| |
| |||||||
Log-Analyse und Auswertung: TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.03.2012, 18:57
| #1 |
 |  TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo zusammen, das Problem mit meinem Computer begann mit der Meldung von Avira TR/crypt.zpack.gen8 gefunden zu haben. Leider habe ich mir weitere Details nicht notiert und eine Log Datei von Avira finde ich nicht. Nur soviel: Nachdem ich die Avira Meldung quittiert habe poppten ~20 Windowsmeldungen auf. Nachdem ich diese geschlossen habe, startete der Compi automatisch neu. Vom Desktop sind eine Vielzahl von Dateien und Ordner verschwunden, der Hintergrund ist schwarz. Auch mein Start Menu ist leer, wobei die Ordnerstruktur darin noch vorhanden ist. Die gleichen Avira und Windows Meldungen kamen erneut. Nach dem folgenden automatischen Neustart bekam ich nur noch einen Bluescreen. Danach habe in Windows im abgesicherten Modus mit Netwerkunterstützung gestartet - so läuft er jetzt erstmal. Im Board habe ich einige Einträge zu TR/crypt.xpack.gen mit ähnlichen Symptomen gefunden - aber keinen konkreten Lösungsweg um das Problem zu beheben. Anbei noch die Log Dateien - ich hoffe, dass mir jemand helfen kann! Danke schonmal vorab! .DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by ***** at 17:40:16 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1790.1357 [GMT 2:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [rmIhrYfwFjUdy.exe] c:\programdata\rmIhrYfwFjUdy.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\377796373736F6D6534376 : DhcpNameServer = 192.168.48.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\75962756C6563737F5E65647 : DhcpNameServer = 193.162.153.164 194.239.134.83
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\75F627C64636F666665656D22333730323D274F656474796E67656E6 : DhcpNameServer = 192.168.44.1 192.168.44.1
TCP: Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}\845696D6C416E6 : DhcpNameServer = 192.168.2.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\*****\appdata\roaming\mozilla\firefox\profiles\mejxpefa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber;c:\windows\system32\drivers\rtl819xp.sys [2011-1-6 559208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608]
S1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-1-1 9600]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-11-4 10752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-13 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-9-14 94880]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-14 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-14 144704]
S2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-11-4 311296]
S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2012-2-15 2016504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-13 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-14 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-2-14 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-5 64032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-28 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-20 1343400]
.
=============== Created Last 30 ================
.
2012-03-31 14:52:05 -------- d-----w- c:\users\*****\appdata\roaming\Malwarebytes
2012-03-31 14:51:56 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 14:51:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 14:51:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-31 14:14:37 220672 ----a-w- c:\programdata\ZOtq0h1R1Ftiig.exe
2012-03-31 14:01:20 300032 ----a-w- c:\programdata\rmIhrYfwFjUdy.exe
2012-03-27 19:22:47 -------- d-----w- c:\users\*****\appdata\roaming\FreeCommander
2012-03-27 19:22:45 -------- d-----w- c:\program files\FreeCommander
2012-03-21 22:40:53 -------- d-----w- c:\program files\Application Updater
2012-03-21 22:40:50 -------- d-----w- c:\program files\pdfforge Toolbar
2012-03-21 22:40:50 -------- d-----w- c:\program files\common files\Spigot
2012-03-18 12:22:38 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 12:22:38 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-18 10:30:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 10:30:20 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 12:55:52 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 12:55:40 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 12:54:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 12:54:02 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 12:54:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 12:53:44 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 12:53:42 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 12:53:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-18 10:24:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
============= FINISH: 17:41:19,62 ===============
--- --- --- --- --- --- attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13.02.2010 22:31:53
System Uptime: 31.03.2012 16:35:51 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N510
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 164,028 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: BCM2046 Bluetooth Module
Device ID: USB\VID_0A5C&PID_2151\0C6076BC0CD9
Manufacturer: Broadcom
Name: BCM2046 Bluetooth Module
PNP Device ID: USB\VID_0A5C&PID_2151\0C6076BC0CD9
Service: BTHUSB
.
