| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BOO/TDss.A mit Virenscanner 3 xgefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.02.2011, 00:10
| #1 |
 |  BOO/TDss.A mit Virenscanner 3 xgefunden Hallo zusammen, in letzter Zeit habe ich etwas Probleme mit meinem Rechner. Er öffnet aufgerufene Dateien mit Verzögerung und sehr oft habe ich einen "blauen Bildschirm und er fährt dann runter und startet neu.Auch kann ich keine automatischen Updates mehr über Microsoft machen und die automatische Datensicherung wird nicht erfolgreich ausgeführt. Dann kommt noch recht oft die Fehlermeldung"Hostprozess für Windows.Dienste wurde beendet und geschlossen". Ich habe dann einen Scan mit meinem vorhandenen Antivir gemacht und auf jedem Laufwerk jeweils den oben genannten Eintrag bekommen und den Hinweis das er nicht entfernt werden kann. Was man so lesen kann bedeutet das ein neuaufsetzten des Systems?Ich bin grad dabei einen Komplettscan mit Malwarebyts auf C durchlaufen. Danach will ich noch,wie in einem anderen Beitrag gelesen,einen Scan mit OTL machen und beide Logs hier einstellen. Das ist erstmal das was mir aufgefallen ist was nicht stimmt am Rechner.Ach ja,unter Mozilla werden einfach so irgendwelche Seiten geöffnet. Hier einmal ein Log,ich habe diesen Abgebrochen weil ich alle festplatten ausgewählt hatte und der Scan dann sicher einen ganzen Tag benötigt. "" Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5725 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 09.02.2011 23:56:30 mbam-log-2011-02-09 (23-56-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Durchsuchte Objekte: 73626 Laufzeit: 16 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Oliver Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5725 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 10.02.2011 08:46:52 mbam-log-2011-02-10 (08-46-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 553106 Laufzeit: 3 Stunde(n), 39 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 12 Infizierte Dateien: 50 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s_-j_2l (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C484332-8128-2096-94A6-DA812793D493} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. Infizierte Dateien: c:\WINDOWS\System32\s_-j_2l.exe (Adware.AdRotator) -> Quarantined and deleted successfully. c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttondown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonhot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonnor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\bottomborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\leftborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\rightborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\titlepattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1 entfernen.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. Und hier der zweiteOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2011 08:51:40 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,21 Gb Total Space | 121,89 Gb Free Space | 55,10% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 51,00 Gb Free Space | 21,90% Space Free | Partition Type: NTFS Drive E: | 11,67 Gb Total Space | 1,65 Gb Free Space | 14,17% Space Free | Partition Type: NTFS Drive F: | 1,89 Gb Total Space | 0,53 Gb Free Space | 27,97% Space Free | Partition Type: FAT Drive H: | 1,99 Gb Total Space | 0,05 Gb Free Space | 2,73% Space Free | Partition Type: FAT32 Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVGLS\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\Besitzer\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\AOL 9.0 VRa\shellmon.exe (AOL, LLC.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\AOL 9.0 VRa\waol.exe (AOL, LLC.) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe (America Online, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GameConsoleService) -- File not found SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (avg8wd) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\WINDOWS\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avfwim) -- C:\WINDOWS\System32\drivers\avfwim.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (fssfltr) -- C:\WINDOWS\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s1018mdm) -- C:\WINDOWS\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\WINDOWS\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (silabser) -- C:\WINDOWS\System32\drivers\silabser.sys (Silicon Laboratories) DRV - (silabenm) -- C:\WINDOWS\System32\drivers\silabenm.sys (Silicon Laboratories, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (NETw5v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (xtouch) -- C:\WINDOWS\System32\drivers\xtouch.sys () DRV - (seehcri) -- C:\WINDOWS\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files\Hp\QuickPlay\000.fcl (Cyberlink Corp.) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (NWADI) -- C:\WINDOWS\System32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (eusk2par) -- C:\WINDOWS\System32\drivers\eusk2par.sys (EUTRON) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.msn.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.5.112 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.364 FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005 FF - prefs.js..extensions.enabledItems: {26647ca4-a2a7-4eac-8a72-761aa9141de7}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {0ae873a2-da32-8a94-9c57-7a7cc96c6c82}:4.6.6.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_de&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVGLS\Firefox [2009.12.29 16:22:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVGLS\Toolbar\Firefox\avg@igeared [2009.12.31 17:46:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 22:59:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 22:59:33 | 000,000,000 | ---D | M] [2009.01.04 11:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2010.06.29 17:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions [2009.09.21 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.18 06:27:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.29 17:54:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.21 19:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\58l2dup2.Standard-Benutzer\extensions\staged-xpis [2011.02.10 00:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions [2010.05.11 23:10:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 09:48:43 | 000,000,000 | ---D | M] (Freeware DE Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2009.01.05 18:28:52 | 000,000,000 | ---D | M] (Bookmark Backup [de]) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4} [2010.04.12 19:30:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.29 17:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.08.04 21:39:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(211) [2010.11.03 20:45:37 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.05.11 23:10:26 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e} [2010.03.11 01:05:57 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\5fj48scu.default\extensions\toolbar@ask.com [2010.01.20 12:18:46 | 000,000,925 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\conduit.xml [2011.02.09 00:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-1.xml [2010.09.16 19:12:29 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-2.xml [2010.09.20 09:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-3.xml [2010.10.21 10:18:48 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-4.xml [2010.10.31 10:58:49 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-5.xml [2010.11.03 21:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin-6.xml [2010.06.29 17:54:37 | 000,000,168 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.gif [2010.06.29 17:54:37 | 000,000,618 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.src [2010.09.02 23:15:54 | 000,001,056 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\icqplugin.xml [2010.01.25 10:53:31 | 000,000,266 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\searchplugins\Search.xml [2010.11.03 21:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.25 10:53:31 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{0ae873a2-da32-8a94-9c57-7a7cc96c6c82} [2010.06.23 20:50:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 09:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.12.29 16:22:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVGLS\FIREFOX [2009.12.31 17:46:24 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="3.011.025.005" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="hxxp://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVGLS\TOOLBAR\FIREFOX\AVG@IGEARED [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - File not found O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DW6] File not found O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] File not found O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe () O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell - "" = AutoRun O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell - "" = AutoRun O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell - "" = AutoRun O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell - "" = AutoRun O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell - "" = AutoRun O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell - "" = AutoRun O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell - "" = AutoRun O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell - "" = AutoRun O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell - "" = AutoRun O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell - "" = AutoRun O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell - "" = AutoRun O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell - "" = AutoRun O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell - "" = AutoRun O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.09 23:34:31 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2011.02.09 23:34:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.09 23:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.09 23:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.09 23:34:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.09 23:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.02.09 23:21:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2011.01.19 09:46:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.12 08:50:51 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 08:50:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2009.10.15 01:01:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1652.dll ========== Files - Modified Within 30 Days ========== [2011.02.10 08:56:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.10 08:50:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rxqkubtm.sys [2011.02.10 08:45:15 | 000,063,544 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.10 08:45:15 | 000,063,544 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.10 08:44:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.10 03:08:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 03:08:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.10 00:02:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.10 00:02:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.02.09 23:34:14 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.09 23:21:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2011.02.09 19:27:55 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.02.09 19:14:24 | 3219,562,496 | -HS- | M] () -- C:\hiberfil.sys [2011.02.09 19:06:31 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.09 19:06:31 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.09 19:06:31 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.09 19:06:31 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.09 18:00:07 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Besitzer.job [2011.02.09 15:25:13 | 000,363,931 | ---- | M] () -- C:\Users\Besitzer\Documents\T-SV_AUDI_A4_B5_5112.pdf [2011.02.09 12:07:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.02.08 00:56:17 | 000,019,968 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.06 20:45:15 | 000,008,484 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2011.01.21 16:28:32 | 001,353,721 | ---- | M] () -- C:\Users\Besitzer\Documents\FiltKombmSR100.jpg [2011.01.20 09:25:59 | 328,833,173 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.19 09:44:33 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.19 09:44:33 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2011.01.19 09:44:33 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.01.19 00:56:47 | 000,002,365 | ---- | M] () -- C:\Users\Besitzer\Desktop\VAG-COM 311 Deutsch.lnk ========== Files Created - No Company Name ========== [2011.02.10 08:50:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rxqkubtm.sys [2011.02.09 23:34:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.09 15:25:08 | 000,363,931 | ---- | C] () -- C:\Users\Besitzer\Documents\T-SV_AUDI_A4_B5_5112.pdf [2011.01.21 16:28:16 | 001,353,721 | ---- | C] () -- C:\Users\Besitzer\Documents\FiltKombmSR100.jpg [2010.06.23 18:09:15 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.28 19:45:08 | 000,000,067 | ---- | C] () -- C:\Windows\w313830.ini [2010.01.05 11:39:41 | 000,083,072 | ---- | C] () -- C:\Windows\System32\drivers\xtouch.sys [2009.07.03 19:34:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.04 14:47:42 | 000,057,856 | ---- | C] () -- C:\Windows\System32\Skeylink.dll [2009.01.29 23:43:48 | 000,000,216 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2009.01.29 13:20:56 | 000,008,484 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2009.01.23 22:01:31 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.07 11:28:47 | 000,063,544 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.01.07 11:28:47 | 000,063,544 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.01.04 17:50:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.04 08:44:43 | 000,019,968 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.04 08:29:13 | 000,980,184 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2008.12.29 19:10:40 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.001 [2008.12.22 14:23:30 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.dat [2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\QSwitch.txt [2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DSwitch.txt [2008.12.22 10:45:39 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\AtStart.txt [2008.04.27 12:47:30 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.10.22 07:53:12 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.07 07:33:14 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.02.01 15:00:00 | 000,620,544 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 685 bytes -> C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty @Alternate Data Stream - 669 bytes -> C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV < End of report > Ob mir evtl. jemand nur kurz sagen kann ob ich das System neu aufsetzten muss`?Banking mache ich nichtmehr usw Danke euch Oliver |
|
11.02.2011, 20:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BOO/TDss.A mit Virenscanner 3 xgefunden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
11.02.2011, 20:15
| #3 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden Zur Zeit sagt mir der Pc das der Abhängigkeitsdienst von dem Program nicht gestartet werden kann,ich starte mal grad neu.
