Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Weiterhin Probleme nach BKA-Scareware-Befall

Weiterhin Probleme nach BKA-Scareware-Befall


Log-Analyse und Auswertung: Weiterhin Probleme nach BKA-Scareware-Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.07.2011, 23:37   #1
Guy
 
Weiterhin Probleme nach BKA-Scareware-Befall - Standard

Weiterhin Probleme nach BKA-Scareware-Befall


Hallo,

ich habe mir vorgestern die "BKA"-Scareware eingefangen, die selbst den Abgesicherten Modus erledigt. Über den abgesicherten Modus mit Eingabeaufforderung konnte ich in der Registry den manipulierten Eintrag durch explorer.exe ersetzen. Danach konnte ich zumindest wieder neu starten und den PC wieder normal bedienen.
Habe danach Antivir, Malwarebyte und Spybot durchlaufen lassen und die (wenigen) Treffer entfernen lassen. Danach waren auch erstmal keine weiteren Symptome zu spüren, auch gestern nicht.

Heute allerdings erschien gleich nach dem Hochfahren die Fehlermeldung "explorer.exe funktioniert nicht mehr richtig". Danach wurde gleich der Explorer neugestartet, woraufhin die Meldung erneut erschien, das wiederholte sich dann immer weiter. Eine Bedienung des Computers war dadurch kaum noch möglich. Auch im abgesicherten Modus erschien die Meldung.
Ich habe es dann irgendwann doch noch geschafft, mir das Programm ShellExView runterzuladen. Damit habe ich dann alle nicht zu Microsoft gehörenden Shell-Extensions deaktiviert. Die Fehlermeldung erschien von da an nicht mehr. Ich konnte jedoch nicht herausfinden, welcher Eintrag genau für den Fehler verantwortlich war.

Im Moment läuft eigentlich alles wieder einwandfrei, dennoch ist klar, dass noch irgendwo etwas im Argen liegt. Daher wollte ich mein System mal durchchecken lassen.

System: Vista SP 2 32 Bit

Defogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:55 on 20/07/2011 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.07.2011 23:18:51 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,80% Memory free
6,21 Gb Paging File | 5,00 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,63 Gb Total Space | 72,95 Gb Free Space | 31,91% Space Free | Partition Type: NTFS
Drive J: | 223,45 Gb Total Space | 2,58 Gb Free Space | 1,16% Space Free | Partition Type: NTFS
 
Computer Name: ***PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Targa VFD Display\Targa VFD Display.exe (Ing.-Büro Dr. Ruge)
PRC - C:\Windows\ModLEDKey.exe (Chicony)
PRC - C:\Windows\CNYHKey.exe (Chicony)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (CheckStage2_svc) -- C:\Windows\CheckStage2.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (A/WLAN-1)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK)
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 2D DC C2 7D 1A CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60141
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60141
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 14:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.27 14:01:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5015
 