==== System Restore Points ===================
.
RP159: 30.12.2011 14:00:58 - Windows Update
RP160: 30.12.2011 14:39:43 - Windows Update
RP161: 20.01.2012 11:19:46 - Windows Update
RP162: 20.01.2012 11:49:53 - Installed Java(TM) 6 Update 30
RP163: 29.01.2012 19:41:41 - Windows Update
RP164: 11.02.2012 19:40:24 - Geplanter Prüfpunkt
RP165: 16.02.2012 20:27:06 - Windows Update
RP166: 18.03.2012 11:27:10 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Deutsch
Amazon MP3-Downloader 1.0.9
AndreaMosaic 3.32.3
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
BatteryLifeExtender
Bonjour
ChargeableUSB
Compatibility Pack für 2007 Office System
CyberLink PowerDVD 8
CyberLink YouCam
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
eReg
FreeCommander 2009.02b
GIMP 2.6.8
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
iCloud
Iomega Product Registration
Iomega Storage Manager
IrfanView (remove only)
ISODisk 1.1
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.60.1.1000
Marvell Miniport Driver
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
Mozilla Thunderbird (3.0.1)
Mp3tag v2.49a
MSVCRT
NVIDIA Drivers
OpenOffice.org 3.2
PDFCreator
pdfforge Toolbar v5.1
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Safari
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SCHLECKER Foto Digital Service
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
SRIM
Sweet Home 3D version 3.4
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
UltraVnc
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
VLC media player 1.0.5
VoiceOver Kit
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
WISO Sparbuch 2010
WISO Steuer-Sparbuch 2011
WISO Steuer-Sparbuch 2012
.
==== End Of File ===========================
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-31 19:01:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0001SDM1
Running: gmer.exe; Driver: C:\Users\*****\AppData\Local\Temp\pxldrpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13BD 8246C979 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8248C4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\******\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cda6c4a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e975c9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bc0cd9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 18299
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10574
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cda6c4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e975c9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bc0cd9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bc0cd9@001e45cb5727 0xCF 0xD4 0x08 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0xB4 0x9B 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0xDE 0x20 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xAE 0x27 0xAD ...
---- EOF - GMER 1.0.15 ----
mbam Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.31.07 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 ***** :: ******[Administrator] 31.03.2012 16:55:05 mbam-log-2012-03-31 (17-02-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 183568 Laufzeit: 6 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\rmIhrYfwFjUdy.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Keine Aktion durchgeführt. C:\ProgramData\ZOtq0h1R1Ftiig.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt. C:\Users\******\AppData\Local\Temp\7xaec2JW.exe.part (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\******\AppData\Local\Temp\QJf5MyeYXNvARG.exe.tmp (Rogue.FakeHDD) -> Keine Aktion durchgeführt. (Ende) Geändert von antonio_2 (31.03.2012 um 19:03 Uhr) |
|
02.04.2012, 13:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
02.04.2012, 22:05
| #3 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Danke Andre, dass du dich der Sache angenommen hast!