__________________Ich hatte noch die anderen Platten und den stick gescannt Was das nervt....bis gleich EDIT: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5725 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 09.02.2011 23:56:37 mbam-log-2011-02-09 (23-56-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Durchsuchte Objekte: 73626 Laufzeit: 16 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und noch eins Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5725 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 10.02.2011 08:46:52 mbam-log-2011-02-10 (08-46-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 553106 Laufzeit: 3 Stunde(n), 39 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 12 Infizierte Dateien: 50 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s_-j_2l (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c484332-8128-2096-94a6-da812793d493} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C484332-8128-2096-94A6-DA812793D493} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. Infizierte Dateien: c:\WINDOWS\System32\s_-j_2l.exe (Adware.AdRotator) -> Quarantined and deleted successfully. c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttondown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonhot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\combobox_buttonnor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Menu\menuitem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\sysbutton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\bottomborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\leftborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\rightborder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\flv direct player\skindirectflv\skin\Window\titlepattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\program files\registry_doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1 entfernen.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\registry_doktor 4.1\registry doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5731 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 10.02.2011 19:30:56 mbam-log-2011-02-10 (19-30-56).txt Art des Suchlaufs: Vollständiger Suchlauf (D:\|E:\|) Durchsuchte Objekte: 331773 Laufzeit: 1 Stunde(n), 2 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5731 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 10.02.2011 14:55:46 mbam-log-2011-02-10 (14-55-46).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 185342 Laufzeit: 11 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Besitzer\downloads\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully. Geändert von O Heinz (11.02.2011 um 20:34 Uhr) |
|
11.02.2011, 23:22
| #4 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden Wie gehts nun weiter? Oder soll ich einfach,so wie er ist alles kopieren und neu aufspielen? Für eine Antwort würde ich sehr dankbar sein. Oliver |
|
12.02.2011, 00:11
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/TDss.A mit Virenscanner 3 xgefunden Mach bitte erstmal ein Log mit dem Kaspersky-TDSS-Tool, du bist ja ganz offensichtlich Opfer des TDSS, das den MBR infiziert => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2011, 00:28
| #6 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden Ok,wird jetzt erledigt.... |
|
12.02.2011, 00:48
| #7 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden 2011/02/12 00:30:09.0700 1268 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/12 00:30:11.0703 1268 ================================================================================ 2011/02/12 00:30:11.0703 1268 SystemInfo: 2011/02/12 00:30:11.0703 1268 2011/02/12 00:30:11.0704 1268 OS Version: 6.0.6002 ServicePack: 2.0 2011/02/12 00:30:11.0704 1268 Product type: Workstation 2011/02/12 00:30:11.0704 1268 ComputerName: BESITZER-PC 2011/02/12 00:30:11.0704 1268 UserName: Besitzer 2011/02/12 00:30:11.0704 1268 Windows directory: C:\Windows 2011/02/12 00:30:11.0704 1268 System windows directory: C:\Windows 2011/02/12 00:30:11.0704 1268 Processor architecture: Intel x86 2011/02/12 00:30:11.0704 1268 Number of processors: 2 2011/02/12 00:30:11.0704 1268 Page size: 0x1000 2011/02/12 00:30:11.0705 1268 Boot type: Normal boot 2011/02/12 00:30:11.0705 1268 ================================================================================ 2011/02/12 00:30:21.0042 1268 Initialize success 2011/02/12 00:30:28.0275 3016 ================================================================================ 2011/02/12 00:30:28.0275 3016 Scan started 2011/02/12 00:30:28.0275 3016 Mode: Manual; 2011/02/12 00:30:28.0275 3016 ================================================================================ 2011/02/12 00:30:29.0853 3016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/02/12 00:30:30.0075 3016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/02/12 00:30:30.0262 3016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/02/12 00:30:30.0336 3016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/02/12 00:30:30.0478 3016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/02/12 00:30:30.0666 3016 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/02/12 00:30:30.0826 3016 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/02/12 00:30:30.0936 3016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/02/12 00:30:31.0038 3016 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/02/12 00:30:31.0153 3016 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/02/12 00:30:31.0256 3016 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/02/12 00:30:31.0390 3016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/02/12 00:30:31.0496 3016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/02/12 00:30:31.0809 3016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/02/12 00:30:31.0985 3016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/02/12 00:30:32.0106 3016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/12 00:30:32.0238 3016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/02/12 00:30:32.0421 3016 avfwim (1aad99ec3679bd773cb8320a3148987d) C:\Windows\system32\DRIVERS\avfwim.sys 2011/02/12 00:30:32.0585 3016 avfwot (e513bcdd34350c5b436dbe83d72ca651) C:\Windows\system32\DRIVERS\avfwot.sys 2011/02/12 00:30:32.0751 3016 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/02/12 00:30:32.0954 3016 AvgLdx86 (c9205ae415c96da28f5d22102fcd9313) C:\Windows\System32\Drivers\avgldx86.sys 2011/02/12 00:30:33.0165 3016 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/02/12 00:30:33.0321 3016 AvgTdiX (330fbb2afee662d0546669932ac22ffb) C:\Windows\System32\Drivers\avgtdix.sys 2011/02/12 00:30:33.0455 3016 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/02/12 00:30:33.0682 3016 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/02/12 00:30:33.0829 3016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/02/12 00:30:34.0110 3016 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys 2011/02/12 00:30:34.0257 3016 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/12 00:30:34.0375 3016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/02/12 00:30:34.0519 3016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/02/12 00:30:34.0636 3016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/02/12 00:30:34.0760 3016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/02/12 00:30:34.0896 3016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/02/12 00:30:35.0013 3016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/02/12 00:30:35.0137 3016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/02/12 00:30:35.0273 3016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/12 00:30:35.0446 3016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/12 00:30:35.0552 3016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/02/12 00:30:35.0688 3016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/02/12 00:30:35.0877 3016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/12 00:30:36.0032 3016 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/02/12 00:30:36.0121 3016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/12 00:30:36.0255 3016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/02/12 00:30:36.0395 3016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/02/12 00:30:36.0549 3016 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/02/12 00:30:36.0751 3016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/02/12 00:30:36.0936 3016 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/02/12 00:30:37.0025 3016 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/02/12 00:30:37.0190 3016 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/02/12 00:30:37.0318 3016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/02/12 00:30:37.0463 3016 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/12 00:30:37.0626 3016 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2011/02/12 00:30:37.0759 3016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/02/12 00:30:37.0916 3016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/02/12 00:30:38.0055 3016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/02/12 00:30:38.0205 3016 eusk2par (f7955f5273f7ca5da13ebeef4f736c44) C:\Windows\system32\Drivers\eusk2par.sys 2011/02/12 00:30:38.0340 3016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/02/12 00:30:38.0470 3016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/02/12 00:30:38.0687 3016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/12 00:30:38.0796 3016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/02/12 00:30:38.0923 3016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/02/12 00:30:39.0040 3016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/12 00:30:39.0190 3016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/02/12 00:30:39.0373 3016 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/02/12 00:30:39.0467 3016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/12 00:30:39.0573 3016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/02/12 00:30:39.0697 3016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/02/12 00:30:39.0811 3016 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys 2011/02/12 00:30:39.0873 3016 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys 2011/02/12 00:30:40.0054 3016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/02/12 00:30:40.0201 3016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/12 00:30:40.0323 3016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/02/12 00:30:40.0392 3016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/02/12 00:30:40.0501 3016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/12 00:30:40.0645 3016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/02/12 00:30:40.0746 3016 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 2011/02/12 00:30:40.0861 3016 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 2011/02/12 00:30:41.0048 3016 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/02/12 00:30:41.0172 3016 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/02/12 00:30:41.0352 3016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/02/12 