09.21 12:05:52 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.09.21 12:05:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.09.21 12:05:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.09.21 12:05:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.09.21 12:05:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.09.21 12:05:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.09.21 12:05:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.09.21 12:05:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.09.21 12:05:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.09.21 12:05:52 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.09.21 12:05:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.09.21 12:05:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.09.21 12:05:52 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.09.21 12:05:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.09.21 12:05:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.09.21 12:05:52 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.09.21 12:05:52 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.09.21 12:05:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.09.21 12:05:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.09.21 12:02:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini [2009.09.17 09:37:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 09:37:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 09:37:37 | 000,118,784 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\PURPScol.dll [2009.08.11 13:33:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.08.11 12:30:21 | 000,058,368 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.09 20:00:07 | 001,965,071 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\UserTile.png [2009.06.30 18:12:13 | 000,002,986 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\wklnhst.dat [2009.02.27 19:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.02.27 19:17:28 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2009.02.27 19:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.02.27 19:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.02.26 22:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.02.26 22:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys [2009.02.26 20:50:53 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.02.19 16:18:34 | 000,632,956 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.19 16:18:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.19 16:18:34 | 000,130,450 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.19 16:18:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.19 07:31:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,438,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,599,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.04.06 17:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2005.04.06 17:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll ========== LOP Check ========== [2011.03.08 11:09:49 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Audacity [2011.02.16 01:19:44 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.13 16:15:06 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\EPSON [2011.05.10 22:54:20 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Gidimo [2009.09.02 18:08:59 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Marvell [2009.09.21 11:20:38 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\OpenOffice.org [2009.08.03 13:59:43 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Opera [2010.06.13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Scribus [2009.06.30 18:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Template [2011.02.24 23:04:24 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\uTorrent [2011.03.02 20:35:04 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Windows Live Writer [2011.05.10 23:06:55 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Wuim [2011.06.27 22:54:32 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.27 22:00:50 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{31953012-17AF-49BF-8516-FE30368E878C}.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.03.30 18:16:35 | 000,007,962 | -H-- | M] ()(C:\Users\Taettchen\Documents\?????.odt) -- C:\Users\Taettchen\Documents\णसेन्.odt [2010.03.30 18:16:28 | 000,007,962 | -H-- | C] ()(C:\Users\Taettchen\Documents\?????.odt) -- C:\Users\Taettchen\Documents\णसेन्.odt < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.06.2011 23:00:22 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Taettchen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,13% Memory free 6,19 Gb Paging File | 5,11 Gb Available in Paging File | 82,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 143,26 Gb Free Space | 32,53% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,55 Gb Free Space | 49,46% Space Free | Partition Type: FAT32 Drive F: | 979,70 Mb Total Space | 978,67 Mb Free Space | 99,89% Space Free | Partition Type: FAT Computer Name: WILMA | User Name: Taettchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{26A5DBAD-5E4A-4B44-9B19-2BD6169E8944}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C07C4097-EB2B-44FB-B24E-11C5B71BF84B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CEE72266-600B-4AE0-A9C1-A2BC1CD5E9D7}" = lport=2869 | protocol=6 | dir=in | app=system | "{CFEAB678-DD21-4DBB-9D49-9905817C5B0E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1BCB666B-E6E3-406A-BE94-2CE4CF962050}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{471EC9AE-95D7-49C2-B7CA-9C08724E6A1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E6D0C49-70E8-4417-84AC-74AD1D18F721}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{618AFA50-A545-41BC-8FFD-CAF36CD61C84}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7773820C-3574-4D55-905B-C264A9D79B91}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{94904FE8-C4D1-4322-8770-E8C68D6681AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B8276A8F-8B82-4686-B463-A4F63BE94BAF}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{EC201A21-D750-4768-AA51-55F12127C1AE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{51259E77-1724-4957-B17B-4B92EA03E587}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{715CEAB2-FD96-445F-922E-166DC72D83BF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{F27880DB-4E28-4FB3-BE52-B0B26BEA03F1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C58F7650-5057-4D3F-8D01-F5282524AC32}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{D17E02EC-4319-471B-B3C7-E75B941556AB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{E6911C3C-9822-432C-A7F1-CF41E70D8160}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 