__________________Mit mbam habe ich inzwischen die Funde in Quarantäne verschoben, und danach auch nochmal einen Vollscan ausgeführt. mbam #1 Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.31.07 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 ***** :: ****** [Administrator] 01.04.2012 12:07:34 mbam-log-2012-04-01 (12-15-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 183496 Laufzeit: 6 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\rmIhrYfwFjUdy.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\rmIhrYfwFjUdy.exe (Rogue.FakeHDD) -> Keine Aktion durchgeführt. C:\ProgramData\ZOtq0h1R1Ftiig.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\7xaec2JW.exe.part (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\QJf5MyeYXNvARG.exe.tmp (Rogue.FakeHDD) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.31.07 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 *****:: ******* [Administrator] 01.04.2012 12:20:19 mbam-log-2012-04-01 (12-20-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 183328 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Da immer mehr Dateien verschwunden sind (insbesondere alle Dateien vom Desktop incl. mbam und die dort abgelegten Logs) habe ich inzwischen meine Festplatte via Ubuntu USB boot und rsync auf eine externe Festplatte gerettet. eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cd8be8472e65644491fcb54b53f39d31
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 08:57:04
# local_time=2012-04-02 10:57:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 188793 69932235 249673 0
# compatibility_mode=5121 16776574 100 96 66642890 85754127 0 0
# compatibility_mode=5893 16776574 66 85 26808416 85022970 0 0
# compatibility_mode=8192 67108863 100 0 862 862 0 0
# scanned=122650
# found=15
# cleaned=0
# scan_time=8445
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\10b98fd2-4ed8057d multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\Downloads\SoftonicDownloader_fuer_andreamosaic.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\11dd2e10.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I
|
|
03.04.2012, 15:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Nö, du hast nur Quickscans mit Malwarebytes gemacht bzw. nur die Logs davon gepostet. Ich will alle Logs der Vollscans sehen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.04.2012, 18:58
| #5 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Arne, wie in meinem letzten post beschrieben waren die mbam logs vom Desktop gelöscht. Ich konnte die logs aber im Programmordner wiederfinden.. Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.01.01 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 ******::****** [Administrator] 01.04.2012 12:28:39 mbam-log-2012-04-01 (12-28-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 295531 Laufzeit: 51 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
03.04.2012, 19:38
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust |
|
03.04.2012, 20:45
| #7 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustCode:
ATTFilter OTL logfile created on: 4/3/2012 8:58:08 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\******\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 81.48% Memory free 3.50 Gb Paging File | 3.20 Gb Available in Paging File | 91.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 217.79 Gb Total Space | 163.60 Gb Free Space | 75.12% Space Free | Partition Type: NTFS Computer Name: ION510 | User Name: ****** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/03 20:51:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012/03/04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/07/02 15:49:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/18 23:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Stopped] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service) SRV - [2011/04/27 11:15:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/20 22:46:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield) SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS) SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\utnyymr.sys -- (egxc) DRV - [2011/07/02 15:49:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/02 15:49:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/01/06 10:36:42 | 000,559,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/08/24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/08/24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010/02/14 18:04:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/08/10 13:51:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/03 02:04:46 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/05/01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/04/09 07:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\ISODisk.sys -- (ISODisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE366 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{6F74C5A9-7B44-479C-AF03-2092D05357F4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{BD404601-F549-45C1-9B65-FD95EFB033BA}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/16 20:27:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 14:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 13:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/28 21:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/14 15:11:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010/02/14 15:11:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/03/22 00:41:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\mejxpefa.default\extensions [2012/02/15 22:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/03/22 00:41:07 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012/03/22 00:41:07 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI () (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/18 14:22:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/19 13:43:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/19 13:43:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/19 13:43:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/19 13:43:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/10 23:11:23 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/02/19 13:43:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/19 13:43:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\PROGRA~1\WISO\SPARBU~1\MEINSP~1.EXE - () MsConfig - StartUpFolder: C:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/04/03 