00:30:41.0513 3016 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/02/12 00:30:41.0718 3016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/02/12 00:30:41.0817 3016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/12 00:30:42.0013 3016 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/02/12 00:30:42.0195 3016 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 2011/02/12 00:30:42.0295 3016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/02/12 00:30:42.0444 3016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/02/12 00:30:42.0671 3016 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 2011/02/12 00:30:42.0909 3016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/02/12 00:30:42.0987 3016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/12 00:30:43.0198 3016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/12 00:30:43.0321 3016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/02/12 00:30:43.0456 3016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/02/12 00:30:43.0548 3016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/02/12 00:30:43.0709 3016 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/02/12 00:30:43.0785 3016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/12 00:30:43.0892 3016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/02/12 00:30:43.0969 3016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/02/12 00:30:44.0030 3016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/12 00:30:44.0198 3016 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/12 00:30:44.0289 3016 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/12 00:30:44.0529 3016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/12 00:30:44.0651 3016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/02/12 00:30:44.0702 3016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/02/12 00:30:44.0822 3016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/02/12 00:30:44.0900 3016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/02/12 00:30:45.0031 3016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/02/12 00:30:45.0108 3016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/02/12 00:30:45.0165 3016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/12 00:30:45.0303 3016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/12 00:30:45.0405 3016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/12 00:30:45.0464 3016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/02/12 00:30:45.0593 3016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/02/12 00:30:45.0764 3016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/12 00:30:45.0943 3016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/02/12 00:30:46.0242 3016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/02/12 00:30:46.0524 3016 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/12 00:30:46.0673 3016 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/12 00:30:46.0868 3016 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/12 00:30:47.0072 3016 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/02/12 00:30:47.0193 3016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/02/12 00:30:47.0362 3016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/02/12 00:30:47.0533 3016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/02/12 00:30:47.0676 3016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/12 00:30:47.0743 3016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/12 00:30:47.0801 3016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/02/12 00:30:47.0945 3016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/02/12 00:30:48.0128 3016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/12 00:30:48.0266 3016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/02/12 00:30:48.0341 3016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/02/12 00:30:48.0504 3016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/12 00:30:48.0637 3016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/02/12 00:30:48.0801 3016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/12 00:30:48.0960 3016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/12 00:30:49.0117 3016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/12 00:30:49.0200 3016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/02/12 00:30:49.0371 3016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/12 00:30:49.0443 3016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/12 00:30:49.0691 3016 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/02/12 00:30:49.0916 3016 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/02/12 00:30:50.0223 3016 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/02/12 00:30:50.0384 3016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/02/12 00:30:50.0487 3016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/02/12 00:30:50.0658 3016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/12 00:30:50.0797 3016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/02/12 00:30:50.0978 3016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/02/12 00:30:51.0129 3016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/02/12 00:30:51.0549 3016 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/02/12 00:30:52.0077 3016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/02/12 00:30:52.0252 3016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/02/12 00:30:52.0339 3016 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/02/12 00:30:52.0487 3016 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys 2011/02/12 00:30:52.0664 3016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/12 00:30:52.0828 3016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/02/12 00:30:52.0896 3016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/02/12 00:30:52.0944 3016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/02/12 00:30:53.0128 3016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/02/12 00:30:53.0183 3016 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/02/12 00:30:53.0346 3016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/02/12 00:30:53.0451 3016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/02/12 00:30:53.0745 3016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/12 00:30:53.0865 3016 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/02/12 00:30:54.0061 3016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/12 00:30:54.0237 3016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/02/12 00:30:54.0411 3016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/02/12 00:30:54.0547 3016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/12 00:30:54.0706 3016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/12 00:30:54.0837 3016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/12 00:30:55.0023 3016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/12 00:30:55.0110 3016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/12 00:30:55.0237 3016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/12 00:30:55.0330 3016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/12 00:30:55.0461 3016 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/02/12 00:30:55.0565 3016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/12 00:30:55.0685 3016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/02/12 00:30:55.0882 3016 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/02/12 00:30:55.0975 3016 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/02/12 00:30:56.0165 3016 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/02/12 00:30:56.0281 3016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/12 00:30:56.0435 3016 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/02/12 00:30:56.0540 3016 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/02/12 00:30:56.0684 3016 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys 2011/02/12 00:30:56.0807 3016 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys 2011/02/12 00:30:56.0914 3016 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys 2011/02/12 00:30:57.0029 3016 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys 2011/02/12 00:30:57.0166 3016 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys 2011/02/12 00:30:57.0264 3016 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys 2011/02/12 00:30:57.0333 3016 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys 2011/02/12 00:30:57.0478 3016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/02/12 00:30:57.0731 3016 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/02/12 00:30:57.0918 3016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/02/12 00:30:58.0057 3016 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2011/02/12 00:30:58.0211 3016 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys 2011/02/12 00:30:58.0318 3016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/12 00:30:58.0473 3016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/02/12 00:30:58.0556 3016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/12 00:30:58.0730 3016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/02/12 00:30:58.0792 3016 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/02/12 00:30:58.0935 3016 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/02/12 00:30:59.0050 3016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/02/12 00:30:59.0204 3016 silabenm (c16173316918a1360dc22947c4ff6352) C:\Windows\system32\DRIVERS\silabenm.sys 2011/02/12 00:30:59.0287 3016 silabser (1be2ced35fb9f377bda14fc035691f38) C:\Windows\system32\DRIVERS\silabser.sys 2011/02/12 00:30:59.0447 3016 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/02/12 00:30:59.0535 3016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/02/12 00:30:59.0684 3016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/02/12 00:30:59.0809 3016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/02/12 00:30:59.0947 3016 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys 2011/02/12 00:31:00.0175 3016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/02/12 00:31:00.0362 3016 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/02/12 00:31:00.0424 3016 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/12 00:31:00.0555 3016 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/12 00:31:00.0766 3016 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/02/12 00:31:01.0006 3016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/12 00:31:01.0072 3016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/02/12 00:31:01.0289 3016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/02/12 00:31:01.0343 3016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/02/12 00:31:01.0475 3016 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 2011/02/12 00:31:01.0743 3016 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/02/12 00:31:01.0931 3016 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/12 00:31:02.0079 3016 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys 2011/02/12 00:31:02.0158 3016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/12 00:31:02.0281 3016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/02/12 