| |
| |||||||
Log-Analyse und Auswertung: Kazy.merkml1, fakeSysdef.A.313, usw.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.05.2011, 14:39
| #1 |
 |  Kazy.merkml1, fakeSysdef.A.313, usw. Hallo, ihr Lieben! Ich habe/hatte diverese Trojaner, wie die oben genannten, an Bord. Aktuell ist mein Problem folgendes: Ich habe kein sichtbares Laufwerk C mehr! Ich hatte bis vor kurzem noch die Avira AntiVir Vollversion an Bord und wollte diese durch den download von Kaspersky ersetzten, nachdem ich hier gelesen hatte, dass der wohl sehr wirkunsvoll sei. Vorgang: Download v. Kaspersky - Vollversion Avira runter - Installation Kaspersky gestartet - Neue Meldung: Wegen McAfee kann Kaspersky nicht installiert werden. Mit dem "löschen" Button kann ich McAfee aber nicht entfernen. Ich hatte McAfee nie aktiv. Möglicherweise ist das ein leerer Ordner in "C:" der alles blockiert? Ich bin jetzt ohne Virenschutz online und kann somit momentan auch keine genaueren Angaben mehr zu meinen Trojanern machen. :-(( Unter pers. Anleitung habe ich mit meinem Bruder in DOS (dir) mal geschaut, ob wenigstens da noch Dateien auf C: angezeigt werden - Fehlanzeige! (jedoch belegter Speicherplatz unter "Eigenschaften") Wenigstens konnten wir die Fehlermeldungen bzgl. beschädigter Festplatten-Cluster und beschädigtem RAM abstellen (fakeSysdef). Ich füge mal die OTL-Berichte usw. an und hoffe, dass ihr mir bei meinem Problem helfen könnt. Vielen Dank schon mal! VLG minniemaus OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.05.2011 14:25:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\minnie\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe PRC - [2011.05.06 14:00:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\YYY8767.exe PRC - [2011.04.28 12:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2011.03.24 01:37:35 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe MOD - [2011.02.24 07:29:55 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 03:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll ========== Win32 Services (SafeList) ========== SRV - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.03 14:53:00 | 001,155,072 | -H-- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2010.04.01 10:13:38 | 001,009,184 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.24 17:57:16 | 000,191,008 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.04 17:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.02.10 15:01:10 | 000,132,352 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd) DRV - [2010.02.04 13:54:32 | 001,558,368 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2010.02.03 05:36:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.09.18 04:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R) DRV - [2009.08.13 17:39:40 | 000,786,400 | -H-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009.05.13 12:47:30 | 000,027,160 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\minnie\AppData\Roaming\5015 [2011.04.28 15:03:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 14:22:29 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.23 00:59:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions [2010.06.23 00:44:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions [2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011.04.28 15:03:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MINNIE\APPDATA\ROAMING\5015 [2009.10.26 16:45:36 | 000,102,400 | -H-- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.10.22 20:44:30 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 20:44:30 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 20:44:31 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 20:44:31 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 20:44:31 | 000,000,801 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotKey] C:\Windows\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - Startup: C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\minnie\AppData\Roaming\appconf32.exe) - C:\Users\minnie\AppData\Roaming\appconf32.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell - "" = AutoRun O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.05.06 14:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.06 14:09:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe [2011.05.06 14:09:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe [2011.05.06 14:09:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\minnie\Desktop\Erunt-setup.exe [2011.04.28 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\UAs [2011.04.28 15:03:26 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\minnie\AppData\Roaming\AcroIEHelpe.dll [2011.04.28 15:03:23 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\5015 [2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\xmldm [2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\kock [2011.04.28 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\xmldm [2011.04.28 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\kock [2011.04.28 14:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.26 23:39:14 | 000,000,000 | ---D | C] -- C:\Eigene Dateien zusatz [2011.04.25 15:52:20 | 000,000,000 | -H-D | C] -- C:\Windows\pss [2011.04.24 16:06:01 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.10 22:57:55 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Local\S2 [2011.04.10 22:56:59 | 000,098,304 | -H-- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.04.10 22:56:59 | 000,000,000 | RH-D | C] -- C:\Users\minnie\AppData\Roaming\SecuROM [2011.04.10 13:38:36 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.04.10 13:33:54 | 000,000,000 | -H-D | C] -- C:\Programme\THQ [2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ [2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.06 14:18:47 | 000,000,624 | ---- | M] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk [2011.05.06 14:18:46 | 000,000,611 | ---- | M] () -- C:\Users\minnie\Desktop\ERUNT.lnk [2011.05.06 14:10:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job [2011.05.06 14:09:45 | 000,302,080 | ---- | M] () -- C:\Users\minnie\Desktop\g2m3e4r.exe [2011.05.06 14:09:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\minnie\Desktop\Erunt-setup.exe [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe [2011.05.06 14:09:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe [2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.06 13:48:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job [2011.05.06 13:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.06 13:48:27 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 23:38:54 | 000,008,866 | ---- | M] () -- C:\Users\minnie\wo wird gespeichert.odt [2011.04.25 16:38:06 | 000,003,224 | -H-- | M] () -- C:\bootsqm.dat [2011.04.24 16:08:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\33087240 [2011.04.24 16:06:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~33087240 [2011.04.24 16:06:01 | 000,000,635 | -H-- | M] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk [2011.04.24 16:06:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~33087240r [2011.04.22 21:15:18 | 000,654,166 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 21:15:18 | 000,616,008 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 21:15:18 | 000,130,006 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 21:15:18 | 000,106,388 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.17 21:07:19 | 000,396,544 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.10 22:56:59 | 000,098,304 | -H-- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.04.10 13:37:44 | 000,001,971 | -H-- | M] () -- C:\Users\Public\Desktop\Findet Nemo.lnk [1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.06 14:18:47 | 000,000,624 | ---- | C] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk [2011.05.06 14:18:46 | 000,000,611 | ---- | C] () -- C:\Users\minnie\Desktop\ERUNT.lnk [2011.05.06 14:09:30 | 000,302,080 | ---- | C] () -- C:\Users\minnie\Desktop\g2m3e4r.exe [2011.04.30 22:05:41 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job [2011.04.30 22:05:40 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job [2011.04.26 23:37:51 | 000,008,866 | ---- | C] () -- C:\Users\minnie\wo wird gespeichert.odt [2011.04.25 16:38:06 | 000,003,224 | -H-- | C] () -- C:\bootsqm.dat [2011.04.24 16:06:01 | 000,000,635 | -H-- | C] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk [2011.04.24 16:06:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~33087240r [2011.04.24 16:06:01 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~33087240 [2011.04.24 16:05:55 | 000,000,400 | -H-- | C] () -- C:\ProgramData\33087240 [2011.04.10 13:37:44 | 000,001,971 | -H-- | C] () -- C:\Users\Public\Desktop\Findet Nemo.lnk [2011.03.18 11:33:19 | 000,005,120 | -H-- | C] () -- C:\Users\minnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.17 19:33:00 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.12.09 21:23:19 | 000,015,873 | -H-- | C] () -- C:\Windows\System32\Inetde.dll [2010.08.25 20:30:02 | 000,127,868 | -H-- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | -H-- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.07.22 22:30:45 | 000,000,019 | -H-- | C] () -- C:\Users\minnie\AppData\Roaming\mdbu.bin [2010.07.04 00:35:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.06.23 00:44:34 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010.05.05 06:13:49 | 000,072,017 | -H-- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe [2010.05.01 10:04:19 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.22 16:06:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe [2010.04.22 16:06:50 | 000,149,504 | -H-- | C] () -- C:\Windows\unwise32_setup.exe [2010.04.22 16:04:02 | 000,451,072 | -H-- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010.04.22 13:11:09 | 000,870,560 | -H-- | C] () -- C:\Windows\System32\igkrng575.bin [2010.04.22 13:11:09 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.04.22 13:11:09 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.04.22 13:11:06 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.04.14 12:32:50 | 000,007,648 | -H-- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,654,166 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,006 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,396,544 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.12.09 17:23:13 | 000,046,080 | RHS- | C] () -- C:\Users\minnie\AppData\Roaming\appconf32.exe [2006.04.21 10:08:22 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\HtmlHelp.dll [2000.08.29 15:40:10 | 000,006,137 | -H-- | C] () -- C:\Windows\System32\E1.ini [2000.08.02 21:47:20 | 000,026,112 | -H-- | C] () -- C:\Windows\RunUnDrv.exe ========== LOP Check ========== [2011.04.28 15:03:23 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\5015 [2011.01.22 01:55:53 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Ashampoo [2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\BOM [2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\IrfanView [2011.04.28 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\kock [2010.08.12 21:59:31 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Lexware [2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\MAGIX [2010.06.26 23:14:34 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\OpenOffice.org [2010.07.26 16:20:47 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\TeamViewer [2011.04.24 14:22:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Thunderbird [2011.04.28 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\UAs [2011.03.18 22:30:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\wxMozBrowserLib [2011.04.28 