| |
| |||||||
Log-Analyse und Auswertung: Weiterhin Probleme nach BKA-Scareware-BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.07.2011, 23:37
| #1 | |
 |  Weiterhin Probleme nach BKA-Scareware-Befall Hallo, ich habe mir vorgestern die "BKA"-Scareware eingefangen, die selbst den Abgesicherten Modus erledigt. Über den abgesicherten Modus mit Eingabeaufforderung konnte ich in der Registry den manipulierten Eintrag durch explorer.exe ersetzen. Danach konnte ich zumindest wieder neu starten und den PC wieder normal bedienen. Habe danach Antivir, Malwarebyte und Spybot durchlaufen lassen und die (wenigen) Treffer entfernen lassen. Danach waren auch erstmal keine weiteren Symptome zu spüren, auch gestern nicht. Heute allerdings erschien gleich nach dem Hochfahren die Fehlermeldung "explorer.exe funktioniert nicht mehr richtig". Danach wurde gleich der Explorer neugestartet, woraufhin die Meldung erneut erschien, das wiederholte sich dann immer weiter. Eine Bedienung des Computers war dadurch kaum noch möglich. Auch im abgesicherten Modus erschien die Meldung. Ich habe es dann irgendwann doch noch geschafft, mir das Programm ShellExView runterzuladen. Damit habe ich dann alle nicht zu Microsoft gehörenden Shell-Extensions deaktiviert. Die Fehlermeldung erschien von da an nicht mehr. Ich konnte jedoch nicht herausfinden, welcher Eintrag genau für den Fehler verantwortlich war. Im Moment läuft eigentlich alles wieder einwandfrei, dennoch ist klar, dass noch irgendwo etwas im Argen liegt. Daher wollte ich mein System mal durchchecken lassen. System: Vista SP 2 32 Bit Defogger: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2011 23:18:51 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,80% Memory free 6,21 Gb Paging File | 5,00 Gb Available in Paging File | 80,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 228,63 Gb Total Space | 72,95 Gb Free Space | 31,91% Space Free | Partition Type: NTFS Drive J: | 223,45 Gb Total Space | 2,58 Gb Free Space | 1,16% Space Free | Partition Type: NTFS Computer Name: ***PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Programme\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.) PRC - C:\Programme\Targa VFD Display\Targa VFD Display.exe (Ing.-Büro Dr. Ruge) PRC - C:\Windows\ModLEDKey.exe (Chicony) PRC - C:\Windows\CNYHKey.exe (Chicony) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio) SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () SRV - (CheckStage2_svc) -- C:\Windows\CheckStage2.exe () SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (A/WLAN-1) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK) DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 2D DC C2 7D 1A CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60141 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 60141 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 14:01:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.27 14:01:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5015 [2010.06.12 16:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.07.20 15:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions [2010.06.13 16:43:48 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010.06.25 00:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.23 17:40:45 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2010.08.15 14:56:40 | 000,000,000 | ---D | M] ("FootieFox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.07.25 14:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.27 20:24:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.05 10:58:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.01.22 16:36:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\firefox@tvunetworks.com [2010.06.13 16:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions [2010.06.13 11:01:21 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ntxe4yam.default\searchplugins\youtube.xml [2011.06.28 08:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2007.11.25 16:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008.03.09 10:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008.08.12 12:18:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.10 11:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.05 19:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.09.03 18:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.01 21:06:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.10 09:37:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.12.05 16:27:46 | 001,689,824 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp415.dll [2007.11.16 09:54:08 | 002,090,976 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp41629.dll [2006.04.28 12:22:26 | 000,719,064 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv415.dll [2007.11.22 10:50:49 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv41629.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2011.03.25 09:17:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.25 09:17:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.25 09:17:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.25 09:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.25 09:17:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.20 01:25:29 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14995 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll (Xi) O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll (Xi) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony) O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.76 81.173.194.69 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\AutoRun\command - "" = K:\System\Security\DriveGuard.exe -run O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Explore\Command - "" = K:\System\Security\DriveGuard.exe -run O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Open\Command - "" = K:\System\Security\DriveGuard.exe -run O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7t.dll ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk - C:\Programme\EA Sports\FIFA 11\Support\EAregister.exe - (Leader Technologies) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Getdo - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: NvCplDaemonTool - hkey= - key= - File not found MsConfig - StartUpReg: Olelink - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: Ricycle.Bin.exe - hkey= - key= - File not found MsConfig - StartUpReg: Userinit - hkey= - key= - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.20 23:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011.07.20 22:57:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.20 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GHISLER [2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2009.03.18 00:50:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2011.07.20 23:07:16 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.20 23:07:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.20 23:07:16 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.20 23:07:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.20 23:06:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001UA.job [2011.07.20 23:01:35 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.20 23:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.20 23:00:51 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.07.20 23:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.20 23:00:44 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2011.07.20 22:59:26 | 000,000,506 | ---- | M] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk [2011.07.20 22:56:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.20 22:54:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.07.20 22:54:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.20 22:42:02 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011.07.20 22:40:24 | 000,325,611 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache [2011.07.20 22:39:42 | 000,281,777 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache [2011.07.20 22:29:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.20 22:28:35 | 000,000,615 | ---- | M] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk [2011.07.20 22:23:19 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2011.07.20 22:13:38 | 000,000,584 | ---- | M] () -- C:\Users\***\Desktop\Total Commander.lnk [2011.07.20 21:29:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job [2011.07.20 15:43:25 | 000,052,736 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.20 10:02:50 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001Core.job [2011.07.20 01:25:29 | 000,435,677 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.07.19 23:26:11 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.07.19 23:00:25 | 000,001,724 | ---- | M] () -- C:\Users\***\Desktop\Trillian.lnk [2011.07.15 10:07:57 | 000,002,047 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2011.07.14 15:24:30 | 000,287,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.07.20 22:59:26 | 000,000,506 | ---- | C] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk [2011.07.20 22:55:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.20 22:54:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.07.20 22:40:24 | 000,325,611 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2011.07.20 22:39:42 | 000,281,777 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2011.07.20 22:28:35 | 000,000,615 | ---- | C] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk [2011.07.20 22:23:19 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2011.07.20 22:13:38 | 000,000,584 | ---- | C] () -- C:\Users\***\Desktop\Total Commander.lnk [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.07.20 22:00:17 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011.07.20 21:33:04 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2011.05.29 22:51:14 | 000,000,563 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.21 11:53:46 | 000,005,743 | ---- | C] () -- C:\Users\***\AppData\Roaming\E9EA.9A6 [2010.06.12 16:08:08 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.06.11 02:05:15 | 000,000,032 | --S- | C] () -- C:\Users\***\AppData\Local\909563405.dat [2010.02.17 13:44:15 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat [2010.01.28 02:31:41 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini [2010.01.07 22:35:36 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.01.07 22:35:08 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.01.07 11:56:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.01.07 00:34:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.01.07 00:34:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.29 17:46:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2009.08.30 16:20:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.03.18 00:50:32 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.03.18 00:50:32 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.09.30 23:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2008.08.03 16:59:04 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2008.07.29 17:21:20 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2008.02.28 10:18:12 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2007.12.13 23:37:18 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.12.13 23:37:16 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.12.13 23:37:15 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.11.16 17:29:23 | 000,001,688 | ---- | C] () -- C:\Windows\unins000.dat [2007.09.21 16:16:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2007.09.18 15:00:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.13 11:07:41 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.07.13 11:07:40 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2007.07.13 11:07:40 