[2010.06.12 16:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.20 15:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions
[2010.06.13 16:43:48 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010.06.25 00:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.23 17:40:45 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.08.15 14:56:40 | 000,000,000 | ---D | M] ("FootieFox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
[2010.07.25 14:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.27 20:24:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.05 10:58:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.22 16:36:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\firefox@tvunetworks.com
[2010.06.13 16:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010.06.13 11:01:21 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ntxe4yam.default\searchplugins\youtube.xml
[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007.11.25 16:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008.03.09 10:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008.08.12 12:18:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.10 11:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.05 19:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.03 18:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.12.01 21:06:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.10 09:37:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.12.05 16:27:46 | 001,689,824 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp415.dll
[2007.11.16 09:54:08 | 002,090,976 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp41629.dll
[2006.04.28 12:22:26 | 000,719,064 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv415.dll
[2007.11.22 10:50:49 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv41629.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2011.03.25 09:17:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.25 09:17:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.25 09:17:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.25 09:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.25 09:17:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.20 01:25:29 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14995 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll (Xi)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll (Xi)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony)
O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.76 81.173.194.69
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\AutoRun\command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Explore\Command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Open\Command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7t.dll
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk - C:\Programme\EA Sports\FIFA 11\Support\EAregister.exe - (Leader Technologies)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Getdo - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg:  Malwarebytes Anti-Malware  (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemonTool - hkey= - key= -  File not found
MsConfig - StartUpReg: Olelink - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Ricycle.Bin.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Userinit - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.20 23:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011.07.20 22:57:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.20 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\totalcmd
[2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2009.03.18 00:50:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.20 23:07:16 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.20 23:07:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.20 23:07:16 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.20 23:07:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.20 23:06:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001UA.job
[2011.07.20 23:01:35 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.20 23:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.20 23:00:51 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.07.20 23:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.20 23:00:44 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.20 22:59:26 | 000,000,506 | ---- | M] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk
[2011.07.20 22:56:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.20 22:54:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.07.20 22:54:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.07.20 22:42:02 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011.07.20 22:40:24 | 000,325,611 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2011.07.20 22:39:42 | 000,281,777 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2011.07.20 22:29:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.20 22:28:35 | 000,000,615 | ---- | M] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk
[2011.07.20 22:23:19 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2011.07.20 22:13:38 | 000,000,584 | ---- | M] () -- C:\Users\***\Desktop\Total Commander.lnk
[2011.07.20 21:29:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job
[2011.07.20 15:43:25 | 000,052,736 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.20 10:02:50 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001Core.job
[2011.07.20 01:25:29 | 000,435,677 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.19 23:26:11 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.07.19 23:00:25 | 000,001,724 | ---- | M] () -- C:\Users\***\Desktop\Trillian.lnk
[2011.07.15 10:07:57 | 000,002,047 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011.07.14 15:24:30 | 000,287,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.07.20 22:59:26 | 000,000,506 | ---- | C] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk
[2011.07.20 22:55:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.07.20 22:54:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.07.20 22:40:24 | 000,325,611 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2011.07.20 22:39:42 | 000,281,777 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2011.07.20 22:28:35 | 000,000,615 | ---- | C] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk
[2011.07.20 22:23:19 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2011.07.20 22:13:38 | 000,000,584 | ---- | C] () -- C:\Users\***\Desktop\Total Commander.lnk
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011.07.20 22:00:17 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011.07.20 21:33:04 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.29 22:51:14 | 000,000,563 | ---- | C] () -- C:\Windows\eReg.dat
[2011.03.21 11:53:46 | 000,005,743 | ---- | C] () -- C:\Users\***\AppData\Roaming\E9EA.9A6
[2010.06.12 16:08:08 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.11 02:05:15 | 000,000,032 | --S- | C] () -- C:\Users\***\AppData\Local\909563405.dat
[2010.02.17 13:44:15 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat
[2010.01.28 02:31:41 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2010.01.07 22:35:36 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.07 22:35:08 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.07 11:56:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.01.07 00:34:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.07 00:34:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.29 17:46:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009.08.30 16:20:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.03.18 00:50:32 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.03.18 00:50:32 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.09.30 23:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.08.03 16:59:04 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2008.07.29 17:21:20 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008.02.28 10:18:12 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2007.12.13 23:37:18 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.12.13 23:37:16 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.12.13 23:37:15 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.11.16 17:29:23 | 000,001,688 | ---- | C] () -- C:\Windows\unins000.dat
[2007.09.21 16:16:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2007.09.18 15:00:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.13 11:07:41 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.07.13 11:07:40 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.07.13 11:07:40 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.07.13 11:07:40 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.07.13 11:07:40 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.07.13 11:07:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.06.05 21:12:20 | 000,052,736 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.01 23:15:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.01 22:58:14 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.05.10 12:48:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.04.30 14:10:35 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE
[2007.04.30 13:58:08 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.04.30 11:58:56 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.04.30 10:35:05 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2007.04.30 10:35:05 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll
[2007.04.30 10:35:05 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini
[2007.04.30 10:22:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2007.04.30 10:22:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2007.04.30 10:22:41 | 000,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2007.04.30 10:22:41 | 000,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2007.04.25 11:51:38 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.04.11 12:31:51 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2007.02.22 16:34:41 | 000,462,848 | ---- | C] () -- C:\Windows\CheckStage2.exe
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,287,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2002.02.10 02:00:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
 
========== LOP Check ==========
 
[2011.03.15 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\667011
[2010.07.18 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.08.30 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2010.06.03 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.07.25 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.31 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flatcast
[2011.07.20 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2009.03.10 00:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.11.27 02:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KlipFolio
[2009.08.30 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.03.18 01:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2007.07.24 20:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecondLife
[2009.02.26 22:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2009.04.10 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2009.03.18 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2008.10.01 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xi
[2011.07.20 22:59:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.05.09 10:20:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.18 22:52:30 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.14 15:19:04 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.02.12 16:47:51 | 000,000,000 | ---D | M] -- C:\Filme
[2007.12.23 13:56:44 | 000,000,000 | ---D | M] -- C:\Fotos Hochzeit Schaaf
[2008.04.25 18:21:20 | 000,000,000 | ---D | M] -- C:\MyWorks
[2007.10.10 00:46:54 | 000,000,000 | ---D | M] -- C:\No23Recorder
[2010.01.06 18:52:49 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.20 22:00:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.02.21 20:59:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.07.29 18:13:46 | 000,000,000 | ---D | M] -- C:\spiele
[2011.07.20 23:20:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.05.30 14:53:36 | 000,000,000 | ---D | M] -- C:\Temp
[2011.07.20 22:13:37 | 000,000,000 | ---D | M] -- C:\totalcmd
[2007.06.01 17:49:36 | 000,000,000 | R--D | M] -- C:\Users
[2010.07.18 16:54:29 | 000,000,000 | ---D | M] -- C:\vom alten PC
[2011.07.20 22:41:02 | 000,000,000 | ---D | M] -- C:\Windows
[2009.02.28 18:43:49 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123}
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 06:13:08
 
<           >

< End of report >
--- --- ---


Extras.txt wurde nicht erstellt.