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\xmldm [2010.12.22 11:45:27 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\YoudaGames [2010.12.22 11:45:23 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Zylom [2011.04.08 21:55:30 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.31 09:02:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.09.29 00:03:51 | 000,000,000 | -H-D | M] -- C:\8a364a0cc8ca466192c17e [2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.26 23:40:15 | 000,000,000 | ---D | M] -- C:\Eigene Dateien zusatz [2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Intel [2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\kock [2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Medion [2010.04.23 12:51:02 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.04.28 14:58:46 | 000,000,000 | RH-D | M] -- C:\Programme [2011.04.28 14:58:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Programme [2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.26 21:26:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.23 12:14:09 | 000,000,000 | RH-D | M] -- C:\Users [2011.05.06 14:11:45 | 000,000,000 | -H-D | M] -- C:\Windows [2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\xmldm < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-25 05:08:15 < > < End of report > SCAN: activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.05.2011 14:25:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\minnie\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Scanner" = USB Scanner
"Vokabelcheck Spanisch" = Vokabelcheck Spanisch
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2011 16:17:45 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccbc Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000506ab ID des fehlerhaften
Prozesses: 0xebc Startzeit der fehlerhaften Anwendung: 0x01cc0773a83c4fc4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll Berichtskennung: e8ba1b97-7366-11e0-82d9-00262dbf66c7
Error - 30.04.2011 16:27:06 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPGSS.SCR, Version: 14.0.8081.709,
Zeitstempel: 0x4a57911d Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00050cf9 ID des fehlerhaften
Prozesses: 0x500 Startzeit der fehlerhaften Anwendung: 0x01cc0774f8205830 Pfad der
fehlerhaften Anwendung: C:\Windows\WLXPGSS.SCR Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
37097a15-7368-11e0-82d9-00262dbf66c7
Error - 04.05.2011 18:42:36 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00050d43 ID des fehlerhaften
Prozesses: 0x5b4 Startzeit der fehlerhaften Anwendung: 0x01cc0aac9012d866 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\kernel32.dll Berichtskennung: ce4bd476-769f-11e0-bd43-00262dbf66c7
Error - 06.05.2011 07:49:17 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00050d43 ID des fehlerhaften
Prozesses: 0x15b0 Startzeit der fehlerhaften Anwendung: 0x01cc0be39ef5af86 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\kernel32.dll Berichtskennung: de798add-77d6-11e0-89bc-00262dbf66c7
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00050878 ID des fehlerhaften
Prozesses: 0x1664 Startzeit der fehlerhaften Anwendung: 0x01cc0be4fa956844 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
38a38b8f-77d8-11e0-89bc-00262dbf66c7
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil10i_ActiveX.exe, Version:
10.1.82.76, Zeitstempel: 0x4c4fd88f Name des fehlerhaften Moduls: kernel32.dll,
Version: 6.1.7600.16481, Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00050bc7 ID des fehlerhaften Prozesses: 0xaec Startzeit der fehlerhaften Anwendung:
0x01cc0be4faf23dee Pfad der fehlerhaften Anwendung: C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll Berichtskennung: 38aaafb0-77d8-11e0-89bc-00262dbf66c7
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000506ab ID des fehlerhaften
Prozesses: 0x1d88 Startzeit der fehlerhaften Anwendung: 0x01cc0be5083e2db6 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
45fdc399-77d8-11e0-89bc-00262dbf66c7
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc2d9 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000505d7 ID des fehlerhaften
Prozesses: 0x173c Startzeit der fehlerhaften Anwendung: 0x01cc0be5085138b8 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\kernel32.dll Berichtskennung: 460e6d3b-77d8-11e0-89bc-00262dbf66c7
Error - 06.05.2011 08:22:08 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccbc Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
Zeitstempel: 0x4b1e3897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00050af2 ID des fehlerhaften
Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01cc0be8367c3c4f Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll Berichtskennung: 756aaa5f-77db-11e0-89bc-00262dbf66c7
Error - 06.05.2011 08:24:03 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SkypeNames2.exe, Version: 4.2.0.4823,
Zeitstempel: 0x4b06ab4c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075c8c ID des fehlerhaften
Prozesses: 0x13f8 Startzeit der fehlerhaften Anwendung: 0x01cc0be87c5051af Pfad der
fehlerhaften Anwendung: C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ba0eeddb-77db-11e0-89bc-00262dbf66c7
[ System Events ]
Error - 03.01.2011 06:38:28 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 10.01.2011 14:49:46 | Computer Name = minnie-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 17.01.2011 10:21:07 | Computer Name = minnie-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 20.01.2011 20:17:43 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
Error - 24.01.2011 14:39:08 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
Error - 26.01.2011 15:18:32 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2011 09:05:49 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2011 um 14:03:06 unerwartet heruntergefahren.