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2007.07.13 11:07:40 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2007.07.13 11:07:40 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2007.07.13 11:07:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.06.05 21:12:20 | 000,052,736 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.01 23:15:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.06.01 22:58:14 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.05.10 12:48:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.04.30 14:10:35 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE [2007.04.30 13:58:08 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe [2007.04.30 11:58:56 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.04.30 10:35:05 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll [2007.04.30 10:35:05 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll [2007.04.30 10:35:05 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini [2007.04.30 10:22:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2007.04.30 10:22:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2007.04.30 10:22:41 | 000,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL [2007.04.30 10:22:41 | 000,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe [2007.04.25 11:51:38 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.04.11 12:31:51 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2007.02.22 16:34:41 | 000,462,848 | ---- | C] () -- C:\Windows\CheckStage2.exe [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,287,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2002.02.10 02:00:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe ========== LOP Check ========== [2011.03.15 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\667011 [2010.07.18 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2009.08.30 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2010.06.03 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.07.25 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.31 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flatcast [2011.07.20 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2009.03.10 00:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2009.11.27 02:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KlipFolio [2009.08.30 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.03.18 01:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2007.07.24 20:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecondLife [2009.02.26 22:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2009.04.10 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2009.03.18 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2008.10.01 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xi [2011.07.20 22:59:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.09 10:20:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.06.18 22:52:30 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.02.14 15:19:04 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2008.02.12 16:47:51 | 000,000,000 | ---D | M] -- C:\Filme [2007.12.23 13:56:44 | 000,000,000 | ---D | M] -- C:\Fotos Hochzeit Schaaf [2008.04.25 18:21:20 | 000,000,000 | ---D | M] -- C:\MyWorks [2007.10.10 00:46:54 | 000,000,000 | ---D | M] -- C:\No23Recorder [2010.01.06 18:52:49 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.20 22:00:16 | 000,000,000 | R--D | M] -- C:\Program Files [2011.02.21 20:59:56 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Programme [2008.07.29 18:13:46 | 000,000,000 | ---D | M] -- C:\spiele [2011.07.20 23:20:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.30 14:53:36 | 000,000,000 | ---D | M] -- C:\Temp [2011.07.20 22:13:37 | 000,000,000 | ---D | M] -- C:\totalcmd [2007.06.01 17:49:36 | 000,000,000 | R--D | M] -- C:\Users [2010.07.18 16:54:29 | 000,000,000 | ---D | M] -- C:\vom alten PC [2011.07.20 22:41:02 | 000,000,000 | ---D | M] -- C:\Windows [2009.02.28 18:43:49 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123} < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 06:13:08 < > < End of report > Extras.txt wurde nicht erstellt. Gmer.txt: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-21 00:14:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 WDC_WD50 rev.12.0
Running: 2lyv44my.exe; Driver: C:\Users\***\AppData\Local\Temp\uwloipoc.sys
---- System - GMER 1.0.15 ----
SSDT A0C37DBC ZwCreateThread
SSDT A0C37DA8 ZwOpenProcess
SSDT A0C37DAD ZwOpenThread
SSDT A0C37DB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 822EF9A4 4 Bytes [BC, 7D, C3, A0]
.text ntkrnlpa.exe!KeSetEvent + 3F1 822EFB74 4 Bytes [A8, 7D, C3, A0]
.text ntkrnlpa.exe!KeSetEvent + 40D 822EFB90 4 Bytes [AD, 7D, C3, A0]
.text ntkrnlpa.exe!KeSetEvent + 621 822EFDA4 4 Bytes [B7, 7D, C3, A0]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5520] ntdll.dll!LdrLoadDll 777593A8 5 Bytes JMP 013313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x55 0x10 0xD7 0xCE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!s!\30!y!d!j!c!i!\24!\24!r!m!m!c!y! 19583823
---- EOF - GMER 1.0.15 ----
Ich hatte schon vorher ein paar mal kleinere Probleme mit Viren/Trojanern, habe da nach der Säuberung aber keine Langzeitfolgen mehr feststellen können. Dies jetzt war aber der wohl bislang mit Abstand heftigste Befall. Früher oder später werde ich wohl nicht um ein Neuaufsetzen herumkommen, aber nach Möglichkeit will ich vorher noch in Ruhe alles Wichtige sichern... Vielen Dank schonmal im Voraus!  |
|
21.07.2011, 10:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weiterhin Probleme nach BKA-Scareware-BefallZitat:
__________________ |
|
21.07.2011, 12:35
| #3 |
| | Weiterhin Probleme nach BKA-Scareware-Befall Alle, die noch verfügbar sind? Das sind ca. 20 seit 2008. Werden die irgendwo so gespeichert, dass ich sie gesammelt hochladen kann, oder muss ich sie alle jeweils einzeln rauskopieren und als Datei speichern?