4.65 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "ALDI Foto Service Nord D" = ALDI Foto Service Nord "Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Badaboom" = Badaboom 1.1.1.194 "conduitEngine" = Conduit Engine "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch "FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free RAR Extract Frog" = Free RAR Extract Frog "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Updater" = Google Updater "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14) "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "Rossmann Fotoservice_is1" = Rossmann Fotoservice "Scribus 1.3.6" = Scribus 1.3.6 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.1 "WinLiveSuite" = Windows Live Essentials "XviD" = XviD MPEG-4 Codec ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.06.2011 16:02:02 | Computer Name = Wilma | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc, Prozess-ID 0x125c, Anwendungsstartzeit 01cc3504e83039ab. Error - 27.06.2011 16:24:28 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:24:28 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:25:20 | Computer Name = Wilma | Source = WinMgmt | ID = 10 Description = Error - 27.06.2011 16:42:56 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:42:56 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:43:58 | Computer Name = Wilma | Source = WinMgmt | ID = 10 Description = Error - 27.06.2011 16:57:41 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:57:41 | Computer Name = Wilma | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 27.06.2011 16:58:13 | Computer Name = Wilma | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 30.04.2010 06:50:13 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 01.05.2010 06:05:20 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 02.05.2010 14:28:53 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 03.05.2010 01:10:48 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 03.05.2010 08:32:34 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 09.05.2010 06:14:41 | Computer Name = Wilma | Source = DCOM | ID = 10005 Description = Error - 09.05.2010 06:14:41 | Computer Name = Wilma | Source = Service Control Manager | ID = 7009 Description = Error - 09.05.2010 06:14:41 | Computer Name = Wilma | Source = Service Control Manager | ID = 7000 Description = Error - 09.05.2010 19:29:31 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.178.22 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 09.05.2010 19:34:47 | Computer Name = Wilma | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse 0022FA234C9C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > (habe aus Versehen doppelt gepostet, sorry) Gmer konnte ich nicht fertig kriegen, das System fährt sich immer runter, bevor GMER fertig ist. Habe es etwa 5-mal versucht, es fährt immer schneller runter... Jetzt findet Avira auch noch "TR/Kazy.22832". Bitte helft mir, leider kann ich GMER auch nach 2 Stunden sturem Wiederhochfahren nicht erfolgreich beenden... |
30.06.2011, 10:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
30.06.2011, 15:52 | #3 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Lieber Arne,
__________________vielen herzlichen Dank für Deine Antwort!!! Ich habe Malewarebytes installiert, upgedatet, bei "full scan" fuhr das System wieder nach einer viertel Stunde runter; ich wiederholte die Aktion mit "Quick Scan", verfuhr nach Anleitung, startete danach das System erneut, machete einen "full scan", wo nochmals 2 infizierte Dateien gefunden wurden. An die privaten Ordner ist nach wie vor noch kein Herankommen, aber das System schaltet sich nicht mehr von selbst aus. Erster (Quick) Scan: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6985 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 30.06.2011 14:26:55 mbam-log-2011-06-30 (14-26-55).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161855 Laufzeit: 19 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 15 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{33AEBC9B-1CD9-B392-4C34-8127573B0594} (Spyware.Passwords.XGen) -> Value: {33AEBC9B-1CD9-B392-4C34-8127573B0594} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trwKcwHFGPMgtX (Rogue.Installer.Gen) -> Value: trwKcwHFGPMgtX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Klosecavaleg (Trojan.Hiloti) -> Value: Klosecavaleg -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\taettchen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\taettchen\AppData\Roaming\Gidimo\esyq.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Local\PURPScol.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\programdata\41672440.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Local\Temp\0.20694686385371674.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Local\Temp\0.605729161512954.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Local\Temp\tmp7E34.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\taettchen\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\taettchen\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Roaming\Adobe\plugs\mmc182.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\Roaming\Adobe\plugs\mmc91.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Zweiter (vollständiger) Scan: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6985 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 30.06.2011 16:46:21 mbam-log-2011-06-30 (16-46-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 373481 Laufzeit: 2 Stunde(n), 13 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\taettchen\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\10244F8U\windows-update-sp4-kb94236-setup[1].exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\taettchen\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54\1092eff6-4218bf41 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. |
30.06.2011, 16:10 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