00:31:02.0339 3016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/02/12 00:31:02.0410 3016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/12 00:31:02.0534 3016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/12 00:31:02.0678 3016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/12 00:31:02.0830 3016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/02/12 00:31:02.0964 3016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/12 00:31:03.0064 3016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/02/12 00:31:03.0267 3016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/12 00:31:03.0391 3016 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/02/12 00:31:03.0565 3016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/02/12 00:31:03.0651 3016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/02/12 00:31:03.0817 3016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/02/12 00:31:03.0925 3016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/12 00:31:04.0080 3016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/12 00:31:04.0227 3016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/02/12 00:31:04.0360 3016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/12 00:31:04.0464 3016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/12 00:31:04.0524 3016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/02/12 00:31:04.0622 3016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/12 00:31:04.0720 3016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/12 00:31:04.0853 3016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/12 00:31:04.0948 3016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/02/12 00:31:05.0106 3016 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/02/12 00:31:05.0250 3016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/12 00:31:05.0385 3016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/02/12 00:31:05.0519 3016 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/02/12 00:31:05.0599 3016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/02/12 00:31:05.0685 3016 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/02/12 00:31:05.0749 3016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/02/12 00:31:05.0864 3016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/02/12 00:31:05.0979 3016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/02/12 00:31:06.0113 3016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/02/12 00:31:06.0273 3016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/02/12 00:31:06.0390 3016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/12 00:31:06.0464 3016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/12 00:31:06.0634 3016 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys 2011/02/12 00:31:06.0734 3016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/02/12 00:31:06.0881 3016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/12 00:31:07.0119 3016 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/02/12 00:31:07.0333 3016 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 2011/02/12 00:31:07.0440 3016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/12 00:31:07.0627 3016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/02/12 00:31:07.0713 3016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/12 00:31:07.0921 3016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/12 00:31:08.0148 3016 xtouch (444c391466fcf997586846db2df49cbd) C:\Windows\system32\DRIVERS\xtouch.sys 2011/02/12 00:31:08.0355 3016 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\QuickPlay\000.fcl 2011/02/12 00:31:08.0498 3016 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/12 00:31:08.0536 3016 ================================================================================ 2011/02/12 00:31:08.0536 3016 Scan finished 2011/02/12 00:31:08.0536 3016 ================================================================================ 2011/02/12 00:31:08.0565 3616 Detected object count: 1 2011/02/12 00:31:20.0861 3616 \HardDisk1 - will be cured after reboot 2011/02/12 00:31:20.0863 3616 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure 2011/02/12 00:31:43.0320 3108 Deinitialize success Geändert von O Heinz (12.02.2011 um 01:11 Uhr) |
|
12.02.2011, 10:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/TDss.A mit Virenscanner 3 xgefunden Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 685 bytes -> C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 669 bytes -> C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV
[2011.02.10 08:50:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rxqkubtm.sys
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell - "" = AutoRun
O33 - MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell - "" = AutoRun
O33 - MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell - "" = AutoRun
O33 - MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell - "" = AutoRun
O33 - MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell - "" = AutoRun
O33 - MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell - "" = AutoRun
O33 - MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell - "" = AutoRun
O33 - MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell - "" = AutoRun
O33 - MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell - "" = AutoRun
O33 - MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell - "" = AutoRun
O33 - MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O4 - HKCU..\Run: [DW6] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 11:10
| #9 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden All processes killed ========== OTL ========== ADS C:\Users\Besitzer\Documents\AW_ gewinde.eml:OECustomProperty deleted successfully. ADS C:\Users\Besitzer\Documents\Re_ gewinde.eml:OECustomProperty deleted successfully. Unable to delete ADS C:\Users\Besitzer\Documents\ogrevani_sedezi_www.planetbossi.ch.mpeg:TOC.WMV . Unable to delete ADS C:\Users\Besitzer\Documents\NEW.avi:TOC.WMV . Unable to delete ADS C:\Users\Besitzer\Documents\neuerSpannungsprüfer.mpg:TOC.WMV . Unable to delete ADS C:\Users\Besitzer\Documents\BegehbarerSchrank.avi:TOC.WMV . File C:\Windows\System32\drivers\rxqkubtm.sys not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. File E:\AUTOMODE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86dfb-da30-11dd-9bc2-001e68300c1c}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ec86e0e-da30-11dd-9bc2-001e68300c1c}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18831021-c66b-11de-8719-9d4e8499ecc1}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22ed21d1-1bbb-11df-9959-daedffe3e908}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232f4d41-9852-11de-bbd0-806e6f6e6963}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77b-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77b-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77b-90ae-11de-a350-e474c5728839}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77c-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77c-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77c-90ae-11de-a350-e474c5728839}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77f-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e77f-90ae-11de-a350-e474c5728839}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e77f-90ae-11de-a350-e474c5728839}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e782-90ae-11de-a350-ad3f831c2eab}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3867e787-90ae-11de-a350-ad3f831c2eab}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{446b4c09-9808-11de-b041-ac12ce5ec9ba}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fcaba16-9b1d-11de-8330-d113eb14b2d1}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4253c4-9f8e-11df-ab13-9f3c9c330bdd}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60c2371f-0d1f-11df-ae32-806e6f6e6963}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c84c765-cbc7-11de-8573-e50896887ff4}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{894f81c9-d171-11de-a0f1-806e6f6e6963}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bcea8-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bcea8-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bcea8-8e67-11de-ae73-00038a000015}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bceaa-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935bceaa-8e67-11de-ae73-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935bceaa-8e67-11de-ae73-00038a000015}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b0b353-2228-11df-9dac-df4f4eb54d13}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99dbb6fc-0ce1-11df-838c-aa8086c020a9}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d73d-9b2b-11de-b014-806e6f6e6963}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a212d79e-9b2b-11de-b014-ed454fea280e}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab491527-9b22-11de-9cbd-8ab1279669e5}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a77e-9b12-11de-8957-a74aed332be2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac74a797-9b12-11de-8957-a74aed332be2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d002cff5-0e7a-11df-b623-9768c52e6d42}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844ee-c673-11de-93be-9cfa62bfa2dc}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e844f0-c673-11de-93be-9cfa62bfa2dc}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc79f-d172-11de-827b-806e6f6e6963}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3fc7ff-d172-11de-827b-9fdd660c7dc5}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed3e6600-16e4-11df-81ad-806e6f6e6963}\ not found. File K:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73f18d6-76a2-11de-9dfe-e908ffce8612}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\AutoRun.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Besitzer ->Temp folder emptied: 192933 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 8842205 bytes ->Flash cache emptied: 37 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xxxx ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xxxx ->Flash cache emptied: 0 bytes User: xxxx ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 1163105681 bytes Total Files Cleaned = 1.118,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02122011_105717 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
12.02.2011, 11:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/TDss.A mit Virenscanner 3 xgefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 12:55
| #11 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden Combofix Logfile: Code:
ATTFilter ComboFix 11-02-11.02 - Besitzer 12.02.2011 12:17:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1771 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\programdata\hpe1652.dll
c:\users\Besitzer\AppData\Roaming\Desktopicon
c:\users\Besitzer\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Besitzer\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\KBL.LOG
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-12 bis 2011-02-12 ))))))))))))))))))))))))))))))
.