__________________ |
|
21.07.2011, 12:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Schau hier nach C:\Users\(USER)\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2011, 12:49
| #5 |
| | Weiterhin Probleme nach BKA-Scareware-Befall Danke. Ich mache noch einen erneuten Scan und poste sie danach. |
|
21.07.2011, 12:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Bitte pack alle zusammen in eine einzige ZIP-Datei dann. Ich will nicht hier 20 Dateien einzeln downloaden
__________________ --> Weiterhin Probleme nach BKA-Scareware-Befall |
|
21.07.2011, 13:04
| #7 |
| | Weiterhin Probleme nach BKA-Scareware-Befall Klar, wird gemacht. |
|
21.07.2011, 15:04
| #8 |
| | Weiterhin Probleme nach BKA-Scareware-Befall So, hier nun nach dem neuesten (ergebnislosen) Scan alle verfügbaren Logs. Wo mehrere vom selben Datum vorhanden sind, wurden die früheren wohl in der Regel (wie heute) abgebrochen. Den heutigen Scan habe ich im abgesicherten Modus durchgeführt, weil es dort deutlich schneller geht. Werden dadurch auch bestimmte Sachen nicht gefunden, weil die entsprechenden Prozesse ggf. nicht aktiv sind? |
|
21.07.2011, 15:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60141
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\AutoRun\command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Explore\Command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Open\Command - "" = K:\System\Security\DriveGuard.exe -run
O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
[2011.03.21 11:53:46 | 000,005,743 | ---- | C] () -- C:\Users\***\AppData\Roaming\E9EA.9A6
[2011.03.15 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\667011
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2011, 17:04
| #10 |
| | Weiterhin Probleme nach BKA-Scareware-Befall Das OTL Fix-Log: Code:
ATTFilter ========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60141 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.
File K:\System\Security\DriveGuard.exe -run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.
File K:\System\Security\DriveGuard.exe -run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.
File K:\System\Security\DriveGuard.exe -run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.
C:\Users\Thomas\AppData\Roaming\E9EA.9A6 moved successfully.
C:\Users\Thomas\AppData\Roaming\667011 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 07212011_180222
|
|
21.07.2011, 18:06
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2011, 18:10
| #12 |
| | Weiterhin Probleme nach BKA-Scareware-BefallCode:
ATTFilter 2011/07/21 19:09:05.0493 2248 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/21 19:09:05.0905 2248 ================================================================================
2011/07/21 19:09:05.0905 2248 SystemInfo:
2011/07/21 19:09:05.0905 2248
2011/07/21 19:09:05.0906 2248 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/21 19:09:05.0906 2248 Product type: Workstation
2011/07/21 19:09:05.0906 2248 ComputerName: THOMASPC
2011/07/21 19:09:05.0906 2248 UserName: Thomas
2011/07/21 19:09:05.0906 2248 Windows directory: C:\Windows
2011/07/21 19:09:05.0906 2248 System windows directory: C:\Windows
2011/07/21 19:09:05.0906 2248 Processor architecture: Intel x86
2011/07/21 19:09:05.0906 2248 Number of processors: 2
2011/07/21 19:09:05.0906 2248 Page size: 0x1000
2011/07/21 19:09:05.0906 2248 Boot type: Normal boot
2011/07/21 19:09:05.0906 2248 ================================================================================
2011/07/21 19:09:06.0684 2248 Initialize success
2011/07/21 19:09:37.0070 4952 ================================================================================
2011/07/21 19:09:37.0070 4952 Scan started
2011/07/21 19:09:37.0070 4952 Mode: Manual;
2011/07/21 19:09:37.0070 4952 ================================================================================
2011/07/21 19:09:37.0627 4952 3xHybrid (b1e652b9e5cb8e28d3686299944dbcd3) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/07/21 19:09:37.0846 4952 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/21 19:09:37.0977 4952 ADIHdAudAddService (18214c7b97ae093a6631a2fba4129f68) C:\Windows\system32\drivers\ADIHdAud.sys
2011/07/21 19:09:38.0082 4952 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/21 19:09:38.0148 4952 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/21 19:09:38.0202 4952 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/21 19:09:38.0292 4952 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/21 19:09:38.0358 4952 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/21 19:09:38.0399 4952 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/21 19:09:38.0435 4952 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/21 19:09:38.0542 4952 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/21 19:09:38.0633 4952 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/21 19:09:38.0703 4952 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/21 19:09:38.0760 4952 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/21 19:09:38.0826 4952 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/21 19:09:38.0905 4952 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/21 19:09:38.0995 4952 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/21 19:09:39.0078 4952 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/21 19:09:39.0123 4952 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/21 19:09:39.0186 4952 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys
2011/07/21 19:09:39.0332 4952 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/21 19:09:39.0465 4952 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/21 19:09:39.0543 4952 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/21 19:09:39.0612 4952 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/21 19:09:39.0719 4952 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/21 19:09:39.0784 4952 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/21 19:09:39.0835 4952 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/21 19:09:39.0876 4952 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/21 19:09:39.0930 4952 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/21 19:09:39.0969 4952 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/21 19:09:40.0013 4952 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/21 19:09:40.0046 4952 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/21 19:09:40.0111 4952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/21 19:09:40.0147 4952 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/21 19:09:40.0207 4952 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/21 19:09:40.0307 4952 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/21 19:09:40.0397 4952 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/21 19:09:40.0453 4952 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/07/21 19:09:40.0507 4952 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/21 19:09:40.0605 4952 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/21 19:09:40.0704 4952 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/21 19:09:40.0769 4952 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/21 19:09:40.0839 4952 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/21 19:09:40.0952 4952 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/21 19:09:41.0015 4952 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/21 19:09:41.0101 4952 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/21 19:09:41.0209 4952 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/21 19:09:41.0312 4952 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/21 19:09:41.0384 4952 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/21 19:09:41.0470 4952 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/21 19:09:41.0545 4952 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/21 19:09:41.0593 4952 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/21 19:09:41.0639 4952 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/21 19:09:41.0684 4952 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/21 19:09:41.0755 4952 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/21 19:09:41.0798 4952 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/21 19:09:41.0838 4952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/21 19:09:41.0894 4952 ggflt (4b5fddbcb9407741f47818b8d1ee4a8e) C:\Windows\system32\DRIVERS\ggflt.sys
2011/07/21 19:09:41.0934 4952 ggsemc (80bbcc9724b24a708ca9489c1e0a1e5f) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/07/21 19:09:42.0074 4952 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/21 19:09:42.0151 4952 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/21 19:09:42.0182 4952 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/21 19:09:42.0211 4952 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/21 19:09:42.0272 4952 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/21 19:09:42.0329 4952 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/21 19:09:42.0375 4952 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/21 19:09:42.0462 4952 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/21 19:09:42.0557 4952 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/21 19:09:42.0586 4952 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/21 19:09:42.0635 4952 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/21 19:09:42.0696 4952 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/21 19:09:42.0759 4952 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/21 19:09:42.0817 4952 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/21 19:09:42.0903 4952 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/21 19:09:42.0969 4952 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/21 19:09:43.0027 4952 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/21 19:09:43.0100 4952 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/21 19:09:43.0168 4952 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/21 19:09:43.0291 4952 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/21 19:09:43.0363 4952 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/21 19:09:43.0421 4952 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
2011/07/21 19:09:43.0472 4952 JRAID (f4a31e66a61c0783f51157519b03280b) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/21 19:09:43.0518 4952 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/21 19:09:43.0569 4952 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/21 19:09:43.0642 4952 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/21 19:09:43.0803 4952 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/21 19:09:43.0923 4952 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/21 19:09:44.0001 4952 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/21 19:09:44.0081 4952 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/21 19:09:44.0144 4952 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/21 19:09:44.0199 4952 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/21 19:09:44.0283 4952 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/21 19:09:44.0332 4952 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/21 19:09:44.0374 4952 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/21 19:09:44.0491 4952 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/21 19:09:44.0571 4952 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/21 19:09:44.0639 4952 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/21 19:09:44.0721 4952 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/21 19:09:44.0803 4952 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/21 19:09:44.0918 4952 MRV6X32U (028a9ae788c9b43cb95384d803bd233d) C:\Windows\system32\DRIVERS\MRVW23B.sys