30.06.2011, 18:06 | #5 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Hi Arne, ich habe den OTL-Scan gemacht, habe in den Einstellungen nichts verändert (nicht wie es an anderer Stelle bei der allgemeinen Anleitung empfohlen wird) , ich hoffe, es war ok. Bei Datei-Alter steht 30 Tage - es könnte sein, dass ich den Virus vorher schon hatte - es dürfte jetzt etwa einen Monat her sein, dass ich das Labtop nicht mehr benutzen konnte... falls das wichtig ist...OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2011 23:00:22 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Taettchen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,13% Memory free 6,19 Gb Paging File | 5,11 Gb Available in Paging File | 82,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 143,26 Gb Free Space | 32,53% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,55 Gb Free Space | 49,46% Space Free | Partition Type: FAT32 Drive F: | 979,70 Mb Total Space | 978,67 Mb Free Space | 99,89% Space Free | Partition Type: FAT Computer Name: WILMA | User Name: Taettchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Taettchen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\trwKcwHFGPMgtX.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Taettchen\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 21:43:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:43:33 | 000,000,000 | ---D | M] [2009.08.03 13:57:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Extensions [2011.05.01 18:58:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions [2009.09.02 21:51:43 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.12 13:57:05 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.10 17:21:05 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.03.23 00:30:14 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.12 13:57:09 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Taettchen\AppData\Roaming\mozilla\Firefox\Profiles\9pro4g14.default\extensions\engine@conduit.com [2010.06.10 18:18:35 | 000,000,881 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\conduit.xml [2010.10.12 22:34:25 | 000,001,340 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\wikipedia-en.xml [2010.05.14 03:53:23 | 000,002,064 | -H-- | M] () -- C:\Users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\searchplugins\youtube-videosuche.xml [2010.11.15 21:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.02 19:48:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.02 19:48:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.02 19:48:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.02 19:48:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.02 19:48:07 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{33AEBC9B-1CD9-B392-4C34-8127573B0594}] C:\Users\Taettchen\AppData\Roaming\Gidimo\esyq.exe () O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Klosecavaleg] C:\Users\Taettchen\AppData\Local\PURPScol.dll () O4 - HKCU..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taettchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.27 22:24:36 | 000,000,000 | -H-D | C] -- C:\Users\Taettchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.06.27 22:05:42 | 000,579,072 | -H-- | C] (OldTimer Tools) -- C:\Users\Taettchen\Desktop\OTL.exe [2009.02.27 19:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.02.27 19:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.06.27 23:03:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.27 23:00:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.06.27 22:57:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.27 22:57:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.27 22:57:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.27 22:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.27 22:56:30 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2011.06.27 22:50:33 | 000,632,956 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.27 22:50:33 | 000,599,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.27 22:50:33 | 000,130,450 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.27 22:50:33 | 000,107,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.27 22:24:38 | 000,000,587 | -H-- | M] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.06.27 22:24:28 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41672440 [2011.06.27 22:24:16 | 000,438,784 | -H-- | M] () -- C:\ProgramData\41672440.exe [2011.06.27 22:04:57 | 000,000,000 | -H-- | M] () -- C:\Users\Taettchen\defogger_reenable [2011.06.27 22:00:50 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31953012-17AF-49BF-8516-FE30368E878C}.job [2011.06.27 21:57:29 | 000,000,000 | -H-- | M] () -- C:\Users\Taettchen\AppData\Local\Uremikikik.bin [2011.06.27 21:52:14 | 000,579,072 | -H-- | M] (OldTimer Tools) -- C:\Users\Taettchen\Desktop\OTL.exe [2011.06.27 21:49:24 | 000,050,477 | -H-- | M] () -- C:\Users\Taettchen\Desktop\Defogger.exe ========== Files Created - No Company Name ========== [2011.06.27 22:24:38 | 000,000,587 | -H-- | C] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.06.27 22:24:28 | 000,000,336 | -H-- | C] () -- C:\ProgramData\41672440 [2011.06.27 22:24:15 | 000,438,784 | -H-- | C] () -- C:\ProgramData\41672440.exe [2011.06.27 22:04:57 | 000,000,000 | -H-- | C] () -- C:\Users\Taettchen\defogger_reenable [2011.06.27 22:03:36 | 000,050,477 | -H-- | C] () -- C:\Users\Taettchen\Desktop\Defogger.exe [2011.05.10 22:56:16 | 000,000,000 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\Uremikikik.bin [2011.05.10 22:56:15 | 000,000,120 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\Bnamoz.dat [2011.02.12 20:09:12 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\09C10B4EB8.sys [2010.04.12 18:22:54 | 000,000,680 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\d3d9caps.dat [2010.02.01 20:13:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.02.01 20:13:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.02.01 20:13:13 | 000,409,287 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\mdbu.bin [2009.12.30 15:00:30 | 000,000,182 | ---- | C] () -- C:\Windows\PAVER01.INI [2009.09.21 12:05:52 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.09.21 12:05:52 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.09.21 12:05:52 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.09.21 12:05:52 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.09.21 12:05:52 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.09.21 12:05:52 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.09.21 12:05:52 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.09.21 12:05:52 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.09.21 12:05:52 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.09.21 12:05:52 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.09.21 12:05:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.09.21 12:05:52 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.09.21 12:05:52 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.09.21 12:05:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.09.21 12:05:52 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.09.21 12:05:52 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.09.21 12:05:52 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.09.21 12:05:52 