2011-02-12 11:33 . 2011-02-12 11:34 -------- d-----w- c:\users\Besitzer\AppData\Local\temp
2011-02-12 11:33 . 2011-02-12 11:33 -------- d-----w- c:\users\Moni\AppData\Local\temp
2011-02-12 11:33 . 2011-02-12 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 09:34 . 2011-02-12 09:34 -------- d-----w- C:\_OTL
2011-02-12 00:38 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D081E7A-D29E-43EE-BADF-33BB9BDD653A}\mpengine.dll
2011-02-09 22:34 . 2011-02-09 22:34 -------- d-----w- c:\users\Besitzer\AppData\Roaming\Malwarebytes
2011-02-09 22:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 22:34 . 2011-02-09 22:34 -------- d-----w- c:\programdata\Malwarebytes
2011-02-09 22:34 . 2011-02-09 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 22:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 08:46 . 2011-01-19 08:46 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 08:07 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 07:50 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 07:50 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 09:34 1197448 ----a-w- c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\Supertoolbar\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-06-23 434176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"Mobile Partner"="c:\program files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe" [2010-02-11 114688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HostManager"="c:\program files\Common Files\AOL\1231093279\ee\AOLSoftware.exe" [2006-09-26 50736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-02-11 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 16:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2004-06-23 24786]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-10-15 13224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-02-19 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-02-19 62592]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 xtouch;xtouch;c:\windows\system32\DRIVERS\xtouch.sys [2008-01-17 83072]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2006-11-24 217088]
S2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2006-11-24 368640]
S2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2006-11-24 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSgate.exe [2006-11-24 81920]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - BMLoad
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2011-02-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 19:46]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 19:03]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 19:03]
2011-02-09 c:\windows\Tasks\Norton Security Scan for Besitzer.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 18:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\5fj48scu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_de&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {0ae873a2-da32-8a94-9c57-7a7cc96c6c82} - c:\program files\Mozilla Firefox\extensions\{0ae873a2-da32-8a94-9c57-7a7cc96c6c82}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Freeware DE Toolbar: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - %profile%\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
FF - Ext: @@toolbarname@@: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
AddRemove-eBay Icon - c:\users\Besitzer\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-web'n'walk Manager - c:\program files\T-Mobile\web'n'walk Manager\uninst.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-12 12:34
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?2.tmp?FiG1?T\]??X???????A1?SU]???? ??????????????????????1??S]???7??(???am Files\T-Mobile\T-Mobile Internet Manager\?]??c:\users????^]??c:\Program Files\T-Mobile\T-Mobile Internet Mana
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-02-12 12:51:23
ComboFix-quarantined-files.txt 2011-02-12 11:51
Vor Suchlauf: 19 Verzeichnis(se), 127.870.722.048 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 127.798.407.168 Bytes frei
- - End Of File - - FF54CA807FB289108BC6763E8B45B993
CCleaner auch gemacht. Geändert von O Heinz (12.02.2011 um 13:18 Uhr) |
|
12.02.2011, 13:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/TDss.A mit Virenscanner 3 xgefunden Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 13:55
| #13 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:53:12 on 12.02.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Norton Security Scan for Besitzer.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Nss.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL "ElsaCfg.cpl" - "Volkswagen AG" - C:\Windows\system32\ElsaCfg.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\Besitzer\AppData\Local\Temp\catchme.sys (File not found) "EUTRON SmartKey Parallel Driver" (eusk2par) - "EUTRON" - C:\Windows\system32\Drivers\eusk2par.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "fwriikod" (fwriikod) - ? - C:\Users\Besitzer\AppData\Local\Temp\fwriikod.sys (Hidden registry entry, rootkit activity | File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\Windows\System32\drivers\PCASp50.sys (File not found) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File not found) "Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? - (File not found | COM-object registry key not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? - (File not found | COM-object registry key not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} "WiProtokollHandler Class" - "TODO: <Company name>" - C:\ElsaWin\bin\wiProt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{00000000-0000-0000-0000-000000000000}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) {EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll <binary data> "MSN Toolbar" - "Microsoft Corp." - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? - (File not found | COM-object registry key not found) <binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "MSN Toolbar Helper" - "Microsoft Corp." - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? - (File not found | COM-object registry key not found) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" "Mobile Partner" - ? - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\T-Mobile Internet Manager.exe" "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe "HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1231093279\ee\AOLSoftware.exe "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe "Windows Mobile-based device management" - "Microsoft Corporation" - %windir%\WindowsMobile\wmdc.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "ELSA APOSpro Server" (LcSvrSaz) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrSaz.exe "ELSA Historie Server" (LcSvrHis) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrHis.exe "ELSA PASS Server" (LcSvrPAS) - "Volkswagen AG" - C:\ElsaWin\bin\LcSvrPas.exe "ELSA Vaudis Service" (VSGate) - "Volkswagen AG" - C:\ElsaWin\bin\VSgate.exe "GameConsoleService" (GameConsoleService) - ? - "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" (File not found) "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
12.02.2011, 14:00
| #14 |