2011/07/21 19:09:44.0992 4952 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/21 19:09:45.0077 4952 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/21 19:09:45.0196 4952 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/21 19:09:45.0244 4952 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/21 19:09:45.0294 4952 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/21 19:09:45.0343 4952 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/21 19:09:45.0500 4952 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/21 19:09:45.0544 4952 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/21 19:09:45.0625 4952 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/21 19:09:45.0672 4952 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/21 19:09:45.0708 4952 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/21 19:09:45.0870 4952 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/21 19:09:45.0972 4952 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/21 19:09:46.0049 4952 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/21 19:09:46.0085 4952 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/21 19:09:46.0164 4952 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/21 19:09:46.0229 4952 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/21 19:09:46.0293 4952 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/21 19:09:46.0329 4952 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/21 19:09:46.0378 4952 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/21 19:09:46.0442 4952 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/21 19:09:46.0547 4952 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/21 19:09:46.0598 4952 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/21 19:09:46.0676 4952 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/21 19:09:46.0720 4952 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/21 19:09:46.0768 4952 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/21 19:09:46.0908 4952 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/21 19:09:47.0030 4952 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/21 19:09:47.0080 4952 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/21 19:09:47.0172 4952 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/21 19:09:47.0714 4952 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/21 19:09:48.0000 4952 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/21 19:09:48.0065 4952 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/07/21 19:09:48.0123 4952 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/21 19:09:48.0158 4952 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/21 19:09:48.0298 4952 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/21 19:09:48.0357 4952 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/21 19:09:48.0404 4952 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/21 19:09:48.0462 4952 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/21 19:09:48.0533 4952 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/21 19:09:48.0597 4952 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/21 19:09:48.0673 4952 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/21 19:09:48.0760 4952 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/21 19:09:49.0000 4952 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/21 19:09:49.0069 4952 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/21 19:09:49.0149 4952 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/21 19:09:49.0189 4952 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/21 19:09:49.0270 4952 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/21 19:09:49.0366 4952 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/21 19:09:49.0440 4952 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/21 19:09:49.0487 4952 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/21 19:09:49.0552 4952 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/21 19:09:49.0642 4952 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/21 19:09:49.0688 4952 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/21 19:09:49.0766 4952 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/21 19:09:49.0829 4952 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/21 19:09:49.0886 4952 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/21 19:09:49.0936 4952 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/21 19:09:49.0993 4952 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/21 19:09:50.0263 4952 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/21 19:09:50.0320 4952 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/07/21 19:09:50.0363 4952 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/07/21 19:09:50.0408 4952 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/07/21 19:09:50.0461 4952 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/07/21 19:09:50.0533 4952 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/07/21 19:09:50.0581 4952 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/07/21 19:09:50.0643 4952 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/07/21 19:09:50.0706 4952 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/21 19:09:50.0775 4952 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/21 19:09:50.0838 4952 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/21 19:09:50.0867 4952 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/21 19:09:50.0908 4952 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/21 19:09:50.0977 4952 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/21 19:09:51.0018 4952 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/21 19:09:51.0050 4952 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/21 19:09:51.0084 4952 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/21 