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.09.21 12:05:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.09.21 12:02:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini [2009.09.17 09:37:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 09:37:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 09:37:37 | 000,118,784 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\PURPScol.dll [2009.08.11 13:33:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.08.11 12:30:21 | 000,058,368 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.09 20:00:07 | 001,965,071 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\UserTile.png [2009.06.30 18:12:13 | 000,002,986 | -H-- | C] () -- C:\Users\Taettchen\AppData\Roaming\wklnhst.dat [2009.02.27 19:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.02.27 19:17:28 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2009.02.27 19:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.02.27 19:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.02.26 22:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.02.26 22:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys [2009.02.26 20:50:53 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.02.19 16:18:34 | 000,632,956 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.02.19 16:18:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.02.19 16:18:34 | 000,130,450 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.02.19 16:18:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.02.19 07:31:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,438,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,599,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.04.06 17:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2005.04.06 17:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll ========== LOP Check ========== [2011.03.08 11:09:49 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Audacity [2011.02.16 01:19:44 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.13 16:15:06 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\EPSON [2011.05.10 22:54:20 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Gidimo [2009.09.02 18:08:59 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Marvell [2009.09.21 11:20:38 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\OpenOffice.org [2009.08.03 13:59:43 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Opera [2010.06.13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Scribus [2009.06.30 18:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Template [2011.02.24 23:04:24 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\uTorrent [2011.03.02 20:35:04 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Windows Live Writer [2011.05.10 23:06:55 | 000,000,000 | -H-D | M] -- C:\Users\Taettchen\AppData\Roaming\Wuim [2011.06.27 22:54:32 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.27 22:00:50 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{31953012-17AF-49BF-8516-FE30368E878C}.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.03.30 18:16:35 | 000,007,962 | -H-- | M] ()(C:\Users\Taettchen\Documents\?????.odt) -- C:\Users\Taettchen\Documents\णसेन्.odt [2010.03.30 18:16:28 | 000,007,962 | -H-- | C] ()(C:\Users\Taettchen\Documents\?????.odt) -- C:\Users\Taettchen\Documents\णसेन्.odt < End of report > |
30.06.2011, 19:43 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL PRC - C:\ProgramData\trwKcwHFGPMgtX.exe () O4 - HKCU..\Run: [{33AEBC9B-1CD9-B392-4C34-8127573B0594}] C:\Users\Taettchen\AppData\Roaming\Gidimo\esyq.exe () O4 - HKCU..\Run: [Klosecavaleg] C:\Users\Taettchen\AppData\Local\PURPScol.dll () O4 - HKCU..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] [2011.06.27 22:24:36 | 000,000,000 | -H-D | C] -- C:\Users\Taettchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.06.27 22:24:38 | 000,000,587 | -H-- | M] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.06.27 22:24:28 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41672440 [2011.06.27 22:24:16 | 000,438,784 | -H-- | M] () -- C:\ProgramData\41672440.exe [2011.06.27 21:57:29 | 000,000,000 | -H-- | M] () -- C:\Users\Taettchen\AppData\Local\Uremikikik.bin [2011.06.27 22:24:38 | 000,000,587 | -H-- | C] () -- C:\Users\Taettchen\Desktop\Windows Recovery.lnk [2011.05.10 22:56:15 | 000,000,120 | -H-- | C] () -- C:\Users\Taettchen\AppData\Local\Bnamoz.dat :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... |
03.07.2011, 11:16 | #7 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Lieber Arne, hier der "Fix"- und einen schönen Sonntag!! ========== OTL ========== No active process named trwKcwHFGPMgtX.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{33AEBC9B-1CD9-B392-4C34-8127573B0594} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33AEBC9B-1CD9-B392-4C34-8127573B0594}\ not found. File C:\Users\Taettchen\AppData\Roaming\Gidimo\esyq.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Klosecavaleg not found. File C:\Users\Taettchen\AppData\Local\PURPScol.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\trwKcwHFGPMgtX not found. File C:\ProgramData\trwKcwHFGPMgtX.exe not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. D:\autoexec.bat moved successfully. Folder C:\Users\Taettchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\ not found. File C:\Users\Taettchen\Desktop\Windows Recovery.lnk not found. C:\ProgramData\41672440 moved successfully. File C:\ProgramData\41672440.exe not found. C:\Users\Taettchen\AppData\Local\Uremikikik.bin moved successfully. File C:\Users\Taettchen\Desktop\Windows Recovery.lnk not found. C:\Users\Taettchen\AppData\Local\Bnamoz.dat moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.24.1 log created on 07032011_121513 |