20:51:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012/04/02 20:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/04/02 20:21:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*****\Desktop\esetsmartinstaller_enu.exe [2012/03/31 16:52:05 | 000,000,000 | -H-D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2012/03/31 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/31 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/31 16:51:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/03/31 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/31 16:36:25 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012/03/27 21:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander [2012/03/27 21:22:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\FreeCommander [2012/03/27 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander [2012/03/22 00:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012/03/22 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012/03/22 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012/03/22 00:40:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012/04/03 20:51:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012/04/03 20:49:29 | 000,033,561 | ---- | M] () -- C:\windows\System32\Config.MPF [2012/04/03 20:49:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/03 20:48:56 | 1407,946,752 | -HS- | M] () -- C:\hiberfil.sys [2012/04/02 20:21:39 | 002,322,184 | ---- | M] (ESET) -- C:\Users\******\Desktop\esetsmartinstaller_enu.exe [2012/04/01 00:14:24 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/01 00:14:24 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/01 00:14:24 | 000,008,212 | ---- | M] () -- C:\windows\mfebcdata [2012/04/01 00:08:10 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/01 00:06:43 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/04/01 00:06:43 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/04/01 00:06:43 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/04/01 00:06:43 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/04/01 00:01:25 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/31 17:48:43 | 000,302,592 | -H-- | M] () -- C:\Users\******\Desktop\gmer.exe [2012/03/31 17:36:37 | 000,000,020 | ---- | M] () -- C:\Users\******\defogger_reenable [2012/03/31 16:36:17 | 201,931,943 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/03/31 11:05:05 | 000,000,974 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job [2012/03/27 21:22:56 | 000,000,967 | -H-- | M] () -- C:\Users\******\Desktop\FreeCommander.lnk [2012/03/18 13:23:52 | 000,356,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/04/01 00:14:24 | 000,008,212 | ---- | C] () -- C:\windows\mfebcdata [2012/03/31 17:48:41 | 000,302,592 | -H-- | C] () -- C:\Users\******\Desktop\gmer.exe [2012/03/31 17:34:15 | 000,000,020 | ---- | C] () -- C:\Users\******\defogger_reenable [2012/03/31 16:36:17 | 201,931,943 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/03/27 21:22:56 | 000,000,967 | -H-- | C] () -- C:\Users\******\Desktop\FreeCommander.lnk [2011/07/03 14:40:41 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011/01/01 15:19:53 | 000,009,600 | ---- | C] () -- C:\windows\System32\drivers\ISODisk.sys [2010/04/06 00:01:14 | 000,007,668 | -H-- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010/02/14 16:09:21 | 000,000,000 | -HSD | M] -- C:\Users\********\AppData\Roaming\.# [2010/08/14 19:24:41 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Amazon [2010/02/14 18:51:35 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Buhl Data Service [2010/02/14 18:18:42 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2010/05/16 13:03:19 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012/03/27 21:22:47 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\FreeCommander [2012/02/15 00:08:10 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\GHISLER [2012/02/11 13:12:09 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0 [2011/01/02 21:57:53 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Leadertech [2011/11/15 21:34:09 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Mp3tag [2010/02/13 22:46:16 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2011/01/09 14:00:24 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\SanDisk [2010/02/14 15:11:05 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Thunderbird [2012/02/15 09:48:53 | 000,000,368 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job [2012/03/03 19:26:45 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\McQcTask.job [2012/02/19 13:06:23 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/02/14 16:09:21 | 000,000,000 | -HSD | M] -- C:\Users\********\AppData\Roaming\.# [2010/05/16 12:54:15 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Adobe [2010/08/14 19:24:41 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Amazon [2012/01/22 18:49:33 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Apple Computer [2010/07/24 13:24:45 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Avira [2010/02/14 18:51:35 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Buhl Data Service [2010/02/14 18:18:42 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2010/05/16 13:03:19 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012/03/27 21:22:47 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\FreeCommander [2012/02/15 00:08:10 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\GHISLER [2010/02/14 00:56:16 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Google [2012/02/11 13:12:09 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0 [2010/02/14 00:18:13 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Identities [2011/01/02 21:57:53 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Leadertech [2011/01/02 21:27:06 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Logishrd [2011/01/02 21:59:42 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Logitech [2010/02/14 00:59:56 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Macromedia [2012/03/31 16:52:05 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Malwarebytes [2009/11/05 02:50:58 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Media Center Programs [2011/01/02 21:57:49 | 000,000,000 | --SD | M] -- C:\Users\********\AppData\Roaming\Microsoft [2010/02/13 22:25:53 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Mozilla [2011/11/15 21:34:09 