19:09:51.0128 4952 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/21 19:09:51.0178 4952 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/21 19:09:51.0224 4952 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/21 19:09:51.0275 4952 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/21 19:09:51.0330 4952 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/07/21 19:09:51.0404 4952 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/21 19:09:51.0475 4952 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/21 19:09:51.0506 4952 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/21 19:09:51.0528 4952 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/21 19:09:51.0600 4952 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/21 19:09:51.0654 4952 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/21 19:09:51.0689 4952 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/21 19:09:51.0716 4952 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/21 19:09:51.0752 4952 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/21 19:09:51.0854 4952 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/21 19:09:51.0908 4952 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/21 19:09:51.0948 4952 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/21 19:09:52.0002 4952 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/21 19:09:52.0116 4952 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/21 19:09:52.0175 4952 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/21 19:09:52.0229 4952 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/21 19:09:52.0316 4952 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/21 19:09:52.0387 4952 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/21 19:09:52.0429 4952 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/21 19:09:52.0480 4952 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/21 19:09:52.0561 4952 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/21 19:09:52.0639 4952 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/21 19:09:52.0688 4952 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/21 19:09:52.0741 4952 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/21 19:09:52.0801 4952 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/21 19:09:52.0853 4952 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/21 19:09:52.0966 4952 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/07/21 19:09:53.0083 4952 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/21 19:09:53.0117 4952 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/21 19:09:53.0159 4952 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/21 19:09:53.0211 4952 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/21 19:09:53.0246 4952 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/21 19:09:53.0272 4952 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/21 19:09:53.0331 4952 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/21 19:09:53.0356 4952 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/21 19:09:53.0471 4952 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/21 19:09:53.0596 4952 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/21 19:09:53.0658 4952 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/21 19:09:53.0690 4952 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/21 19:09:53.0736 4952 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/21 19:09:53.0781 4952 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/21 19:09:53.0833 4952 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/21 19:09:53.0897 4952 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/21 19:09:53.0964 4952 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/21 19:09:54.0016 4952 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/21 19:09:54.0073 4952 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/21 19:09:54.0138 4952 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/21 19:09:54.0184 4952 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/21 19:09:54.0237 4952 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/07/21 19:09:54.0291 4952 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/21 19:09:54.0430 4952 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/21 19:09:54.0647 4952 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/21 19:09:54.0746 4952 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/21 19:09:54.0791 4952 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/21 19:09:54.0888 4952 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/21 19:09:55.0002 4952 MBR (0x1B8) (2f04f445c78d9eb185bcf8fdef1e6df0) \Device\Harddisk0\DR0
2011/07/21 19:09:55.0252 4952 Boot (0x1200) (89272cc64ee5a933205d399e2cf986be) \Device\Harddisk0\DR0\Partition0
2011/07/21 19:09:55.0285 4952 Boot (0x1200) (85b522df6fcd8b9e84fdbdbda93cc5e3) \Device\Harddisk0\DR0\Partition1
2011/07/21 19:09:55.0292 4952 ================================================================================
2011/07/21 19:09:55.0292 4952 Scan finished
2011/07/21 19:09:55.0293 4952 ================================================================================
2011/07/21 19:09:55.0311 6108 Detected object count: 0
2011/07/21 19:09:55.0311 6108 Actual detected object count: 0
|
|
21.07.2011, 18:25
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2011, 19:02
| #14 |
| | Weiterhin Probleme nach BKA-Scareware-Befall Combofix Log: Code:
ATTFilter ComboFix 11-07-21.02 - Thomas 21.07.2011 19:49:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2046 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas\AppData\Local\TempDIR
c:\users\Thomas\AppData\Local\TempDIR\SecureW2_TTLS_333.exe
c:\windows\system32\ccrpTmr6.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-21 bis 2011-07-21 ))))))))))))))))))))))))))))))
.
.