| | BOO/TDss.A mit Virenscanner 3 xgefunden MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv9700 Notebook PC Logical Drives Mask: 0x000000fc Kernel Drivers (total 160): 0x8264C000 \SystemRoot\system32\ntkrnlpa.exe 0x82619000 \SystemRoot\system32\hal.dll 0x8060D000 \SystemRoot\system32\kdcom.dll 0x80614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80684000 \SystemRoot\system32\PSHED.dll 0x80695000 \SystemRoot\system32\BOOTVID.dll 0x8069D000 \SystemRoot\system32\CLFS.SYS 0x806DE000 \SystemRoot\system32\CI.dll 0x8A802000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8A87E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8A88B000 \SystemRoot\system32\drivers\acpi.sys 0x8A8D1000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8A8DA000 \SystemRoot\system32\drivers\msisadrv.sys 0x8A8E2000 \SystemRoot\system32\drivers\pci.sys 0x8A909000 \SystemRoot\System32\drivers\partmgr.sys 0x8A918000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8A91B000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8A925000 \SystemRoot\system32\drivers\volmgr.sys 0x8A934000 \SystemRoot\System32\drivers\volmgrx.sys 0x8A97E000 \SystemRoot\system32\drivers\intelide.sys 0x8A985000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8A993000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AA0D000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8AAD4000 \SystemRoot\system32\drivers\atapi.sys 0x8AADC000 \SystemRoot\system32\drivers\ataport.SYS 0x8AAFA000 \SystemRoot\system32\drivers\msahci.sys 0x8AB03000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AB35000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AB45000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC09000 \SystemRoot\system32\drivers\ndis.sys 0x8AD14000 \SystemRoot\system32\drivers\msrpc.sys 0x8AD3F000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE00000 \SystemRoot\System32\drivers\tcpip.sys 0x8AEEA000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B009000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B119000 \SystemRoot\system32\drivers\volsnap.sys 0x8B152000 \SystemRoot\System32\Drivers\spldr.sys 0x8B15A000 \SystemRoot\System32\Drivers\mup.sys 0x8B169000 \SystemRoot\System32\drivers\ecache.sys 0x8B190000 \SystemRoot\system32\drivers\disk.sys 0x8B1A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B1C2000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B1CB000 \SystemRoot\system32\drivers\BMLoad.sys 0x8B1DE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B1E9000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B1F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8B1F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8AFCC000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x91006000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91977000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x91E0A000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91EAB000 \SystemRoot\System32\drivers\watchdog.sys 0x91EB7000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x91EC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91F00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x91F0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9200F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x92398000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x923B4000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x923C4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x923D2000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x923EC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x91F9C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x91979000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x923FB000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys 0x91FB0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x92000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x91FC0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x92007000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x91FD3000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x919CA000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9200C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x91FDE000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8AFDB000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91FE9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8AD7A000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8ADA9000 \SystemRoot\system32\DRIVERS\storport.sys 0x91FEF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8ABB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8AFF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8ABCD000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8ADEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8A9A3000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8A9B7000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x91FFA000 \SystemRoot\system32\DRIVERS\wanatw4.sys 0x8ABF0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91E00000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x923FD000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8A9CC000 \SystemRoot\system32\DRIVERS\ks.sys 0x807BE000 \SystemRoot\system32\DRIVERS\NWADIenum.sys 0x8AA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x807E9000 \SystemRoot\system32\DRIVERS\umbus.sys 0x92804000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92839000 \SystemRoot\system32\DRIVERS\sffp_sd.sys 0x92841000 \SystemRoot\system32\DRIVERS\sffdisk.sys 0x9284A000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x92853000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x92A0E000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x92864000 \SystemRoot\system32\drivers\portcls.sys 0x92891000 \SystemRoot\system32\drivers\drmk.sys 0x928B6000 \SystemRoot\system32\DRIVERS\smserial.sys 0x92BE9000 \SystemRoot\system32\drivers\modem.sys 0x929A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x929BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x929D3000 \SystemRoot\System32\Drivers\usbvideo.sys 0x92BF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x92A00000 \SystemRoot\System32\Drivers\Null.SYS 0x92A07000 \SystemRoot\System32\Drivers\Beep.SYS 0x929F4000 \SystemRoot\System32\drivers\vga.sys 0x92E0A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x92E2B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x92E33000 \SystemRoot\system32\drivers\rdpencdd.sys 0x92E3B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x92E46000 \SystemRoot\System32\Drivers\Npfs.SYS 0x92E54000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x92E5D000 \SystemRoot\system32\DRIVERS\tdx.sys 0x92E73000 \SystemRoot\System32\Drivers\tcpipBM.SYS 0x92E78000 \SystemRoot\system32\DRIVERS\smb.sys 0x92E8C000 \SystemRoot\System32\DRIVERS\netbt.sys 0x92EBE000 \SystemRoot\system32\drivers\afd.sys 0x92F06000 \SystemRoot\system32\DRIVERS\pacer.sys 0x92F1C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x92F2A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x92F3D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92F79000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92F89000 \SystemRoot\System32\Drivers\dfsc.sys 0x92FA0000 \SystemRoot\System32\Drivers\fastfat.SYS 