Error - 31.01.2011 15:29:17 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?01.?2011 um 20:27:12 unerwartet heruntergefahren.
< End of report >
Geändert von minniemaus (06.05.2011 um 15:30 Uhr) |
|
06.05.2011, 19:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kazy.merkml1, fakeSysdef.A.313, usw. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
06.05.2011, 23:04
| #3 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Hallo, Arne!
__________________Danke für dein Interesse! Ich hab heute noch versucht, die Gmer-Datei anzuhängen und hab das zippen nicht hingekriegt... Ich versuchs jetzt nochmal und hab auch die Anti-Maleware Geschichte schon runtergeladen und laufen lassen. Die Gmer-Sache muß ich noch erledigen -irgendwie ;-) juhu!!! Ich hab die Gmer-Zip reingebracht! :-)))  Gruß Myrjam Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6521 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.05.2011 23:54:53 mbam-log-2011-05-06 (23-54-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 277832 Laufzeit: 40 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 2 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\minnie\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot. Infizierte Dateien: c:\Users\minnie\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\recycle.bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Geändert von minniemaus (06.05.2011 um 23:16 Uhr) |
|
07.05.2011, 07:29
| #4 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Hallo, nochmal! Heute Nacht hab ich´s geschafft, den Kaspersky zu installieren und hab den mal gründlich laufen lassen. Mann, hat der noch einen Haufen Zeugs gefunden... Mein letztes, großes Problem wäre jetzt, dass ich über die (alten) Dateien und Programme von C: nicht mehr verfügen kann und mein Desktop und Bildschirmschoner schwarz sind. Sollte ich die OTL, ERUNT und GMER nochmal neu er- und hier einstellen? Viele Grüße Myrjam |
|
07.05.2011, 15:03
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2011.05.06 14:00:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\YYY8767.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell - "" = AutoRun
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell\AutoRun\command - "" = F:\pushinst.exe
[2011.04.28 15:03:23 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\5015
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\kock
[2011.04.24 16:08:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\33087240
[2011.04.24 16:06:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~33087240
[2011.04.24 16:06:01 | 000,000,635 | -H-- | M] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~33087240r
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.05.2011, 22:41
| #6 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Hallo, Arne! Danke dir, erst mal! Hab ich gemacht. Hier der Bericht: All processes killed ========== OTL ========== No active process named YYY8767.exe was found! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found. File F:\pushinst.exe not found. C:\Users\minnie\AppData\Roaming\5015\components folder moved successfully. C:\Users\minnie\AppData\Roaming\5015 folder moved successfully. C:\xmldm folder moved successfully. C:\kock folder moved successfully. C:\ProgramData\33087240 moved successfully. C:\ProgramData\~33087240 moved successfully. File C:\Users\minnie\Desktop\Windows Recovery.lnk not found. C:\ProgramData\~33087240r moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Fleischi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: minnie ->Temp folder emptied: 13103191 bytes ->Temporary Internet Files folder emptied: 13864162 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38593026 bytes ->Google Chrome cache emptied: 6199460 bytes ->Flash cache emptied: 709 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1526766 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1588622 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 71,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05072011_233820 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
07.05.2011, 23:29
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 00:22
| #8 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Also, den TDSSKiller hab ich ausgeführt und den Malwarescan laufen lassen. Hier das Ergebnis: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6521 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.05.2011 01:16:22 mbam-log-2011-05-08 (01-16-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161211 Laufzeit: 3 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) unhide.exe hab ich auch laufen lassen, und sieh einer an! Meine Desktop Icons sind wieder da! Da muss ich gleich mal mein C: checken, hi, hi! |
|
08.05.2011, 00:24
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Das Log vom tdsskiller bräuchte ich noch. Liegt direkt auf C:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 00:35
| #10 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. WOW!!! Herzlichen Dank!!!  Alles ist wieder da! Danke, dass du dir so viel Zeit für mich genommen hast, du bist mein Held! - Jetzt weiß ich auch, warum du den  ausgewählt hast ...Kann ich irgendwie herausfinden, wo ich mir das ganze Zeug eingefangen hab? Viele Grüße Myrjam  |
|
08.05.2011, 01:44
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Liest du irgendwie an meinen Postings vorbei? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2011, 14:00
| #12 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Jawohl! Tschuldigung! Hab ich tatsächlich "überlesen" ;-) Nix desto trotz, hier ist es: 2011/05/08 01:04:50.0120 2380 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/08 01:04:50.0354 2380 ================================================================================ 2011/05/08 01:04:50.0354 2380 SystemInfo: 2011/05/08 01:04:50.0370 2380 2011/05/08 01:04:50.0370 2380 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/08 01:04:50.0370 2380 Product type: Workstation 2011/05/08 01:04:50.0370 2380 ComputerName: MINNIE-PC 2011/05/08 01:04:50.0370 2380 UserName: minnie 2011/05/08 01:04:50.0370 2380 Windows directory: C:\Windows 2011/05/08 01:04:50.0370 2380 System windows directory: C:\Windows 2011/05/08 01:04:50.0370 2380 Processor architecture: Intel x86 2011/05/08 01:04:50.0370 2380 Number of processors: 4 2011/05/08 01:04:50.0370 2380 Page size: 0x1000 2011/05/08 01:04:50.0370 2380 Boot type: Normal boot 2011/05/08 01:04:50.0370 2380 ================================================================================ 2011/05/08 01:04:50.0682 2380 Initialize success 2011/05/08 01:05:08.0809 3928 ================================================================================ 2011/05/08 01:05:08.0809 3928 Scan started 2011/05/08 01:05:08.0809 3928 Mode: Manual; 2011/05/08 01:05:08.0809 3928 ================================================================================ 2011/05/08 01:05:10.0525 3928 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/08 01:05:10.0556 3928 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/08 01:05:10.0603 3928 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/08 01:05:10.0728 3928 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/08 01:05:10.0852 3928 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/08 01:05:10.0915 3928 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/08 01:05:11.0040 3928 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/05/08 01:05:11.0086 3928 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/08 01:05:11.0196 3928 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/05/08 01:05:11.0336 3928 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/08 01:05:11.0383 3928 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/05/08 01:05:11.0523 3928 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/08 01:05:11.0570 3928 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/08 01:05:11.0679 3928 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/08 01:05:11.0726 3928 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/05/08 01:05:11.0835 3928 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/08 01:05:11.0866 3928 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/05/08 01:05:11.0976 3928 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/05/08 01:05:12.0022 3928 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/05/08 01:05:12.0116 3928 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/08 01:05:12.0147 3928 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/08 01:05:12.0272 3928 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/08 01:05:12.0444 3928 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/05/08 01:05:12.0584 3928 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/05/08 01:05:12.0709 3928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/05/08 01:05:12.0849 3928 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/08 01:05:12.0990 3928 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/08 01:05:13.0052 3928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/08 01:05:13.0161 3928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/08 01:05:13.0208 3928 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/05/08 01:05:13.0302 3928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/08 01:05:13.0348 3928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/08 01:05:13.0458 3928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/08 01:05:13.0504 3928 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/08 01:05:13.0645 3928 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/08 01:05:13.0707 3928 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/08 01:05:13.0832 3928 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/08 01:05:13.0879 3928 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/05/08 01:05:14.0050 3928 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/08 01:05:14.0082 3928 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/08 01:05:14.0191 3928 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/05/08 01:05:14.0238 3928 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/08 01:05:14.0347 3928 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/08 01:05:14.0394 3928 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/08 01:05:14.0534 3928 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys 2011/05/08 01:05:14.0737 3928 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 2011/05/08 01:05:14.0924 3928 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/05/08 01:05:15.0018 3928 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/05/08 01:05:15.0174 3928 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/05/08 01:05:15.0236 3928 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/05/08 01:05:15.0376 3928 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/08 01:05:15.0595 3928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/05/08 01:05:15.0844 3928 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/08 01:05:15.0954 3928 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/08 01:05:16.0032 3928 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/05/08 01:05:16.0141 3928 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/05/08 01:05:16.0266 3928 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/08 01:05:16.0312 3928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/05/08 01:05:16.0344 3928 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/05/08 01:05:16.0453 3928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/08 01:05:16.0515 3928 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/05/08 01:05:16.0640 3928 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/05/08 01:05:16.0671 3928 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/08 01:05:16.0780 3928 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/08 01:05:16.0843 3928 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/08 01:05:17.0014 3928 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/08 01:05:17.0061 3928 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/05/08 01:05:17.0186 3928 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/08 01:05:17.0233 3928 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 2011/05/08 01:05:17.0342 3928 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/08 01:05:17.0389 3928 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/08 01:05:17.0498 3928 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/08 01:05:17.0623 3928 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/08 01:05:17.0763 3928 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/08 01:05:17.0826 3928 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/05/08 01:05:17.0919 3928 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/08 01:05:17.0950 3928 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/08 01:05:18.0075 3928 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/08 01:05:18.0200 3928 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/05/08 01:05:18.0434 3928 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/05/08 01:05:18.0730 3928 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/08 01:05:18.0793 3928 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys 2011/05/08 01:05:18.0949 3928 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys 2011/05/08 01:05:19.0152 3928 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys 2011/05/08 01:05:19.0198 3928 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/08 01:05:19.0308 3928 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/08 01:05:19.0370 3928 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/08 01:05:19.0479 3928 