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Mp3tag [2010/02/13 22:46:16 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2011/01/09 14:00:24 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\SanDisk [2011/10/20 00:26:52 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Skype [2011/10/20 00:22:48 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\skypePM [2010/02/14 15:11:05 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\Thunderbird [2011/02/06 16:25:16 | 000,000,000 | -H-D | M] -- C:\Users\********\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2010/07/17 17:21:08 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\********\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/01/02 21:57:50 | 000,053,248 | RH-- | M] (Acresso Software Inc.) -- C:\Users\********\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012/02/15 21:59:18 | 000,040,960 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\********\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007/12/27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:CE0A077E < End of report > |
|
04.04.2012, 09:25
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustZitat:
1.) Geht der normale Modus immer noch nicht? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2012, 18:50
| #9 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Arne, •den normalen Modus habe ich tatsächlich noch nicht wieder ausprobiert, da immer wieder Daten "verschwunden" sind. Die Anführungszeichen deshalb weil die Dateien vermutlich nur versteckt sind - zumindest konnte ich vom ubuntu aus zum Teil noch Dateien sehen, die ich unter Windows nicht mehr sehen konnte. •ja, das Startmenu sind nur noch leere Ordner zu finden. Gruß und Danke. |
|
04.04.2012, 22:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust 1.) Probier den normalen Modus aus und berichte ob der funktioniert 2.) Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! Berichte ob das Startmenü danach wieder normal ist
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 19:05
| #11 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hallo Andre, der normale Modus scheint wieder zu funktionieren und nach dem Unhide ist auch vieles wieder da. Das Desktop Hintergrundbild ist nicht wieder aufgetaucht und ob noch mehr fehlt vermag ich jetzt noch nicht zu sagen. War es das jetzt schon? Was soll ich mit der vermutlich noch "verseuchten" Sicherheitskopie auf der externen Festplatte machen? Auf jeden Fall schonmal ein großes Dankeschön! |
|
05.04.2012, 19:23
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustZitat:
Das Hintergrundbild kannst du dir selbst wieder einstellen. Da der normale Modus wieder funktioniert, mach darin bitte wieder ein neues OTL-Log wie o.g.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 21:23
| #13 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Hi Arne, entschuldige bitte den Namensdreher .... Anbei die Log Datei. Beste Grüße Code:
ATTFilter OTL logfile created on: 4/5/2012 8:30:57 PM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\********\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 60.67% Memory free 3.50 Gb Paging File | 2.44 Gb Available in Paging File | 69.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 217.79 Gb Total Space | 163.17 Gb Free Space | 74.92% Space Free | Partition Type: NTFS Computer Name: ION510 | User Name: ******** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/03 20:51:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe PRC - [2012/03/04 23:48:40 | 000,934,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012/03/04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/07/02 15:49:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/05/18 23:40:06 | 002,016,504 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\WinVNC.exe PRC - [2011/04/27 11:15:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/04 00:29:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe PRC - [2009/09/08 01:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/04 23:40:10 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/07/02 15:49:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/18 23:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service) SRV - [2011/04/27 11:15:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/20 22:46:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield) SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS) SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\utnyymr.sys -- (egxc) DRV - [2011/07/02 15:49:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/02 15:49:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/01/06 10:36:42 | 000,559,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/08/24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/08/24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010/02/14 18:04:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/08/10 13:51:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/03 02:04:46 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/05/01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/04/09 07:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\ISODisk.sys -- (ISODisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE366 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{6F74C5A9-7B44-479C-AF03-2092D05357F4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\SearchScopes\{BD404601-F549-45C1-9B65-FD95EFB033BA}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/16 20:27:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 14:22:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 13:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/28 21:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/14 15:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions [2010/02/14 15:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/03/22 00:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\mejxpefa.default\extensions [2012/02/15 22:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/03/22 00:41:07 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012/03/22 00:41:07 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF () (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI () (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MEJXPEFA.