0x92FC8000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8AF05000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x946A0000 \SystemRoot\System32\win32k.sys 0x92FD5000 \SystemRoot\System32\drivers\Dxapi.sys 0x92FDF000 \SystemRoot\system32\DRIVERS\monitor.sys 0x948C0000 \SystemRoot\System32\TSDDD.dll 0x948E0000 \SystemRoot\System32\cdd.dll 0x82208000 \SystemRoot\system32\drivers\luafv.sys 0x8222B000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8223B000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x82265000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8226F000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x82282000 \SystemRoot\system32\drivers\spsys.sys 0x82332000 \SystemRoot\system32\drivers\HTTP.sys 0x8239F000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x823BC000 \SystemRoot\system32\DRIVERS\bowser.sys 0x823D5000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0204000 \SystemRoot\system32\drivers\mrxdav.sys 0xA0225000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0244000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA027D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA0295000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA02BD000 \SystemRoot\System32\DRIVERS\srv.sys 0xA030B000 \SystemRoot\system32\drivers\peauth.sys 0xA03E9000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA03F3000 \SystemRoot\System32\drivers\tcpipreg.sys 0x823EA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x92FEE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA2E05000 \??\C:\Program Files\HP\QuickPlay\000.fcl 0xA2E22000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA2E4A000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA2E62000 \??\C:\Users\Besitzer\AppData\Local\Temp\fwriikod.sys 0x77A70000 \WINDOWS\System32\ntdll.dll Processes (total 94): 0 System Idle Process 4 System 480 C:\WINDOWS\System32\smss.exe 612 csrss.exe 664 C:\WINDOWS\System32\wininit.exe 676 csrss.exe 708 C:\WINDOWS\System32\services.exe 720 C:\WINDOWS\System32\lsass.exe 732 C:\WINDOWS\System32\lsm.exe 820 C:\WINDOWS\System32\winlogon.exe 916 C:\WINDOWS\System32\svchost.exe 960 C:\WINDOWS\System32\nvvsvc.exe 996 C:\WINDOWS\System32\svchost.exe 1036 C:\WINDOWS\System32\svchost.exe 1088 C:\WINDOWS\System32\svchost.exe 1120 C:\WINDOWS\System32\svchost.exe 1148 C:\WINDOWS\System32\svchost.exe 1212 C:\WINDOWS\System32\audiodg.exe 1232 C:\WINDOWS\System32\svchost.exe 1248 C:\WINDOWS\System32\SLsvc.exe 1360 C:\WINDOWS\System32\svchost.exe 1380 C:\WINDOWS\System32\svchost.exe 1580 C:\WINDOWS\System32\spoolsv.exe 1608 C:\WINDOWS\System32\svchost.exe 1804 C:\Program Files\Common Files\aol\acs\AOLacsd.exe 1816 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1832 C:\Program Files\Bonjour\mDNSResponder.exe 1856 C:\WINDOWS\System32\svchost.exe 1900 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 124 C:\ElsaWin\bin\LcSvrHis.exe 228 C:\ElsaWin\bin\LcSvrPas.exe 356 C:\ElsaWin\bin\LcSvrSaz.exe 500 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe 660 C:\WINDOWS\System32\IoctlSvc.exe 472 C:\WINDOWS\System32\svchost.exe 1060 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe 1616 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 680 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2080 C:\WINDOWS\System32\svchost.exe 2112 C:\ElsaWin\bin\VSGate.exe 2164 C:\WINDOWS\System32\svchost.exe 2192 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2236 C:\WINDOWS\System32\SearchIndexer.exe 2284 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2344 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 2404 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2760 C:\WINDOWS\System32\taskeng.exe 2788 WUDFHost.exe 2868 C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe 2920 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3040 C:\WINDOWS\System32\nvvsvc.exe 3208 C:\WINDOWS\System32\alg.exe 3668 C:\WINDOWS\System32\dwm.exe 3696 C:\WINDOWS\System32\taskeng.exe 3724 C:\WINDOWS\explorer.exe 2648 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 2704 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2708 C:\WINDOWS\RtHDVCpl.exe 880 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2856 C:\Program Files\Hp\QuickPlay\QPService.exe 836 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 1316 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 1356 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 2552 C:\Program Files\Common Files\aol\1231093279\ee\aolsoftware.exe 2528 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2748 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe 2852 C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe 3280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 1104 C:\WINDOWS\WindowsMobile\wmdc.exe 3108 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3976 C:\WINDOWS\System32\wbem\unsecapp.exe 3908 WmiPrvSE.exe 2232 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2440 C:\WINDOWS\System32\svchost.exe 3052 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 3304 C:\Program Files\Windows Media Player\wmpnscfg.exe 3128 C:\WINDOWS\System32\mobsync.exe 4224 C:\Program Files\Windows Media Player\wmpnetwk.exe 4336 C:\Program Files\Mozilla Firefox\firefox.exe 4392 C:\Users\Besitzer\AppData\Roaming\T-Mobile Internet Manager\ouc.exe 4952 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 4996 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 5584 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 6060 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3800 C:\WINDOWS\System32\taskeng.exe 4216 C:\WINDOWS\System32\sdclt.exe 3836 C:\WINDOWS\System32\svchost.exe 4156 C:\Users\Besitzer\Downloads\osam_autorun_manager_5_0_portable\osam.exe 2436 C:\WINDOWS\System32\conime.exe 4712 C:\WINDOWS\System32\SearchProtocolHost.exe 5836 C:\WINDOWS\System32\SearchFilterHost.exe 5484 dllhost.exe 2936 dllhost.exe 2676 C:\Users\Besitzer\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`4d611a00 (NTFS) PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P PhysicalDrive1 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC 232 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done! |
|
12.02.2011, 15:26
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/TDss.A mit Virenscanner 3 xgefunden GMER wollte nicht? Zitat:
Bevor wir den manuell fixen bitte zuerst mal des TDSS-Tool von Kaspersky drüberlaufen lassen => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BOO/TDss.A mit Virenscanner 3 xgefunden |
| adware.adrotator, adware.flvplayer, alternate, antivir, automatische, automatischen, avg security toolbar, avgntflt.sys, beendet, beendet und geschlossen, besitzer, bildschirm, boo/tdss.a, bookmark, corp./icp, dateien, datensicherung, einfach, fast start, fehlermeldung, hallo zusammen, home premium, hostprozess, iastor.sys, install.exe, intranet, laufwerk, launch, location, microsoft, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, probleme, programdata, prozess, rogue.registrydoctor, rogue.registrydoktor, runter, safer networking, scan, scanner, sched.exe, searchplugins, security scan, seite, seiten, start menu, startet, super, system neu, t-mobile, updates, virenscanner, öffnet |
Linear-Darstellung
