| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner endgültig gelöscht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.08.2011, 21:58
| #1 |
 |  Bundespolizei Trojaner endgültig gelöscht? Guten Abend, ich habe mir heute leider auch den Bundespolizeit-Trojaner eingefangen. Höchstwahrscheinlich ist das beim surfen im Internet mit dem Opera-Browser passiert. AVG Free hat nichts bemerkt. Mir ist es gelungen nach einem Neustart den Prozess rechtzeitig im Task-Manager zu beenden (genauen Namen konnte ich mir leider nicht merken). Danach habe ich eine Datei mit dem Namen jashla.exe und einen Ordner gelöscht. Hier ein Screen: hxxp://img228.imageshack.us/img228/9634/gelscht.png. Hier noch ein kleiner Ausschnitt aus der Resident.log von Spybot-SD Resident (verdächte Zeile markiert): Code:
ATTFilter 21.07.2011 21:33:10 Erlaubt (based on user decision) value "iTunesHelper" (new data: "") gelöscht in System Startup global entry!
21.07.2011 21:34:35 Erlaubt (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") hinzugefügt in System Startup global entry!
07.08.2011 16:55:21 Erlaubt (based on user decision) value "avupdate" (new data: "C:\Users\username\AppData\Roaming\jashla.exe") hinzugefügt in System Startup user entry!
07.08.2011 18:06:26 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent") hinzugefügt in System Startup global entry!
07.08.2011 18:06:51 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: ""D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray") hinzugefügt in System Startup global entry!
07.08.2011 18:08:36 Erlaubt (based on user decision) value "MSC" (new data: ""C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey") hinzugefügt in System Startup global entry!
07.08.2011 18:11:18 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "grpconv -o") hinzugefügt in System Startup global entry!
07.08.2011 18:11:18 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: "") gelöscht in System Startup global entry!
07.08.2011 18:11:33 Erlaubt (based on authenticode whitelist) value "avgnt" (new data: ""D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min") hinzugefügt in System Startup global entry!
07.08.2011 18:11:33 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "") gelöscht in System Startup global entry!
07.08.2011 18:39:14 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "grpconv -o") hinzugefügt in System Startup global entry!
07.08.2011 18:39:16 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "") gelöscht in System Startup global entry!
Ein Fullscan mit AVG Free, Antivir und Malwarebytes hat nichts gefunden. Malwarebytes Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7402
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
07.08.2011 21:58:41
mbam-log-2011-08-07 (21-58-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 436548
Laufzeit: 1 Stunde(n), 15 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Nach einem Neustart habe ich dann noch HijackThis laufen lassen. Untenstehend ist das Logfile (verdächtige Zeile markiert). Danach habe ich in der Registry nach jashla gesucht und den dazugehörigen Eintrag gelöscht. Der markierte Eintrag ist bei einem weiteren Scan nicht mehr im Logfile aufgetaucht. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:48, on 07.08.2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wuauclt.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [avupdate] C:\Users\username\AppData\Roaming\jashla.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 6319 bytes Abschließend noch die beiden Files von otl.exe: Code:
ATTFilter OTL Extras logfile created on: 07.08.2011 22:14:37 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,57% Memory free
6,00 Gb Paging File | 4,41 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,90 Gb Total Space | 10,32 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive D: | 80,00 Gb Total Space | 35,92 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
Drive E: | 178,09 Gb Total Space | 3,28 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive G: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,20% Space Free | Partition Type: FAT
Computer Name: username-PC | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343AB4F2-F1EF-4FF9-B0E6-CAAB680286A6}" = G Data LNK-Checker