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/05/08 01:05:19.0526 3928 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/05/08 01:05:19.0557 3928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/08 01:05:19.0666 3928 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/08 01:05:19.0713 3928 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/08 01:05:19.0838 3928 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/08 01:05:19.0994 3928 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys 2011/05/08 01:05:20.0041 3928 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys 2011/05/08 01:05:20.0197 3928 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys 2011/05/08 01:05:20.0368 3928 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys 2011/05/08 01:05:20.0400 3928 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys 2011/05/08 01:05:20.0431 3928 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/08 01:05:20.0540 3928 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/08 01:05:20.0680 3928 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys 2011/05/08 01:05:20.0743 3928 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/08 01:05:20.0899 3928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/08 01:05:20.0946 3928 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/08 01:05:21.0070 3928 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/08 01:05:21.0117 3928 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/08 01:05:21.0289 3928 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/05/08 01:05:21.0367 3928 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/08 01:05:21.0648 3928 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/08 01:05:21.0835 3928 mod7700 (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys 2011/05/08 01:05:22.0131 3928 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/05/08 01:05:22.0381 3928 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/08 01:05:22.0552 3928 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/08 01:05:22.0896 3928 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/08 01:05:23.0005 3928 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/05/08 01:05:23.0098 3928 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/08 01:05:23.0348 3928 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/08 01:05:23.0644 3928 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/05/08 01:05:23.0820 3928 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/08 01:05:24.0040 3928 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/08 01:05:24.0280 3928 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/08 01:05:24.0470 3928 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/08 01:05:24.0620 3928 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/08 01:05:24.0850 3928 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/05/08 01:05:25.0020 3928 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/08 01:05:25.0080 3928 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/08 01:05:25.0310 3928 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/08 01:05:25.0500 3928 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/08 01:05:25.0680 3928 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/05/08 01:05:25.0740 3928 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/05/08 01:05:25.0900 3928 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/08 01:05:26.0150 3928 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/05/08 01:05:26.0410 3928 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/08 01:05:26.0640 3928 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/05/08 01:05:26.0907 3928 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/08 01:05:27.0126 3928 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/05/08 01:05:27.0297 3928 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/08 01:05:27.0484 3928 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/08 01:05:27.0578 3928 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/08 01:05:27.0750 3928 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/08 01:05:27.0890 3928 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/05/08 01:05:27.0952 3928 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/08 01:05:28.0186 3928 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/08 01:05:28.0389 3928 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/08 01:05:28.0576 3928 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/05/08 01:05:28.0717 3928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/08 01:05:28.0795 3928 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/05/08 01:05:28.0857 3928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/05/08 01:05:29.0013 3928 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/05/08 01:05:29.0200 3928 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/05/08 01:05:29.0310 3928 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/08 01:05:29.0403 3928 NxpCap (6ed44348ca155a86a5b9802db2cebc69) C:\Windows\system32\DRIVERS\NxpCap.sys 2011/05/08 01:05:29.0559 3928 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/08 01:05:29.0622 3928 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/05/08 01:05:29.0793 3928 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/05/08 01:05:29.0965 3928 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/05/08 01:05:30.0090 3928 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/05/08 01:05:30.0152 3928 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/08 01:05:30.0277 3928 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/08 01:05:30.0433 3928 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/05/08 01:05:30.0589 3928 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/05/08 01:05:30.0776 3928 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/08 01:05:30.0838 3928 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/05/08 01:05:30.0994 3928 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/08 01:05:31.0213 3928 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/08 01:05:31.0338 3928 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/08 01:05:31.0494 3928 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/08 01:05:31.0634 3928 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/08 01:05:31.0806 3928 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/08 01:05:32.0008 3928 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/08 01:05:32.0196 3928 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/08 01:05:32.0336 3928 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/08 01:05:32.0383 3928 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/08 01:05:32.0617 3928 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/08 01:05:32.0773 3928 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/08 01:05:33.0007 