2011-07-21 16:02 . 2011-07-21 16:02 -------- d-----w- C:\_OTL
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-07-20 20:13 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-07-20 20:13 . 2011-07-20 20:13 -------- d-----w- C:\totalcmd
2011-07-20 20:13 . 2011-07-20 20:13 -------- d-----w- c:\users\Thomas\AppData\Roaming\GHISLER
2011-07-20 20:00 . 2011-07-20 20:00 388096 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-20 20:00 . 2011-07-20 20:00 -------- d-----w- c:\program files\Trend Micro
2011-07-19 06:13 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D743C90-03DE-458A-ABB5-B54D3C1F3C38}\mpengine.dll
2011-07-13 06:54 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 06:54 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 06:54 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-29 12:14 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2008-09-30 23:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-09-30 23:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 17:14 . 2009-10-03 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 07:21 . 2011-05-21 07:21 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-04 02:52 . 2010-05-11 17:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"ledpointer"="CNYHKey.exe" [2006-11-09 5585408]
"MoLed"="ModLEDKey.exe" [2006-11-09 53248]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2007-05-08 155648]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Targa VFD Display.lnk - c:\windows\Installer\{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}\_240FB530969C6B2372E60D.exe [2007-4-30 11166]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk
backup=c:\windows\pss\FIFA 11-Registrierung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 21:31 133104 ----atw- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2011-07-06 17:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 16:37 69216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
R2 CheckStage2_svc;CheckStage2_svc;c:\windows\CheckStage2.exe [2007-03-12 462848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-27 13352]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-05-08 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2007-05-08 127059]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-10-27 2814080]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31308142
*Deregistered* - 31308142
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 08:27]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 08:27]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001Core.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:31]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001UA.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:31]
.
2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job
- c:\windows\system32\msfeedssync.exe [2011-06-26 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60141
IE: Alles mit NetXfer herunterladen - c:\program files\Xi\NetXfer\NXAddList.html
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Herunterladen mit NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 81.173.194.76 81.173.194.69
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ntxe4yam.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: FootieFox: {9fb7d178-155a-4318-9173-1a8eaaea7fe4} - %profile%\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Getdo - c:\users\Thomas\AppData\Roaming\Adobe\Update\flacor.dat
MSConfigStartUp-NvCplDaemonTool - c:\users\Thomas\LPLOAD~1.DLL
MSConfigStartUp-Olelink - c:\users\Thomas\AppData\Roaming\Bustor\depcom.exe
MSConfigStartUp-Ricycle.Bin - c:\ricycle.bin\Ricycle.Bin.exe
MSConfigStartUp-Userinit - c:\users\Thomas\AppData\Roaming\appconf32.exe
AddRemove-Xaldon WebSpider 2 - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-21 19:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\SecuROM\License information*]
"datasecu"=hex:8e,17,cb,0a,39,13,40,37,43,5f,61,a2,56,28,32,15,57,ae,b8,2f,27,
16,e2,d7,ee,25,67,6f,bd,d5,b8,f1,cb,44,d6,b2,b2,ea,be,9b,a7,d3,76,27,be,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0d,3b,25,66,19,03,6e,fd,4f,a8,a2,fa,9d,e1,52,c2,56,79,51,68,
59,d5,f4,59,07,45,91,f9,29,b3,aa,34,ed,ab,21,a5,a5,d3,ad,08,4c,48,f7,d3,42,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-21 19:59:46
ComboFix-quarantined-files.txt 2011-07-21 17:59
.
Vor Suchlauf: 15 Verzeichnis(se), 76.676.096.000 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 76.684.849.152 Bytes frei
.
- - End Of File - - D12C18E9453E0B71DC04CB15C23AC2D7
|
|
21.07.2011, 19:10
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Probleme nach BKA-Scareware-Befall Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Weiterhin Probleme nach BKA-Scareware-Befall |
| 0x00000001, 80-100, adblock, antivir, autorun, avira, bedienung, bho, bka trojaner, bonjour, c:\windows\system32\rundll32.exe, converter, entfernen, excel, excel.exe, explorer.exe, fehlermeldung, firefox, format, funktioniert nicht mehr, google earth, hijack, home, langs, logfile, mp3, ntdll.dll, nvlddmkm.sys, programm, registry, rundll, safer networking, scan, sched.exe, security, software, start menu, starten, system, usb, version=1.0, vista |
Linear-Darstellung