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}" = Foxit PDF Preview Handler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7552F04B-9892-4362-8833-1E9AF1A8CF4C}" = Oracle VM VirtualBox 3.2.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}" = Prison Break
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DAD20769-75D8-4C1D-80E3-D545563FE9EF}_is1" = QTTabBar 1.5.0.0 Alpha 4
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}" = Image Grabber II.NET
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AllDup_is1" = AllDup 2.1.10
"Any Video Converter_is1" = Any Video Converter 3.2.3
"AVG" = AVG 2011
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AVIConverter" = AVIConverter 5.1.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beavis And Butt-head" = Beavis And Butt-head
"Bubblets_is1" = Bubblets 1.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"DupDetector_is1" = DupDetector 3.201
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EXIFutils for Windows" = EXIFutils for Windows
"Football Manager 2009" = Football Manager 2009
"FreeCommander_is1" = FreeCommander 2009.02b
"Grand Prix World" = Grand Prix World
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HijackThis" = HijackThis 2.0.2
"Image Grabber II" = Image Grabber II
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.49
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Opera 11.50.1074" = Opera 11.50
"P2PFilter" = P2PFilter 3.0.5
"PhotoScape" = PhotoScape
"PhotoWipe_is1" = PhotoWipe 1.0
"Q-Dir" = Q-Dir
"Replay Video Capture4.2" = Replay Video Capture
"rFactor" = rFactor (remove only)
"RidNacs_is1" = RidNacs 2.0.3
"SSC Service Utility_is1" = SSC Service Utility v4.30
"The KMPlayer" = The KMPlayer (remove only)
"Trillian" = Trillian
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.0.5
"XnView_is1" = XnView 1.97.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.12.2010 14:32:54 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10233
Error - 10.12.2010 14:32:54 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10233
Error - 11.12.2010 08:10:03 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.12.2010 07:47:25 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.12.2010 16:08:07 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.12.2010 14:04:45 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.12.2010 15:33:49 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.12.2010 05:47:43 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.12.2010 06:26:29 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 18.12.2010 06:26:29 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = 376: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ Media Center Events ]
Error - 12.07.2010 14:04:09 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:04:09 - Fehler beim Herstellen der Internetverbindung. 20:04:09
- Serververbindung konnte nicht hergestellt werden..
Error - 12.07.2010 14:04:24 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:04:14 - Fehler beim Herstellen der Internetverbindung. 20:04:14
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 12:39:22 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:39:22 - Fehler beim Herstellen der Internetverbindung. 18:39:22
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 12:39:32 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:39:28 - Fehler beim Herstellen der Internetverbindung. 18:39:28
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 13:39:39 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 19:39:39 - Fehler beim Herstellen der Internetverbindung. 19:39:39
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 13:39:48 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 19:39:44 - Fehler beim Herstellen der Internetverbindung. 19:39:44
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 14:48:53 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:48:52 - Fehler beim Herstellen der Internetverbindung. 20:48:53
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 14:49:04 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:48:58 - Fehler beim Herstellen der Internetverbindung. 20:48:58
- Serververbindung konnte nicht hergestellt werden..
Error - 15.07.2010 12:06:22 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:06:22 - Fehler beim Herstellen der Internetverbindung. 18:06:22
- Serververbindung konnte nicht hergestellt werden..
