| |
| |||||||
Log-Analyse und Auswertung: bka virus +logfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.06.2011, 12:09
| #1 |
 |  bka virus +logfiles habe den schon oft genannten bka virus, habe mit reatogo cd den befallenen pc gestarted. hier die logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/12/2011 2:11:05 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.99 Gb Total Space | 284.90 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 7.53 Gb Total Space | 7.53 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2011/06/06 21:30:02 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll -- (Akamai)
SRV - [2011/06/02 10:24:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/29 01:18:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 13:31:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/28 08:08:20 | 003,447,296 | ---- | M] (Egis Technology Inc.) [Auto] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/23 07:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | Auto] -- -- (adfs)
DRV - [2011/03/17 13:31:09 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/24 12:11:57 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/06 08:12:19 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/28 08:09:31 | 000,022,528 | ---- | M] (Egistec) [Kernel | Auto] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2010/07/28 08:08:52 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 18:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/03/23 07:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/10 23:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010/02/10 23:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010/02/10 23:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010/02/10 23:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/14 22:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/14 22:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/10/02 04:59:16 | 000,489,952 | ---- | M] (ITETech ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/18 11:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/01/30 06:14:14 | 000,191,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/16 12:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/08 04:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008/10/08 04:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/10/15 11:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\erix_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 47 83 30 9F 3D CB 01 [binary data]
IE - HKU\erix_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\erix_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.139
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}: C:\Users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4} [2011/05/02 18:31:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010/04/01 08:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 06:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:19:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/10 06:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/10 06:57:02 | 000,000,000 | ---D | M]
[2010/07/29 12:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\erix\AppData\Roaming\Mozilla\Extensions
[2010/07/29 12:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\erix\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/23 15:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\extensions
[2010/11/24 18:51:26 | 000,000,000 | ---D | M] () -- C:\Users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/10/13 06:06:27 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\extensions\battlefieldheroespatcher@ea.com
[2011/04/11 08:38:42 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\extensions\battlefieldplay4free@ea.com
[2011/05/02 04:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 06:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/02 07:58:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/01 08:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON
[2011/05/02 18:31:59 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ERIX\APPDATA\LOCAL\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}
() (No name found) -- C:\USERS\ERIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\539GP8U2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 12:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/06/19 05:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 05:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
Hosts file not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\erix_ON_C..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKU\erix_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\erix_ON_C..\Run: [msnmsgr] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\erix_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\0.7420111087137579.exe) - C:\Windows\Temp\0.7420111087137579.exe (BitDefender)
O20 - HKU\erix_ON_C Winlogon: Shell - (C:\Users\erix\AppData\Local\Temp\43F6.tmp) - C:\Users\erix\AppData\Local\Temp\43F6.tmp (BitDefender)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/18 05:45:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{19369e0d-d143-11df-ad61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19369e0d-d143-11df-ad61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{9303e798-c703-11df-8b58-001f16bdede9}\Shell - "" = AutoRun
O33 - MountPoints2\{9303e798-c703-11df-8b58-001f16bdede9}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Data\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/09 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\erix\AppData\Roaming\Fuupzy
[2011/06/09 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\erix\AppData\Roaming\Emabk
[2011/06/09 12:06:06 | 000,200,704 | ---- | C] (ICSharpCode.net) -- C:\Users\erix\Desktop\ICSharpCode.SharpZipLib.dll