3928 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/08 01:05:33.0178 3928 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/08 01:05:33.0319 3928 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/05/08 01:05:33.0584 3928 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/05/08 01:05:33.0756 3928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/08 01:05:33.0896 3928 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys 2011/05/08 01:05:34.0036 3928 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys 2011/05/08 01:05:34.0208 3928 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/08 01:05:34.0286 3928 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/08 01:05:34.0520 3928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/08 01:05:34.0707 3928 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/08 01:05:34.0785 3928 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/05/08 01:05:34.0910 3928 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/08 01:05:35.0113 3928 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/08 01:05:35.0253 3928 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/08 01:05:35.0394 3928 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/08 01:05:35.0581 3928 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/08 01:05:35.0784 3928 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/05/08 01:05:35.0940 3928 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/08 01:05:35.0971 3928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/08 01:05:36.0127 3928 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/05/08 01:05:36.0408 3928 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/05/08 01:05:36.0501 3928 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys 2011/05/08 01:05:36.0610 3928 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/08 01:05:36.0782 3928 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/08 01:05:36.0922 3928 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/08 01:05:37.0063 3928 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/08 01:05:37.0203 3928 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/08 01:05:37.0312 3928 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/05/08 01:05:37.0468 3928 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/08 01:05:37.0687 3928 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/08 01:05:37.0874 3928 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/05/08 01:05:37.0952 3928 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/05/08 01:05:38.0139 3928 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/08 01:05:38.0264 3928 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/08 01:05:38.0560 3928 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/08 01:05:38.0732 3928 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/08 01:05:38.0826 3928 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/08 01:05:38.0950 3928 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/08 01:05:39.0122 3928 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/08 01:05:39.0278 3928 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/08 01:05:39.0340 3928 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/08 01:05:39.0481 3928 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/08 01:05:39.0528 3928 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/08 01:05:39.0684 3928 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/08 01:05:39.0777 3928 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/08 01:05:39.0886 3928 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/08 01:05:40.0011 3928 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/08 01:05:40.0105 3928 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/08 01:05:40.0276 3928 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/08 01:05:40.0401 3928 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/08 01:05:40.0510 3928 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2011/05/08 01:05:40.0635 3928 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/08 01:05:40.0729 3928 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/08 01:05:40.0838 3928 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/05/08 01:05:40.0900 3928 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/08 01:05:41.0025 3928 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/05/08 01:05:41.0072 3928 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/05/08 01:05:41.0166 3928 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/08 01:05:41.0212 3928 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/08 01:05:41.0244 3928 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/05/08 01:05:41.0353 3928 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/08 01:05:41.0431 3928 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/08 01:05:41.0540 3928 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/08 01:05:41.0602 3928 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/08 01:05:41.0696 3928 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/08 01:05:41.0758 3928 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/08 01:05:41.0774 3928 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/08 01:05:41.0868 3928 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/05/08 01:05:41.0914 3928 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/08 01:05:42.0070 3928 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/08 01:05:42.0102 3928 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/05/08 01:05:42.0273 3928 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/08 01:05:42.0429 3928 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/08 01:05:42.0492 3928 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/05/08 01:05:42.0616 3928 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/08 01:05:42.0772 3928 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys 2011/05/08 01:05:42.0897 3928 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys 2011/05/08 01:05:43.0038 3928 ================================================================================ 2011/05/08 01:05:43.0038 3928 Scan finished 2011/05/08 01:05:43.0038 3928 ================================================================================ 2011/05/08 01:06:20.0166 2320 Deinitialize success |
|
08.05.2011, 14:35
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2011, 22:28
| #14 |
| | Kazy.merkml1, fakeSysdef.A.313, usw. Ei, ei, ei! Geschafft! Hatte so meine Probleme damit.. Hier ist das Ergebnis: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-09.01 - minnie 09.05.2011 23:02:27.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.2087 [GMT 2:00]
ausgeführt von:: c:\users\minnie\Desktop\cofi.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-09 bis 2011-05-09 ))))))))))))))))))))))))))))))
.
.