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012/03/18 14:22:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/19 13:43:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/19 13:43:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/19 13:43:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/19 13:43:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/10 23:11:23 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/02/19 13:43:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/19 13:43:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D5B47CB-7810-4A7C-A8A7-589744DC5299}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\PROGRA~1\WISO\SPARBU~1\MEINSP~1.EXE - () MsConfig - StartUpFolder: C:^Users^********^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/05 18:17:59 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\********\Desktop\unhide.exe [2012/04/03 20:51:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2012/04/02 20:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/04/02 20:21:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\********\Desktop\esetsmartinstaller_enu.exe [2012/03/31 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Malwarebytes [2012/03/31 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/31 16:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/31 16:51:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/03/31 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/31 16:36:25 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012/03/27 21:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander [2012/03/27 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\FreeCommander [2012/03/27 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander [2012/03/22 00:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012/03/22 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012/03/22 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012/03/22 00:40:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012/04/05 20:01:01 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/05 19:41:51 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 19:41:51 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 19:38:24 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/04/05 19:38:24 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/04/05 19:38:24 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/04/05 19:38:24 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/04/05 19:37:31 | 000,033,561 | ---- | M] () -- C:\windows\System32\Config.MPF [2012/04/05 19:33:23 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/05 19:33:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/04/05 19:32:59 | 1407,946,752 | -HS- | M] () -- C:\hiberfil.sys [2012/04/05 18:18:06 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\********\Desktop\unhide.exe [2012/04/03 20:51:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2012/04/02 20:21:39 | 002,322,184 | ---- | M] (ESET) -- C:\Users\********\Desktop\esetsmartinstaller_enu.exe [2012/03/31 17:48:43 | 000,302,592 | ---- | M] () -- C:\Users\********\Desktop\gmer.exe [2012/03/31 17:36:37 | 000,000,020 | ---- | M] () -- C:\Users\********\defogger_reenable [2012/03/31 16:51:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/31 16:36:17 | 201,931,943 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/03/31 11:05:05 | 000,000,974 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job [2012/03/27 21:22:56 | 000,000,967 | ---- | M] () -- C:\Users\********\Desktop\FreeCommander.lnk [2012/03/18 13:23:52 | 000,356,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/04/05 18:26:52 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/04/05 18:26:52 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/05 18:26:52 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/04/05 18:26:52 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2012/04/05 18:26:52 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012/04/05 18:26:52 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/04/05 18:26:52 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/05 18:26:52 | 000,001,371 | ---- | C] () -- C:\Users\Public\Desktop\SCHLECKER Foto Digital Service.lnk [2012/04/05 18:26:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2012/04/05 18:26:52 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/04/05 18:26:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/05 18:26:52 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/04/05 18:26:51 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/04/05 18:26:51 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012/04/05 18:26:51 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/04/05 18:26:47 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/04/05 18:26:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/04/05 18:26:46 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/04/05 18:26:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/04/05 18:26:44 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012/04/05 18:26:44 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/04/05 18:26:44 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012/04/05 18:26:42 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/04/05 18:26:40 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012/04/05 18:26:40 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012/04/05 18:26:40 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/04/05 18:26:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/04/05 18:26:34 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/04/05 18:26:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/03/31 17:48:41 | 000,302,592 | ---- | C] () -- C:\Users\********\Desktop\gmer.exe [2012/03/31 17:34:15 | 000,000,020 | ---- | C] () -- C:\Users\********\defogger_reenable [2012/03/31 16:36:17 | 201,931,943 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/03/27 21:22:56 | 000,000,967 | ---- | C] () -- C:\Users\********\Desktop\FreeCommander.lnk [2011/07/03 14:40:41 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011/01/01 15:19:53 | 000,009,600 | ---- | C] () -- C:\windows\System32\drivers\ISODisk.sys ========== LOP Check ========== [2010/02/14 16:09:21 | 000,000,000 | -HSD | M] -- C:\Users\********\AppData\Roaming\.