[2011/06/09 11:58:55 | 000,000,000 | ---D | C] -- C:\Users\erix\AppData\Roaming\styler2go
[2011/06/09 11:58:29 | 001,403,904 | ---- | C] (Geek Defense Foundation) -- C:\Users\erix\Desktop\LoLLanguageChanger.exe
[2011/06/08 17:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/06/08 17:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011/06/07 12:09:02 | 000,000,000 | ---D | C] -- C:\Users\erix\Documents\Trials 2
[2011/06/07 12:08:57 | 000,000,000 | ---D | C] -- C:\Users\erix\AppData\Local\Redlynx
[2011/06/06 09:14:23 | 000,000,000 | ---D | C] -- C:\Users\erix\AppData\Roaming\Cobra Mobile
[2011/06/06 09:14:22 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/06/06 09:14:22 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/06/06 09:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/05/31 07:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/05/30 04:14:18 | 000,724,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bmutil.dll
[2011/05/30 04:14:18 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2011/05/30 04:14:18 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2011/05/30 04:14:18 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2011/05/30 04:14:18 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2011/05/30 04:14:18 | 000,013,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sporder.dll
[2011/05/30 04:14:18 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2011/05/30 04:14:03 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys
[2011/05/30 04:14:03 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2011/05/30 04:14:02 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys
[2011/05/30 04:14:02 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys
[2011/05/30 04:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2011/05/30 04:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\congstar
[2011/05/28 14:52:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/24 21:25:08 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 05:35:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/19 06:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/19 06:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/17 09:42:24 | 000,000,000 | ---D | C] -- C:\Users\erix\Desktop\EXPORT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/12 06:41:16 | 000,705,906 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/06/12 06:41:16 | 000,651,590 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/12 06:41:16 | 000,149,448 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/06/12 06:41:16 | 000,122,528 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/12 06:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 06:36:54 | 2411,847,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 06:06:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 06:06:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 18:54:28 | 000,043,008 | ---- | M] () -- C:\Users\erix0.09308119520092684.exe
[2011/06/09 18:47:57 | 000,007,605 | ---- | M] () -- C:\Users\erix\AppData\Local\Resmon.ResmonCfg
[2011/06/09 12:06:08 | 000,200,704 | ---- | M] (ICSharpCode.net) -- C:\Users\erix\Desktop\ICSharpCode.SharpZipLib.dll
[2011/06/09 11:58:30 | 001,403,904 | ---- | M] (Geek Defense Foundation) -- C:\Users\erix\Desktop\LoLLanguageChanger.exe
[2011/06/09 10:51:10 | 000,047,616 | ---- | M] () -- C:\Users\erix0.03520997508100909.exe
[2011/06/08 17:32:44 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/08 17:32:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/06/06 09:14:22 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/06/06 09:14:22 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/06/05 08:18:10 | 008,720,695 | ---- | M] () -- C:\Users\erix\Desktop\07-tosca-boss_on_the_boat-elu.mp3
[2011/06/02 11:16:56 | 300,236,736 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/01 11:39:39 | 000,000,215 | ---- | M] () -- C:\Users\erix\Desktop\Frozen Synapse.url
[2011/05/30 04:13:59 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2011/05/30 04:13:59 | 000,002,155 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2011/05/30 04:13:59 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/30 04:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2011/05/28 14:52:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/26 07:35:13 | 000,001,017 | ---- | M] () -- C:\Users\erix\Desktop\Dropbox.lnk
[2011/05/26 07:35:13 | 000,000,997 | ---- | M] () -- C:\Users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/19 06:41:58 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/19 06:41:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/17 22:11:09 | 000,000,216 | ---- | M] () -- C:\Users\erix\Desktop\Terraria.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/09 18:54:28 | 000,043,008 | ---- | C] () -- C:\Users\erix0.09308119520092684.exe
[2011/06/09 18:47:57 | 000,007,605 | ---- | C] () -- C:\Users\erix\AppData\Local\Resmon.ResmonCfg
[2011/06/09 10:51:09 | 000,047,616 | ---- | C] () -- C:\Users\erix0.03520997508100909.exe
[2011/06/08 17:32:44 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/06/05 08:13:52 | 008,720,695 | ---- | C] () -- C:\Users\erix\Desktop\07-tosca-boss_on_the_boat-elu.mp3
[2011/06/01 11:38:34 | 000,000,215 | ---- | C] () -- C:\Users\erix\Desktop\Frozen Synapse.url
[2011/05/30 04:13:59 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2011/05/30 04:13:59 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
[2011/05/26 07:33:23 | 000,000,997 | ---- | C] () -- C:\Users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/19 06:41:58 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/17 22:11:09 | 000,000,216 | ---- | C] () -- C:\Users\erix\Desktop\Terraria.url