Gmer.txt:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-21 00:14:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 WDC_WD50 rev.12.0
Running: 2lyv44my.exe; Driver: C:\Users\***\AppData\Local\Temp\uwloipoc.sys


---- System - GMER 1.0.15 ----

SSDT            A0C37DBC                                                                                                   ZwCreateThread
SSDT            A0C37DA8                                                                                                   ZwOpenProcess
SSDT            A0C37DAD                                                                                                   ZwOpenThread
SSDT            A0C37DB7                                                                                                   ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                              822EF9A4 4 Bytes  [BC, 7D, C3, A0]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                              822EFB74 4 Bytes  [A8, 7D, C3, A0]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                              822EFB90 4 Bytes  [AD, 7D, C3, A0]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                              822EFDA4 4 Bytes  [B7, 7D, C3, A0]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[5520] ntdll.dll!LdrLoadDll                                    777593A8 5 Bytes  JMP 013313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                   fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                    0x55 0x10 0xD7 0xCE ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!s!\30!y!d!j!c!i!\24!\24!r!m!m!c!y!  19583823

---- EOF - GMER 1.0.15 ----
--- --- ---



Ich hatte schon vorher ein paar mal kleinere Probleme mit Viren/Trojanern, habe da nach der Säuberung aber keine Langzeitfolgen mehr feststellen können. Dies jetzt war aber der wohl bislang mit Abstand heftigste Befall. Früher oder später werde ich wohl nicht um ein Neuaufsetzen herumkommen, aber nach Möglichkeit will ich vorher noch in Ruhe alles Wichtige sichern...

Vielen Dank schonmal im Voraus!

 

Themen zu Weiterhin Probleme nach BKA-Scareware-Befall
0x00000001, 80-100, adblock, antivir, autorun, avira, bedienung, bho, bka trojaner, bonjour, c:\windows\system32\rundll32.exe, converter, entfernen, excel, excel.exe, explorer.exe, fehlermeldung, firefox, format, funktioniert nicht mehr, google earth, hijack, home, langs, logfile, mp3, ntdll.dll, nvlddmkm.sys, programm, registry, rundll, safer networking, scan, sched.exe, security, software, start menu, starten, system, usb, version=1.0, vista


« gomeo malware | Bin ich teil eines Botnetz? - Was machen? -HijackThis Log dabei! »


Ähnliche Themen: Weiterhin Probleme nach BKA-Scareware-Befall


  1. HDD Repair - nach Anleitung entfernt - weiterhin Probleme
    Log-Analyse und Auswertung - 18.11.2012 (28)
  2. Bundespolizei Scareware Befall *mit OTL-Logdatei*
    Log-Analyse und Auswertung - 27.10.2011 (1)
  3. XP-Recovery entfernt, aber weiterhin Probleme
    Log-Analyse und Auswertung - 10.06.2011 (1)
  4. Ultra-Defragger | nach Forenanleitung entfernt, weiterhin Probleme!
    Log-Analyse und Auswertung - 18.04.2011 (5)
  5. Probleme nach Windows Recovery Malware Befall
    Log-Analyse und Auswertung - 07.04.2011 (37)
  6. Nach Neueinrichtung weiterhin Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2011 (3)
  7. Weiterhin Probleme nach Entfernen von Ultimate Defragger
    Log-Analyse und Auswertung - 21.11.2010 (35)
  8. Nach "Antimalware Doctor" weiterhin Probleme
    Log-Analyse und Auswertung - 08.08.2010 (33)
  9. Nach Antimalware Doctor weiterhin Probleme: 1. AntiVir funktioniert nicht mehr 2. Explorer und Mozil
    Log-Analyse und Auswertung - 01.08.2010 (28)
  10. Nach "Antimalware Doctor"-Befall weiterhin Probleme
    Log-Analyse und Auswertung - 26.07.2010 (7)
  11. Verschiedene Probleme nach Befall
    Log-Analyse und Auswertung - 01.05.2010 (42)
  12. Weiterhin Probleme trotz Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 01.06.2009 (0)
  13. Nach Trojaner-Befall Probleme mit einigen Seiten
    Plagegeister aller Art und deren Bekämpfung - 18.08.2008 (3)
  14. Probleme nach crypt.XPACK..gen Befall
    Log-Analyse und Auswertung - 17.05.2008 (1)
  15. Immer noch Probleme nach Bagle befall
    Log-Analyse und Auswertung - 23.02.2007 (15)
  16. weiterhin Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.11.2005 (7)
  17. Weiterhin Probleme durch Tibick
    Plagegeister aller Art und deren Bekämpfung - 29.10.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Weiterhin Probleme nach BKA-Scareware-Befall - Hallo, ich habe mir vorgestern die "BKA"-Scareware eingefangen, die selbst den Abgesicherten Modus erledigt. Über den abgesicherten Modus mit Eingabeaufforderung konnte ich in der Registry den manipulierten Eintrag durch explorer.exe - Weiterhin Probleme nach BKA-Scareware-Befall...
Archiv
Du betrachtest: Weiterhin Probleme nach BKA-Scareware-Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19