# [2010/08/14 19:24:41 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Amazon [2010/02/14 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Buhl Data Service [2010/02/14 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2010/05/16 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012/03/27 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FreeCommander [2012/02/15 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GHISLER [2012/02/11 13:12:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0 [2011/01/02 21:57:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Leadertech [2011/11/15 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Mp3tag [2010/02/13 22:46:16 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2011/01/09 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\SanDisk [2010/02/14 15:11:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Thunderbird [2012/02/15 09:48:53 | 000,000,368 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job [2012/03/03 19:26:45 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\McQcTask.job [2012/02/19 13:06:23 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/02/14 16:09:21 | 000,000,000 | -HSD | M] -- C:\Users\********\AppData\Roaming\.# [2010/05/16 12:54:15 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Adobe [2010/08/14 19:24:41 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Amazon [2012/01/22 18:49:33 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Apple Computer [2010/07/24 13:24:45 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Avira [2010/02/14 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Buhl Data Service [2010/02/14 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2010/05/16 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012/03/27 21:22:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FreeCommander [2012/02/15 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GHISLER [2010/02/14 00:56:16 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Google [2012/02/11 13:12:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0 [2010/02/14 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Identities [2011/01/02 21:57:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Leadertech [2011/01/02 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Logishrd [2011/01/02 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Logitech [2010/02/14 00:59:56 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Macromedia [2012/03/31 16:52:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Malwarebytes [2009/11/05 02:50:58 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Media Center Programs [2011/01/02 21:57:49 | 000,000,000 | --SD | M] -- C:\Users\********\AppData\Roaming\Microsoft [2010/02/13 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Mozilla [2011/11/15 21:34:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Mp3tag [2010/02/13 22:46:16 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\OpenOffice.org [2011/01/09 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\SanDisk [2011/10/20 00:26:52 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Skype [2011/10/20 00:22:48 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\skypePM [2010/02/14 15:11:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Thunderbird [2011/02/06 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2010/07/17 17:21:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\********\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/01/02 21:57:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\********\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012/02/15 21:59:18 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\********\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007/12/27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:CE0A077E < End of report > |
|
06.04.2012, 13:14
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten VerlustZitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\utnyymr.sys -- (egxc)
IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
[2012/03/22 00:41:07 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012/03/22 00:41:07 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2010/02/14 16:09:21 | 000,000,000 | -HSD | M] -- C:\Users\********\AppData\Roaming\.#
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:CE0A077E
:Files
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
C:\Program Files\pdfforge Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2012, 14:11
| #15 |
| | TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust Der VNC ist gewollt... Anbei der OTL - Fix .log Code:
ATTFilter All processes killed
========== OTL ==========
Service egxc stopped successfully!
Service egxc deleted successfully!
File System32\drivers\utnyymr.sys not found.
Registry value HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Folder C:\Users\********\AppData\Roaming\.#\ not found.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
========== FILES ==========
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\5.1 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: *********
->Temp folder emptied: 757237202 bytes
->Temporary Internet Files folder emptied: 84687529 bytes
->Java cache emptied: 16996657 bytes
->FireFox cache emptied: 257662940 bytes
->Apple Safari cache emptied: 910336 bytes
->Flash cache emptied: 104683 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 370594977 bytes
RecycleBin emptied: 147684447 bytes
Total Files Cleaned = 1,560.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: *********
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04062012_145208
Files\Folders moved on Reboot...
File\Folder C:\windows\temp\mcafee_YmyXzyPszn4UIua not found!
File\Folder C:\windows\temp\mcmsc_NcdnXuEkrN2FilW not found!
File\Folder C:\windows\temp\mcmsc_qdFcyCgPGTCkbso not found!
File\Folder C:\windows\temp\mcmsc_QYtz8Ex50zKNr6B not found!
File\Folder C:\windows\temp\sqlite_9HLR4G4qfecaVWA not found!
File\Folder C:\windows\temp\sqlite_gAMlSAvXa76V84s not found!
File\Folder C:\windows\temp\sqlite_RRI7k0mWsjN2RGc not found!
File\Folder C:\windows\temp\sqlite_ZatVclmXBCk0H1K not found!
Registry entries deleted on Reboot...
|
|
| Themen zu TR/crypt.zpack.gen8 - schwarzer Desktop - Daten Verlust |
| antivir, antivir guard, avgnt, avira, avira meldung, backdoor.agent.rcgen, computer, cpu, dateisystem, daten verlust, desktop, error, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, installation, locker, mozilla, pdfforge toolbar, phishing, plug-in, problem, realtek, registry, rundll, security, siteadvisor, software, sparbuch, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.zpack.gen8, windows 7 home, windows 7 home premium |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