[2011/05/10 06:42:57 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/05/03 09:28:35 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/05/03 09:27:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/02 18:32:00 | 000,000,120 | ---- | C] () -- C:\Users\erix\AppData\Local\Cfovimafey.dat
[2011/05/02 18:32:00 | 000,000,000 | ---- | C] () -- C:\Users\erix\AppData\Local\Ohogomizih.bin
[2011/04/11 09:06:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/04/11 09:05:53 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/04/11 09:05:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/01/11 12:54:38 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/12/29 14:53:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010/10/13 06:23:38 | 000,138,056 | ---- | C] () -- C:\Users\erix\AppData\Roaming\PnkBstrK.sys
[2010/10/07 09:34:46 | 000,019,456 | ---- | C] () -- C:\Users\erix\AppData\Local\WebpageIcons.db
[2010/07/29 12:07:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/29 11:16:38 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010/07/29 11:16:38 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010/07/29 11:16:38 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010/07/28 13:16:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/28 08:20:03 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010/07/28 08:20:03 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/07/28 08:20:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/07/28 08:20:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/07/28 08:20:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/07/28 08:20:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/07/28 08:15:39 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/07/28 08:15:39 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/07/28 08:15:39 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2010/07/28 08:08:52 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2010/07/28 08:08:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2010/07/28 08:08:52 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2010/07/28 08:08:51 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2010/03/23 07:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/07/14 04:47:43 | 000,705,906 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,149,448 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,215,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,651,590 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,122,528 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/01/02 20:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin
========== LOP Check ==========
[2011/04/20 15:38:35 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\.minecraft
[2011/05/10 07:11:12 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Ansca
[2010/07/30 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Canon
[2011/06/06 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Cobra Mobile
[2010/10/06 08:15:46 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\DAEMON Tools Pro
[2011/06/09 16:05:20 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Dropbox
[2011/05/10 13:11:50 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Dwarfs
[2010/11/25 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Dyyno
[2011/06/09 18:54:39 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Emabk
[2010/11/25 14:42:32 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\ExitReality
[2011/06/09 18:54:39 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Fuupzy
[2011/04/10 10:20:42 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\gtk-2.0
[2011/01/03 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Internetmanager
[2010/07/28 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\LolClient
[2010/08/04 04:00:04 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\OpenOffice.org
[2010/11/29 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\runic games
[2011/06/09 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\styler2go
[2010/10/13 08:14:27 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Teeworlds
[2011/01/25 08:48:57 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\TerraTec
[2010/07/29 12:07:38 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Thunderbird
[2011/06/08 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\TS3Client
[2010/12/29 15:13:30 | 000,000,000 | ---D | M] -- C:\Users\erix\AppData\Roaming\Tunngle
[2010/07/28 07:43:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/03 03:20:05 | 000,000,000 | ---D | M] -- C:\ProgramData\bL02400OaPgK02400
[2010/12/06 07:27:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/12/06 07:27:48 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2010/12/06 08:55:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2011/05/16 10:20:25 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2010/10/06 08:11:22 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/07/28 07:43:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/07/28 07:57:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2010/07/28 07:43:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/07 14:28:02 | 000,000,000 | ---D | M] -- C:\ProgramData\id Software
[2010/07/28 07:50:53 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/06/09 18:29:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2011/06/06 16:57:38 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/28 07:43:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/06 16:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/25 08:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2010/12/29 15:32:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/07/28 07:43:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/12/05 10:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2010/08/18 06:55:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/09 16:03:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Was muss ich nun machen um den virus wegzubekommen? bitte um hilfe! Geändert von erix (12.06.2011 um 12:17 Uhr) |