Error - 15.07.2010 12:06:31 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:06:27 - Fehler beim Herstellen der Internetverbindung. 18:06:27
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 01.08.2010 08:54:12 | Computer Name = username-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 1946
seconds with 1380 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.08.2011 12:10:45 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 0.0.0.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:10:56 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:16:28 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 0.0.0.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 07.08.2011 12:21:34 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 07.08.2011 12:21:39 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
< End of report >
Code:
ATTFilter OTL logfile created on: 07.08.2011 22:14:37 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = G:\ An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,57% Memory free 6,00 Gb Paging File | 4,41 Gb Available in Paging File | 73,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,90 Gb Total Space | 10,32 Gb Free Space | 25,87% Space Free | Partition Type: NTFS Drive D: | 80,00 Gb Total Space | 35,92 Gb Free Space | 44,91% Space Free | Partition Type: NTFS Drive E: | 178,09 Gb Total Space | 3,28 Gb Free Space | 1,84% Space Free | Partition Type: NTFS Drive G: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,20% Space Free | Partition Type: FAT Computer Name: TM-PC | User Name: TM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - G:\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio) PRC - D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - G:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FolderSize) -- D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (msvsmon90) -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (CVPND) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKsl6bdd110e) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48F37463-565E-4DBA-A7A7-CF16C774A0E3}\MpKsl6bdd110e.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (VSPerfDrv100) -- D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 F0 AA D1 E1 DB CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "transfermarkt.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.ftp: "72.241.183.61" FF - prefs.js..network.proxy.ftp_port: 27977 FF - prefs.js..network.proxy.http: "128.8.126.78" FF - prefs.js..network.proxy.http_port: 3124 FF - prefs.js..network.proxy.socks: "72.241.183.61" FF - prefs.js..network.proxy.socks_port: 27977 FF - prefs.js..network.proxy.ssl: "72.241.183.61" FF - prefs.js..network.proxy.ssl_port: 27977 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.08.04 18:32:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M] [2011.03.21 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions [2011.08.04 18:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions [2011.07.10 09:56:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.14 18:58:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.03.24 23:16:36 | 000,001,632 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\firefox-add-ons.xml [2011.08.03 19:26:04 | 000,001,633 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\googletranslate.xml [2011.06.10 22:14:28 | 000,002,024 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\transfermarktde.xml [2011.03.24 23:20:21 | 000,002,057 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\youtube-videosuche.xml File not found (No name found) -- [2011.08.04 18:32:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{0FED7D55-65D4-47B6-A6DE-9A4ADB55355F}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{311ECE6E-EA6A-442F-A02A-A362E561D892}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\PERSONALTITLEBAR@MOZTW.ORG.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\SEARCHY@SEARCHY.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\TABGROUPSWITCHER@ADDONLAB.COM.XPI O1 HOSTS File: ([2011.08.04 19:04:16 | 000,436,368 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15017 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.07 18:34:06 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Avira [2011.08.07 18:11:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.08.07 18:11:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.08.07 18:11:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.08.07 18:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.08.07 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011.08.07 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes [2011.08.07 18:06:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.07 18:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.21 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.07.21 21:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.07.21 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.07.17 13:39:32 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2011.07.17 12:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.07.13 19:47:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011.07.13 19:47:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 19:47:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011.07.13 19:47:52 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.07.13 19:47:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 19:47:47 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll ========== Files - Modified Within 30 Days ========== [2011.08.07 22:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.07 22:10:22 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2011.08.07 18:42:23 | 127,267,075 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.08.07 18:37:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.08.07 18:37:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.08.07 18:11:28 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.08.07 18:10:14 | 000,764,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.07 18:10:14 | 000,719,556 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.07 18:10:14 | 000,173,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.07 18:10:14 | 000,146,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.07 18:09:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.08.07 18:06:16 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.07 17:23:31 | 000,000,182 | ---- | M] () -- E:\username\Desktop\Dokument.rtf [2011.08.07 17:14:20 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 17:14:20 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.04 19:04:16 | 000,436,368 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.08.02 21:17:25 | 000,035,328 | ---- | M] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.21 21:34:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.07.14 18:51:15 | 000,426,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll [2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll ========== Files Created - No Company