2011-05-09 21:07 . 2011-05-09 21:07 -------- d-----w- c:\users\Fleischi\AppData\Local\temp
2011-05-09 21:07 . 2011-05-09 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 20:49 . 2011-05-09 20:49 -------- d-----w- c:\program files\CCleaner
2011-05-09 19:55 . 2011-05-09 20:05 -------- d-----w- C:\cofi
2011-05-09 19:31 . 2011-05-09 19:55 -------- d-----w- C:\ComboFix
2011-05-08 12:56 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-08 12:56 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-08 12:56 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-08 12:56 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-08 12:56 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-08 12:56 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-08 12:56 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-08 12:56 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-08 12:56 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-08 12:56 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-08 12:55 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-08 12:55 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-07 21:38 . 2011-05-07 21:38 -------- d-----w- C:\_OTL
2011-05-07 07:04 . 2009-07-14 01:19 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-06 23:36 . 2010-10-01 20:05 162392 begin_of_the_skype_highlighting**************05 162392******end_of_the_skype_highlighting ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-05-06 23:36 . 2011-05-06 23:48 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-06 23:36 . 2011-05-06 23:48 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-06 23:36 . 2011-05-06 23:36 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-06 23:36 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-05-06 23:36 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-05-06 23:35 . 2011-05-09 20:22 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-06 23:35 . 2011-05-06 23:35 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-06 23:35 . 2011-05-06 23:35 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-05-06 23:27 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A0EA7-C23A-49CB-AFA5-DCEBCFC4102D}\mpengine.dll
2011-05-06 20:54 . 2011-05-06 20:54 -------- d-----w- c:\users\minnie\AppData\Roaming\Malwarebytes
2011-05-06 20:47 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 20:47 . 2011-05-06 20:47 -------- d-----w- c:\programdata\Malwarebytes
2011-04-28 13:42 . 2011-04-28 13:42 -------- d-----w- c:\users\minnie\AppData\Roaming\UAs
2011-04-28 13:03 . 2011-04-28 13:03 112 ----a-w- c:\users\minnie\AppData\Roaming\srvblck2.tmp
2011-04-28 13:03 . 2011-04-28 13:47 -------- d-----w- c:\users\minnie\AppData\Roaming\xmldm
2011-04-28 13:03 . 2011-04-28 13:03 -------- d-----w- c:\users\minnie\AppData\Roaming\kock
2011-04-28 12:53 . 2011-04-28 12:53 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-26 21:39 . 2011-04-26 21:40 -------- d-----w- C:\Eigene Dateien zusatz
2011-04-16 18:23 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 18:23 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-16 18:22 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-16 18:22 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-16 18:22 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-16 18:22 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-16 18:22 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-16 18:22 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-16 18:22 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-10 20:57 . 2011-04-10 21:31 -------- d-----w- c:\users\minnie\AppData\Local\S2
2011-04-10 20:56 . 2011-04-10 20:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-10 20:56 . 2011-04-10 20:56 -------- d-----r- c:\users\minnie\AppData\Roaming\SecuROM
2011-04-10 12:10 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-10 11:33 . 2011-04-10 11:33 -------- d-----w- c:\program files\THQ
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-08 22:23 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-08 22:23 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:23 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
.
c:\users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-6-23 1725440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 18:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 18:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 18:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 136176]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2010-02-04 1558368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 19:54]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\minnie\AppData\Roaming\Mozilla\Firefox\Profiles\k003e2dl.default\
FF - prefs.js: browser.startup.homepage - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-487931405-2085747511-1338590169-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c2,0a,96,f9,55,87,36,ca,dd,77,16,cb,2d,21,ce,6a,83,b1,e8,d6,70,3d,1b,
8a,11,32,9c,11,df,27,0f,51,eb,a6,44,64,60,1a,68,54,74,6a,38,22,54,79,6d,90,\
"??"=hex:5f,15,55,1b,22,37,ef,8f,49,77,48,76,f9,7c,3c,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-09 23:09:07
ComboFix-quarantined-files.txt 2011-05-09 21:09
ComboFix2.txt 2011-05-09 20:04
ComboFix3.txt 2011-05-09 19:39
.
Vor Suchlauf: 14 Verzeichnis(se), 191.843.864.576 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 191.816.458.240 Bytes frei
.
- - End Of File - - BD3D12ED31E748289214D5C87C7F13D5
Wenn ich Firefox aufrufen wollte bekam ich irgendeine Meldung von einem unzulässigen Vorgang bezgl. der Registrierungsdatei ... Nach einem Neustart kein Problem mehr. ?? Firefox war bei combofix-Lauf evtl noch aktiv  Sorry! |
|
10.05.2011, 11:02
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.merkml1, fakeSysdef.A.313, usw. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Kazy.merkml1, fakeSysdef.A.313, usw. |
| 2.0.7, alles blockiert, antivir, avira, bho, blockiert, c:\windows\system32\rundll32.exe, disabletaskmgr, druck, error, excel.exe, festplatte, firefox, google, google chrome, home, install.exe, installation, intranet, kaspersky, laufwerk c, launch, location, logfile, microsoft office word, mozilla, mozilla thunderbird, nicht installiert, ntdll.dll, office 2007, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, security update, senden, software, speicherplatz, start menu, studio, svchost.exe, trojaner, usb 2.0, webcheck, windows |
Linear-Darstellung