|
12.06.2011, 12:11
| #2 |
| /// Malware-holic   | bka virus +logfiles hi, keins zu sehen, mit winrar oder zip packen, und anhängen geht auch.
__________________
__________________ |
|
12.06.2011, 12:20
| #3 |
| | bka virus +logfiles habs jetzt dabei^^ sorry war wohl zu schnell........ scheiss viren machen mich rknak
__________________ |
|
12.06.2011, 12:36
| #4 |
| /// Malware-holic | bka virus +logfiles hi, dann atme ruhig durch, arbeite in ruhe und mache nur das was da steht, wir bekommen das schon durch. auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\TEMP\0.7420111087137579.exe) - C:\Windows\Temp\0.7420111087137579.exe (BitDefender)
O20 - HKU\erix_ON_C Winlogon: Shell - (C:\Users\erix\AppData\Local\Temp\43F6.tmp) - C:\Users\erix\AppData\Local\Temp\43F6.tmp (BitDefender)
:Files
C:\Users\erix\AppData\Local\Temp\43F6.tmp
C:\Windows\Temp\0.7420111087137579.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 12:41
| #5 |
| | bka virus +logfiles sowiet so gut, nur: wie trage ich den fix manuell ein? load from file geht nicht und wenn ich auf NO clicke passiert nichts !? edit: hat sich erledigt Geändert von erix (12.06.2011 um 13:02 Uhr) |
|
12.06.2011, 12:59
| #6 |
| | bka virus +logfiles hab mit dem uploadchannel hochgeladen, aber hier ist nichts!?!?! |
|
12.06.2011, 13:32
| #7 |
| | bka virus +logfiles ich habs jetzt mal angehangen ! edit: klappt auch nicht -.- |
|
12.06.2011, 13:55
| #8 |
| /// Malware-holic | bka virus +logfiles nein, ist ja logisch das das nicht hier ist, soll sich das wer runter laden und sich mit deiner malware infizieren? deswegen ists in einem passwort geschützetem bereich. danke für den upload! weiter gehts bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 20:15
| #9 |
| | bka virus +logfiles würde ich ja gerne machen, aber nach 5min ungefähr: bluescreen mit text, absturtz ! Was nun? |
|
12.06.2011, 20:16
| #10 |
| /// Malware-holic | bka virus +logfiles starte im abgesicherten modus ohne netzwerk, ist bei pc start meist mit f8 zu erreichen, dort versuchs erneut. falls combofix den pc neustarten sollte, achte darauf erneut im abgesicherten modus zu starten. dann neustart und den inhalt von combofix.txt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 21:16
| #11 |
| | bka virus +logfiles Combofix Logfile: Code:
ATTFilter ComboFix 11-06-11.01 - erix 12.06.2011 22:56:12.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3067.2630 [GMT 2:00]
ausgeführt von:: c:\users\erix\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\Recycle.Bin
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome.manifest
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome\content\_cfg.js
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\chrome\content\overlay.xul
c:\users\erix\AppData\Local\{5AD2E184-68D2-4B21-AF0A-688E0E7680E4}\install.rdf
c:\users\erix\AppData\Roaming\Adobe\plugs
c:\users\erix\AppData\Roaming\Adobe\plugs\mmc244.exe
c:\users\erix\AppData\Roaming\Adobe\plugs\mmc586532.txt
c:\users\erix\AppData\Roaming\Adobe\shed
c:\users\erix\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\erix\AppData\Roaming\Aslih
c:\users\erix\AppData\Roaming\Aslih\neaq.exe
c:\users\erix\AppData\Roaming\Cigoi
c:\users\erix\AppData\Roaming\Cigoi\xifil.tmp
c:\users\erix\AppData\Roaming\Dyyno
c:\users\erix\AppData\Roaming\Dyyno\dyyno.xml
c:\users\erix\AppData\Roaming\Emabk
c:\users\erix\AppData\Roaming\Emabk\omep.wir
c:\users\erix\AppData\Roaming\Fuupzy
c:\users\erix\AppData\Roaming\Fuupzy\foawr.exe
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-12 bis 2011-06-12 ))))))))))))))))))))))))))))))
.
.
2011-06-12 21:02 . 2011-06-12 21:02 -------- d-----w- c:\users\erix\AppData\Local\temp
2011-06-12 21:02 . 2011-06-12 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 18:42 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-06-12 18:42 . 2011-06-12 12:48 -------- d-----w- C:\_OTL
2011-06-09 15:58 . 2011-06-09 17:44 -------- d-----w- c:\users\erix\AppData\Roaming\styler2go
2011-06-08 21:32 . 2011-06-08 21:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-06-08 02:39 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59017971-2C56-412D-A497-6FA51A86F991}\mpengine.dll
2011-06-07 16:08 . 2011-06-07 16:08 -------- d-----w- c:\users\erix\AppData\Local\Redlynx
2011-06-06 13:14 . 2011-06-06 13:14 -------- d-----w- c:\users\erix\AppData\Roaming\Cobra Mobile
2011-06-06 13:14 . 2011-06-06 13:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-06 13:14 . 2011-06-06 13:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-06 13:14 . 2011-06-06 13:14 -------- d-----w- c:\program files\OpenAL
2011-05-31 11:12 . 2011-06-06 20:57 -------- d-----w- c:\programdata\Steam
2011-05-30 08:14 . 2009-12-15 02:46 24192 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2011-05-30 08:14 . 2009-12-15 02:46 13712 ----a-w- c:\windows\system32\sporder.dll
2011-05-30 08:14 . 2009-12-15 02:46 724608 ----a-w- c:\windows\system32\bmutil.dll
2011-05-30 08:14 . 2009-12-15 02:46 480384 ----a-w- c:\windows\system32\bmnet.dll
2011-05-30 08:14 . 2009-12-15 02:46 308352 ----a-w- c:\windows\system32\bminstall.dll
2011-05-30 08:14 . 2009-12-15 02:46 13184 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2011-05-30 08:14 . 2009-12-15 02:46 132224 ----a-w- c:\windows\system32\bmdumpd.bin
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbser.sys
2011-05-30 08:14 . 2010-02-11 03:29 10240 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2011-05-30 08:14 . 2010-02-11 03:29 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2011-05-30 08:13 . 2011-05-30 08:13 -------- d-----w- c:\program files\congstar