03.07.2011, 13:35 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.07.2011, 22:01 | #9 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Hier das Ergebnis von TDSSKiller: 2011/07/03 22:57:03.0878 0172 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/07/03 22:57:04.0205 0172 ================================================================================ 2011/07/03 22:57:04.0205 0172 SystemInfo: 2011/07/03 22:57:04.0205 0172 2011/07/03 22:57:04.0205 0172 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/03 22:57:04.0205 0172 Product type: Workstation 2011/07/03 22:57:04.0205 0172 ComputerName: WILMA 2011/07/03 22:57:04.0205 0172 UserName: Taettchen 2011/07/03 22:57:04.0205 0172 Windows directory: C:\Windows 2011/07/03 22:57:04.0205 0172 System windows directory: C:\Windows 2011/07/03 22:57:04.0205 0172 Processor architecture: Intel x86 2011/07/03 22:57:04.0205 0172 Number of processors: 2 2011/07/03 22:57:04.0205 0172 Page size: 0x1000 2011/07/03 22:57:04.0205 0172 Boot type: Normal boot 2011/07/03 22:57:04.0205 0172 ================================================================================ 2011/07/03 22:57:06.0155 0172 Initialize success 2011/07/03 22:57:13.0721 3884 ================================================================================ 2011/07/03 22:57:13.0721 3884 Scan started 2011/07/03 22:57:13.0721 3884 Mode: Manual; 2011/07/03 22:57:13.0721 3884 ================================================================================ 2011/07/03 22:57:14.0922 3884 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2011/07/03 22:57:15.0250 3884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/03 22:57:15.0437 3884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/07/03 22:57:15.0593 3884 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/07/03 22:57:15.0624 3884 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/07/03 22:57:15.0765 3884 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/07/03 22:57:15.0999 3884 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/03 22:57:16.0264 3884 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/07/03 22:57:16.0560 3884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/03 22:57:16.0794 3884 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/07/03 22:57:16.0935 3884 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/07/03 22:57:17.0075 3884 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/07/03 22:57:17.0356 3884 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/07/03 22:57:17.0543 3884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/07/03 22:57:18.0074 3884 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/07/03 22:57:18.0308 3884 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/07/03 22:57:18.0464 3884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/03 22:57:18.0947 3884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/03 22:57:19.0197 3884 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2011/07/03 22:57:19.0368 3884 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/03 22:57:19.0821 3884 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/03 22:57:20.0117 3884 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/03 22:57:20.0382 3884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/03 22:57:20.0554 3884 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/07/03 22:57:20.0648 3884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/03 22:57:20.0757 3884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/03 22:57:20.0788 3884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/03 22:57:20.0835 3884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/03 22:57:21.0053 3884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/03 22:57:21.0459 3884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/03 22:57:21.0818 3884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/03 22:57:22.0020 3884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/03 22:57:22.0208 3884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/03 22:57:22.0520 3884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/03 22:57:22.0660 3884 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/07/03 22:57:23.0081 3884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/03 22:57:23.0300 3884 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/03 22:57:23.0612 3884 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/07/03 22:57:24.0111 3884 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/03 22:57:24.0454 3884 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/07/03 22:57:24.0735 3884 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/07/03 22:57:25.0062 3884 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/03 22:57:25.0421 3884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/03 22:57:26.0014 3884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/03 22:57:26.0576 3884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/03 22:57:26.0934 3884 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/03 22:57:27.0512 3884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/03 22:57:28.0026 3884 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/07/03 22:57:28.0604 3884 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/07/03 22:57:28.0822 3884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/03 22:57:28.0884 3884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/03 22:57:29.0118 3884 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/03 22:57:29.0243 3884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/03 22:57:29.0290 3884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/03 22:57:29.0462 3884 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/03 22:57:29.0571 3884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/03 22:57:29.0945 3884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/03 22:57:30.0195 3884 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/03 22:57:30.0476 3884 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/07/03 22:57:30.0632 3884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/03 22:57:30.0803 3884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/03 22:57:30.0990 3884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/03 22:57:31.0209 3884 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2011/07/03 22:57:31.0349 3884 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/07/03 22:57:31.0552 3884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/03 22:57:31.0848 3884 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/07/03 22:57:32.0036 3884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/03 22:57:32.0082 3884 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/07/03 22:57:32.0192 3884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/03 22:57:32.0550 3884 IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys 2011/07/03 22:57:32.0644 3884 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/07/03 22:57:32.0675 3884 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/03 22:57:32.0722 3884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/03 22:57:33.0050 3884 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/03 22:57:33.0268 3884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/03 22:57:33.0362 3884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/03 22:57:33.0564 3884 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/07/03 22:57:33.0861 3884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/03 22:57:34.0048 3884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/03 22:57:34.0142 