Name ========== [2011.08.07 18:11:28 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.08.07 18:09:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.08.07 18:08:22 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.08.07 18:06:16 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.07 17:23:30 | 000,000,182 | ---- | C] () -- E:\username\Desktop\Dokument.rtf [2011.07.21 21:34:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.06.09 19:57:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.26 20:02:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.22 11:20:06 | 000,112,831 | ---- | C] () -- C:\Users\username\AppData\Local\debuggee.mdmp [2011.03.10 21:21:24 | 000,010,476 | ---- | C] () -- C:\Windows\Q-Dir.ini [2010.10.14 20:26:33 | 000,161,619 | ---- | C] () -- C:\Windows\EXIFutils for Windows Uninstaller.exe [2010.10.10 14:55:35 | 000,000,211 | ---- | C] () -- C:\Users\username\AppData\Roaming\burnaware.ini [2010.10.10 13:40:23 | 000,007,597 | ---- | C] () -- C:\Users\username\AppData\Local\Resmon.ResmonCfg [2010.09.06 11:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll [2010.05.28 17:53:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.03.19 15:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.03.19 15:46:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.03.10 21:22:17 | 000,000,000 | ---- | C] () -- C:\Users\username\AppData\Local\prvlcl.dat [2010.03.05 01:00:34 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.03.05 01:00:34 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.03.04 21:28:12 | 000,035,328 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 10:47:43 | 000,764,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,173,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,426,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,719,556 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,146,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll ========== LOP Check ========== [2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup [2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft [2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10 [2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9 [2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux [2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib [2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini [2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite [2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan [2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro [2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot [2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit [2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software [2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn [2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView [2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech [2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda [2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag [2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera [2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape [2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break [2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir [2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs [2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u [2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive [2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird [2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode [2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView [2011.07.09 10:06:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Was kann ich noch tun, um sicher zu gehen, dass der Trojaner entfernt wurde? (Werde meine Windows danach neu aufsetzen. Möchte aber meine Daten davor noch sichern.) Vielen Dank! |
|
09.08.2011, 14:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner endgültig gelöscht? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
09.08.2011, 17:23
| #3 |
| | Bundespolizei Trojaner endgültig gelöscht? Ja, gibt noch mehrere. MSE hat auch noch was gefunden (siehe ganz unten).
__________________Vollständiger Suchlauf mit veralteter Datenbank: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7035
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
07.08.2011 20:22:18
mbam-log-2011-08-07 (20-22-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 431431
Laufzeit: 2 Stunde(n), 13 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Quick Scan mit aktueller Datenbank: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7402
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
07.08.2011 20:41:10
mbam-log-2011-08-07 (20-41-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187566
Laufzeit: 9 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Vollständiger Scan mit aktueller Datenbank (wurde oben schon gepostet): Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7402
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
07.08.2011 21:58:41
mbam-log-2011-08-07 (21-58-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 436548
Laufzeit: 1 Stunde(n), 15 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Protection Log (7.8.): Code:
ATTFilter 18:06:38 username MESSAGE Protection started successfully
18:06:42 username MESSAGE IP Protection started successfully
18:07:36 username ERROR Scheduled update failed: No address found failed with error code 11004
20:32:33 username MESSAGE IP Protection stopped
20:32:36 username MESSAGE Database updated successfully
20:32:37 username MESSAGE IP Protection started successfully
22:13:49 username MESSAGE Protection started successfully
22:13:53 username MESSAGE IP Protection started successfully
Protection Log (8.8.): Code:
ATTFilter 19:42:22 username MESSAGE Protection started successfully
19:42:25 username MESSAGE IP Protection started successfully
19:43:21 username ERROR Scheduled update failed: No address found failed with error code 11004
21:38:52 username MESSAGE IP Protection stopped
############################### Microsoft Security Essentials hat noch folgendes gefunden (habe leider kein Logfile gefunden): hxxp://img269.imageshack.us/img269/339/mseo.png |
|
09.08.2011, 19:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.08.2011, 19:58
| #5 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17dc80df530de84a84d229ffe08cded2
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-09 08:33:12
# local_time=2011-08-09 10:33:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777214 100 95 148 56205818 0 0
# compatibility_mode=5893 16776573 100 94 4869388 64546617 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=107540
# found=0
# cleaned=0
# scan_time=6566
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17dc80df530de84a84d229ffe08cded2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-10 06:53:15
# local_time=2011-08-10 08:53:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777213 100 95 226 56281375 0 0
# compatibility_mode=5893 16776574 100 94 4944945 64622174 0 0
# compatibility_mode=8192 67108863 100 0 75687 75687 0 0
# scanned=239351
# found=0
# cleaned=0
# scan_time=11411
|