2011-05-28 18:52 . 2011-05-28 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 01:25 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 09:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 10:41 . 2011-05-19 10:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-05-02 23:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-05-02 23:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 13:49 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-02 22:32 . 2011-05-02 22:32 0 ----a-w- c:\users\erix\AppData\Local\Ohogomizih.bin
2011-04-11 13:12 . 2011-04-11 13:06 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-11 13:12 . 2011-04-11 13:05 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-11 13:12 . 2010-10-13 10:33 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-11 13:06 . 2010-10-13 10:23 138056 ----a-w- c:\users\erix\AppData\Roaming\PnkBstrK.sys
2011-04-11 13:05 . 2011-04-11 13:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-09 06:02 . 2011-05-11 00:43 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 00:43 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58 . 2011-05-11 00:43 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58 . 2011-05-11 00:43 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58 . 2011-05-11 00:43 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57 . 2011-05-11 00:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57 . 2011-05-11 00:43 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57 . 2011-05-11 00:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57 . 2011-05-11 00:43 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-17 17:31 . 2010-07-28 12:27 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2011-04-14 16:40 . 2011-05-02 08:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\erix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2010-07-28 3557888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-28 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-30 192512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\erix\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files\congstar\Internetmanager\Bin\mcserver.exe [2011-5-30 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^erix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\erix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROCCAT Pyra Mouse]
2009-12-07 21:54 528384 ----a-w- c:\program files\ROCCAT\Pyra Mouse\PyraMonitor.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-04-27 15:00 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vSide Pulse]
2010-10-25 02:59 226816 ----a-w- c:\program files\vSide\Pulse\vSidePulse.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 697328]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-28 22528]
R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2010-07-28 3447296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-02-11 106880]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-02-11 106880]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-02-11 106880]
R3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-11 10240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 13184]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Visit in &3D using ExitReality - hxxp://3d.exitreality.com/TransmogrifyPage.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\erix\AppData\Roaming\Mozilla\Firefox\Profiles\539gp8u2.default\
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-Adobe_ID0ENQBO - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
AddRemove-UDK-9d7dc962-781a-4cdd-b5bd-33183dbba396 - c:\program files\WHITE\Binaries\UnSetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-113096624-3595036245-992598717-1000\Software\SecuROM\License information*]
"datasecu"=hex:ec,cc,44,b2,bc,f4,08,33,5f,2b,e1,f0,bf,e7,3c,02,fa,ac,e9,d6,12,
ed,6f,9f,14,54,19,80,25,32,19,4c,d9,95,bc,25,27,da,5f,2c,32,85,a8,6b,b6,62,\
"rkeysecu"=hex:64,5b,9b,9f,bc,9a,4f,6f,c3,5f,b3,70,80,27,9e,26
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(444)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
Zeit der Fertigstellung: 2011-06-12 23:05:00
ComboFix-quarantined-files.txt 2011-06-12 21:05
.
Vor Suchlauf: 23 Verzeichnis(se), 304.548.556.800 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 304.376.897.536 Bytes frei
.
- - End Of File - - 20AB008427D8A7C97C35EE67B808B63F
P.S.: Virus trat nochmals auf, habe dann die fix.txt nochmals ausgeführt P.P.S.: wenn ich einen Link von google.de öffnen will, öffnet sich immer die selbe seite (irgend ein design verzeichnis oder so!?, zusammenhang?) |
|
12.06.2011, 21:20
| #12 |
| /// Malware-holic | bka virus +logfiles hi, öffne computer öffne c: öffne qoobox rechtsklick quarantain, packen und archiv hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html muss mir da was ansehen, beantworte aber schon mal folgendes: machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc, privat oder beruflich?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 21:23
| #13 |
| | bka virus +logfiles bezahlungen über paypal mache ich! ich befürchte das schlimmste  |
|
12.06.2011, 21:24
| #14 |
| /// Malware-holic | bka virus +logfiles ich kanns noch nicht sagen, aber zu 90 % wirds auf ein format c: rauslaufen. muss mir die dateien noch ansehen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 21:28
| #15 |
| | bka virus +logfiles format c hab ich mir für morgen eh vorgenommen! Nur, kann ich meine Musik und meine Fotos(sehr wichtig da ich die fürs Studium brauche) noch sicherstellen oder sind die auch befallen? |
|
| Themen zu bka virus +logfiles |
| bka virus, canon, doppelklick, entweder, gefunde, launch, logfile, logfiles, mozilla thunderbird, nvlddmkm.sys, oldtimer, otlpe, plug-in, reatogo, sched.exe, searchplugins, sptd.sys, start menu, virus, webcheck, windows |
Linear-Darstellung