3884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/03 22:57:34.0173 3884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/03 22:57:34.0266 3884 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/07/03 22:57:34.0485 3884 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/03 22:57:35.0000 3884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/03 22:57:35.0140 3884 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/03 22:57:35.0171 3884 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/03 22:57:35.0218 3884 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/03 22:57:35.0265 3884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/03 22:57:35.0483 3884 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys 2011/07/03 22:57:35.0592 3884 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/07/03 22:57:35.0858 3884 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/07/03 22:57:36.0263 3884 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/07/03 22:57:36.0482 3884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/03 22:57:36.0669 3884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/03 22:57:36.0731 3884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/03 22:57:37.0028 3884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys 2011/07/03 22:57:37.0137 3884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/03 22:57:37.0199 3884 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/07/03 22:57:37.0246 3884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/03 22:57:37.0527 3884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/03 22:57:37.0745 3884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/03 22:57:37.0901 3884 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/03 22:57:38.0166 3884 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/03 22:57:38.0354 3884 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/03 22:57:38.0447 3884 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/07/03 22:57:38.0572 3884 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/07/03 22:57:38.0759 3884 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2011/07/03 22:57:38.0946 3884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/03 22:57:39.0118 3884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/03 22:57:39.0477 3884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/03 22:57:39.0524 3884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/03 22:57:39.0664 3884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/03 22:57:39.0789 3884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/03 22:57:39.0976 3884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/03 22:57:40.0179 3884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/03 22:57:40.0413 3884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/03 22:57:40.0725 3884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/03 22:57:41.0021 3884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/03 22:57:41.0333 3884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/03 22:57:41.0739 3884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/03 22:57:42.0004 3884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/03 22:57:42.0144 3884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/03 22:57:42.0300 3884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/03 22:57:42.0581 3884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/03 22:57:43.0034 3884 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/07/03 22:57:43.0283 3884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/03 22:57:43.0502 3884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/03 22:57:43.0595 3884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/03 22:57:43.0845 3884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/03 22:57:43.0985 3884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/03 22:57:44.0094 3884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/03 22:57:44.0141 3884 NVHDA (590caa306f9e7c303905b738ebdfe2e2) C:\Windows\system32\drivers\nvhda32v.sys 2011/07/03 22:57:44.0609 3884 nvlddmkm (6838f505c0cc881f0c78d333dfde181b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/03 22:57:44.0937 3884 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/07/03 22:57:45.0108 3884 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/07/03 22:57:45.0202 3884 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/07/03 22:57:45.0296 3884 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/03 22:57:45.0374 3884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/03 22:57:45.0530 3884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/03 22:57:45.0608 3884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/03 22:57:45.0873 3884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/03 22:57:45.0998 3884 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/07/03 22:57:46.0154 3884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/07/03 22:57:46.0419 3884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/03 22:57:46.0653 3884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/03 22:57:46.0715 3884 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/07/03 22:57:46.0840 3884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/03 22:57:46.0902 3884 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/07/03 22:57:47.0105 3884 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/07/03 22:57:47.0292 3884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/03 22:57:47.0417 3884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/03 22:57:47.0480 3884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/03 22:57:47.0682 3884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/03 22:57:47.0870 3884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/03 22:57:48.0010 3884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/03 22:57:48.0088 3884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/03 22:57:48.0275 3884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/03 22:57:48.0509 3884 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/07/03 22:57:48.0634 3884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/03 22:57:48.0837 3884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/03 22:57:49.0055 3884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/03 22:57:49.0352 3884 RTL8169 (2cc77c65216a8bb4677e637120d5731d) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/07/03 22:57:49.0539 3884 RTSTOR (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS 2011/07/03 22:57:49.0664 3884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/03 22:57:49.0835 3884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/03 22:57:50.0054 3884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/03 22:57:50.0147 3884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/03 22:57:50.0178 3884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/03 22:57:50.0256 3884 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/07/03 22:57:50.0272 3884 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/03 22:57:50.0303 3884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/03 22:57:50.0631 3884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/07/03 22:57:50.0802 3884 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/07/03 22:57:51.0161 3884 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/07/03 22:57:51.0520 3884 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/07/03 22:57:51.0754 3884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/03 22:57:52.0019 3884 SNP2UVC (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/07/03 22:57:52.0222 3884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/03 22:57:52.0440 3884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/03 22:57:52.0612 3884 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/03 22:57:53.0111 3884 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/03 22:57:53.0439 3884 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/03 22:57:53.0813 3884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/03 22:57:54.0000 3884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/03 22:57:54.0125 3884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/03 22:57:54.0172 3884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/03 22:57:54.0656 3884 SynTP (a7cec70dd3d85ac711897e02358e9793) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/03 22:57:54.0905 3884 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/03 22:57:55.0186 3884 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/03 22:57:55.0358 3884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/03 22:57:55.0389 3884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/03 22:57:55.0545 3884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/03 22:57:55.0763 3884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/03 22:57:56.0013 3884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/03 22:57:56.0231 3884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/03 22:57:56.0340 3884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/03 22:57:56.0418 3884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/03 22:57:56.0590 3884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/07/03 22:57:56.0855 3884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/03 22:57:57.0136 3884 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/03 22:57:57.0464 3884 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/07/03 22:57:57.0729 3884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/03 22:57:58.0025 3884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/03 22:57:58.0353 3884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/03 22:57:58.0571 3884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/03 22:57:58.0868 3884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/03 22:57:59.0211 3884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/03 22:57:59.0507 3884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/03 22:57:59.0991 3884 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/07/03 22:58:00.0303 3884 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/03 22:58:00.0584 3884 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/03 22:58:00.0927 3884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/03 22:58:01.0208 3884 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/03 22:58:01.0566 3884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/03 22:58:01.0972 3884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/03 22:58:02.0206 3884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/03 22:58:02.0456 3884 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/07/03 22:58:02.0736 3884 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/07/03 22:58:02.0986 3884 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/07/03 22:58:03.0189 3884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/03 22:58:03.0392 3884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/03 22:58:03.0626 3884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/03 22:58:03.0891 3884 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/07/03 22:58:04.0172 3884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/03 22:58:04.0452 3884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/03 22:58:04.0515 3884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/03 22:58:04.0702 3884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/07/03 22:58:05.0045 3884 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/03 22:58:05.0357 3884 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/03 22:58:05.0529 3884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/03 22:58:05.0794 3884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/03 22:58:05.0856 3884 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/03 22:58:05.0903 3884 Boot (0x1200) (6dae38b0be079742de1af7be01f48697) \Device\Harddisk0\DR0\Partition0 2011/07/03 22:58:05.0981 3884 Boot (0x1200) (7be4122e7c8a35331eaee8937348fca5) \Device\Harddisk0\DR0\Partition1 2011/07/03 22:58:05.0997 3884 ================================================================================ 2011/07/03 22:58:05.0997 3884 Scan finished 2011/07/03 22:58:05.0997 3884 ================================================================================ 2011/07/03 22:58:06.0012 1216 Detected object count: 0 2011/07/03 22:58:06.0012 1216 Actual detected object count: 0 Ich werde jetzt unhide.exe laufen lassen. Arne, ich bin Dir so dankbar, dass Du mir hilfst!! Irgendwie macht es Spass, diese "Infektion" so zu bekämpfen!! |
03.07.2011, 22:16 | #10 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Lieber Arne, wow, unglaublich, es ist alles wieder zugänglich. Heisst das, dass die Sache gelöst ist - ?? Was ist mit dem Defogger, muss ich ihn nun nochmal "umstellen" (enable oder disable - ich hab ja keine Ahnung, was das Programm machte). Jedenfalls kann ich jetzt die Daten sichern. Ist es empfehlenswert, das ganze System neu aufzusetzen oder ist es nun repariert? (Falls wir überhaupt am Ende sind, ich weiß ja nicht...) Also es ist schon toll, was diese Tools und Ihr vom Trojanerboard so alles könnt!!! |
04.07.2011, 08:58 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.07.2011, 17:38 | #12 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Lieber Arne, ich habe (endlich) Combofix laufen lassen, habe Firewall und Avira, Malwarebytes (das noch installiert ist) sowie Skype und solche Programme deaktiviert bzw. beendet, Combofix lief und fand eine infizierte Datei (irgendein Treiber, konnte es mir nicht merken), dann stürzte der Computer ab, fuhr sich wieder hoch. Combofix startete nicht mehr, ich öffnete das Programm bisher nicht mehr, ich suchte nach der Logdatei, aber die hatte das Programm wohl noch nicht erstellt. Soll ich es nochmal laufen lassen? Im Tutorium stand, die Internet-Verbindung würde von Combofix gekappt, dies geschah bei mir nicht (falls das wichtig ist). Die Wiederherstellungskonsole wurde nicht zu installieren verlangt. Ich startete als Administrator, war das korrekt? Bewegt habe ich nichts, sobald die Dialogfenster erledigt waren. Viele Grüße!! Taddele |
10.07.2011, 18:21 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.07.2011, 06:36 | #14 |
| TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Hallo Arne, diesmal hat es geklappt) Inzwischen habe ich auch herausgefunden, wie ich den Windows Defender ausschalten kann... (ich glaube, der war vor dem Befall auch ausgeschaltet, weil ich glaubte, ich solle nur ein Virenprogramm am laufen haben und das war Avira) Combofix Logfile: Code:
ATTFilter ComboFix 11-07-10.05 - Taettchen 11.07.2011 7:18.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1876 [GMT 2:00] ausgeführt von:: c:\users\Taettchen\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Taettchen\AppData\Local\{10963F6B-E0BD-4459-8A15-8061CA7323BC} c:\users\Taettchen\AppData\Local\{10963F6B-E0BD-4459-8A15-8061CA7323BC}\chrome.manifest c:\users\Taettchen\AppData\Local\{10963F6B-E0BD-4459-8A15-8061CA7323BC}\chrome\content\_cfg.js c:\users\Taettchen\AppData\Local\{10963F6B-E0BD-4459-8A15-8061CA7323BC}\chrome\content\overlay.xul c:\users\Taettchen\AppData\Local\{10963F6B-E0BD-4459-8A15-8061CA7323BC}\install.rdf c:\users\Taettchen\AppData\Roaming\Adobe\plugs c:\users\Taettchen\AppData\Roaming\Adobe\shed c:\windows\IsUn0407.exe . -- Vorheriger Suchlauf -- . c:\windows\system32\Drivers\atapi.sys . . . ist infiziert!! . -------- . . ((((((((((((((((((((((( Dateien erstellt von 2011-06-11 bis 2011-07-11 )))))))))))))))))))))))))))))) . . 2011-07-11 05:26 . 2011-07-11 05:27 -------- d-----w- c:\users\Taettchen\AppData\Local\temp 2011-07-11 05:26 . 2011-07-11 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-09 11:16 . 2011-07-09 11:23 -------- d-----w- c:\users\Taettchen\Transfer 2011-07-09 10:40 . 2011-07-09 10:40 -------- d-----w- c:\users\Taettchen\AppData\Local\Seven Zip 2011-07-08 16:00 . 2011-07-11 05:16 -------- d-----w- C:\32788R22FWJFW 2011-07-08 15:52 . 2011-06-20 06:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2BF768F9-FDCD-419C-B2FF-4FB1C23BF960}\mpengine.dll ERROR(0x00000005) 2011-07-03 10:21 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-07-03 10:15 . 2011-07-03 10:15 -------- d-----w- C:\_OTL 2011-06-30 12:20 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-30 12:20 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-30 12:18 . 2011-05-28 06:04 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-30 12:18 . 2011-05-28 04:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-30 12:17 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-06-30 11:52 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-30 11:52 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-30 11:52 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-30 11:51 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-30 11:51 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-30 11:39 . 2011-06-30 11:39 -------- d-----w- c:\users\Taettchen\AppData\Roaming\Malwarebytes 2011-06-30 11:38 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-30 11:38 . 2011-06-30 12:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-30 11:38 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-27 23:41 . 2011-06-27 23:41 9336 ----a-w- c:\windows\system32\WinIo.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 11:39 . 2009-08-03 09:12 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-30 11:39 . 2009-08-03 09:12 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-20 06:57 . 2009-02-19 05:31 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005) 2011-05-24 17:14 . 2009-10-03 08:02 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-17 08:28 . 2010-06-24 10:33 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ERROR(0x00000005) . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440] "tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704] "MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2007-11-02 36864] "PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664] R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-23 51232] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2011-07-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 06:38] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 04:57] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 04:57] . 2011-07-11 c:\windows\Tasks\User_Feed_Synchronization-{31953012-17AF-49BF-8516-FE30368E878C}.job - c:\windows\system32\msfeedssync.exe [2011-06-30 04:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to Mp3 Converter - c:\users\Taettchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Taettchen\AppData\Roaming\Mozilla\Firefox\Profiles\9pro4g14.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe HKLM-Run-ALDI_NORD_FotoSuite_Download - c:\program files\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe AddRemove-PAD.exe - c:\windows\IsUn0407.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-11 07:27 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2326183576-3679008827-974669100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2326183576-3679008827-974669100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . Zeit der Fertigstellung: 2011-07-11 07:30:11 ComboFix-quarantined-files.txt 2011-07-11 05:30 . Vor Suchlauf: 12 Verzeichnis(se), 331.289.899.008 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 331.308.331.008 Bytes frei . - - End Of File - - 37AD4ED46B6307EFC1850B64AC8FF8EB Viele Grüße!! Taddele Geändert von taddele (11.07.2011 um 06:42 Uhr) |
11.07.2011, 09:03 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum... |
7-zip, adblock, bildschirm, bildschirm schwarz, desktop verschwunden, google earth, install.exe, kein zugriff, malware.trace, ntdll.dll, nvlddmkm.sys, plug-in, rogue.installer.gen, sched.exe, spyware.passwords.xgen, start menu, tr/crypt.xpack.ge, tr/crypt.xpack.gen4, tr/kazy.mekl.1, tr/kazy.mekl.1 und kazy3281, trojan.agent, trojan.agent.gen, trojan.fakealert, trojan.fakeav, trojan.hiloti, verschwunden |