|
10.08.2011, 20:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Bundespolizei Trojaner endgültig gelöscht? |
|
11.08.2011, 17:57
| #7 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter OTL logfile created on: 11.08.2011 17:41:30 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = E:\username\Downloads An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,48% Memory free 6,00 Gb Paging File | 4,71 Gb Available in Paging File | 78,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,90 Gb Total Space | 9,81 Gb Free Space | 24,59% Space Free | Partition Type: NTFS Drive D: | 80,00 Gb Total Space | 43,73 Gb Free Space | 54,67% Space Free | Partition Type: NTFS Drive E: | 178,09 Gb Total Space | 5,13 Gb Free Space | 2,88% Space Free | Partition Type: NTFS Computer Name: username-PC | User Name: username | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\username\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio) PRC - D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - E:\username\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (FolderSize) -- D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (msvsmon90) -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (CVPND) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKsld575943a) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B61E2B4-DE3A-4115-8E75-5121B1D3C9B5}\MpKsld575943a.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (VSPerfDrv100) -- D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 F0 AA D1 E1 DB CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "transfermarkt.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.ftp: "72.241.183.61" FF - prefs.js..network.proxy.ftp_port: 27977 FF - prefs.js..network.proxy.http: "128.8.126.78" FF - prefs.js..network.proxy.http_port: 3124 FF - prefs.js..network.proxy.socks: "72.241.183.61" FF - prefs.js..network.proxy.socks_port: 27977 FF - prefs.js..network.proxy.ssl: "72.241.183.61" FF - prefs.js..network.proxy.ssl_port: 27977 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M] [2011.03.21 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions [2011.08.09 20:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions [2011.07.10 09:56:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.14 18:58:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.03.24 23:16:36 | 000,001,632 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\firefox-add-ons.xml [2011.08.03 19:26:04 | 000,001,633 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\googletranslate.xml [2011.06.10 22:14:28 | 000,002,024 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\transfermarktde.xml [2011.03.24 23:20:21 | 000,002,057 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\youtube-videosuche.xml File not found (No name found) -- () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{0FED7D55-65D4-47B6-A6DE-9A4ADB55355F}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{311ECE6E-EA6A-442F-A02A-A362E561D892}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\PERSONALTITLEBAR@MOZTW.ORG.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\SEARCHY@SEARCHY.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\TABGROUPSWITCHER@ADDONLAB.COM.XPI O1 HOSTS File: ([2011.08.04 19:04:16 | 000,436,368 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15017 more lines... O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM..\Run: [Eraser] D:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Nusernamessvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DW6 - hkey= - key= - File not found MsConfig - StartUpReg: Eraser - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - D:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBoousernamein: Base - Driver Group SafeBoousernamein: Boot Bus Extender - Driver Group SafeBoousernamein: Boot file system - Driver Group SafeBoousernamein: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll () Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.09 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.09 18:09:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.07 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011.08.07 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes [2011.08.07 18:06:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.07 18:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.21 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.07.21 21:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.07.21 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.07.17 13:39:32 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2011.07.17 12:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ========== Files - Modified Within 30 Days ========== [2011.08.11 17:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.11 17:36:44 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2011.08.10 21:10:22 | 000,000,920 | ---- | M] () -- E:\username\Desktop\sgd.rtf [2011.08.10 17:48:49 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.10 17:48:49 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.09 18:18:02 | 000,051,309 | ---- | M] () -- E:\username\Desktop\mse.png [2011.08.08 20:03:07 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk [2011.08.07 18:10:14 | 000,764,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.07 18:10:14 | 000,719,556 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.07 18:10:14 | 000,173,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.07 18:10:14 | 000,146,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.07 18:09:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.08.07 18:06:16 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.07 17:23:31 | 000,000,182 | ---- | M] () -- E:\username\Desktop\Dokument.rtf [2011.08.04 19:04:16 | 000,436,368 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.08.02 21:17:25 | 000,035,328 | ---- | M] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.21 21:34:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.07.14 18:51:15 | 000,426,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.08.10 20:55:37 | 000,000,920 | ---- | C] () -- E:\username\Desktop\sgd.rtf [2011.08.09 18:17:25 | 000,051,309 | ---- | C] () -- E:\username\Desktop\mse.png [2011.08.08 20:03:07 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk [2011.08.08 20:03:07 | 000,001,544 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk [2011.08.07 18:09:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.08.07 18:08:22 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.08.07 18:06:16 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.07 17:23:30 | 000,000,182 | ---- | C] () -- E:\username\Desktop\Dokument.rtf [2011.07.21 21:34:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.06.09 19:57:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.26 20:02:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.22 11:20:06 | 000,112,831 | ---- | C] () -- C:\Users\username\AppData\Local\debuggee.mdmp [2011.03.10 21:21:24 | 000,010,476 | ---- | C] () -- C:\Windows\Q-Dir.ini [2010.10.14 20:26:33 | 000,161,619 | ---- | C] () -- C:\Windows\EXIFutils for Windows Uninstaller.exe [2010.10.10 14:55:35 | 000,000,211 | ---- | C] () -- C:\Users\username\AppData\Roaming\burnaware.ini [2010.10.10 13:40:23 | 000,007,597 | ---- | C] () -- C:\Users\username\AppData\Local\Resmon.ResmonCfg [2010.09.06 11:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll [2010.05.28 17:53:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.03.19 15:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.03.19 15:46:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.03.10 21:22:17 | 000,000,000 | ---- | C] () -- C:\Users\username\AppData\Local\prvlcl.dat [2010.03.05 01:00:34 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.03.05 01:00:34 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.03.04 21:28:12 | 000,035,328 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 10:47:43 | 000,764,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,173,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,426,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,719,556 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,146,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll ========== LOP Check ========== [2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup [2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft [2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10 [2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9 [2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux [2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib [2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini [2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite [2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan [2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro [2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot [2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit [2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software [2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn [2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView [2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech [2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda [2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag [2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera [2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape [2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break [2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir [2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs [2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u [2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive [2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird [2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode [2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView [2011.07.09 10:06:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.15 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Adobe [2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup [2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft [2010.11.03 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Apple Computer [2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10 [2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9 [2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux [2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib [2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini [2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite [2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan [2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro [2010.10.10 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\dvdcss [2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot [2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit [2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software [2010.03.04 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Identities [2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn [2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView [2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech [2010.03.04 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Logitech [2010.03.04 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Macromedia [2011.08.07 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Media Center Programs [2011.08.09 20:13:42 | 000,000,000 | --SD | M] -- C:\Users\username\AppData\Roaming\Microsoft [2011.04.15 21:30:14 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Microsoft FxCop [2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda [2011.03.21 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mozilla [2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag [2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera [2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape [2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break [2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir [2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs [2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u [2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive [2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird [2011.07.02 17:55:55 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\vlc [2010.03.04 21:06:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\WinRAR [2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode [2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys [2010.03.06 17:01:52 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
11.08.2011, 22:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.ftp: "72.241.183.61"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "128.8.126.78"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "72.241.183.61"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "72.241.183.61"
FF - prefs.js..network.proxy.ssl_port: 27977
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2011, 13:52
| #9 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter ========== OTL ==========
Prefs.js: "72.241.183.61" removed from network.proxy.ftp
Prefs.js: 27977 removed from network.proxy.ftp_port
Prefs.js: "128.8.126.78" removed from network.proxy.http
Prefs.js: 3124 removed from network.proxy.http_port
Prefs.js: "72.241.183.61" removed from network.proxy.socks
Prefs.js: 27977 removed from network.proxy.socks_port
Prefs.js: "72.241.183.61" removed from network.proxy.ssl
Prefs.js: 27977 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
File H:\Setup.exe autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
File H:\Setup.exe autorun not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 08122011_145013
|
|
12.08.2011, 14:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2011, 09:01
| #11 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter ComboFix 11-08-12.01 - username 13.08.2011 9:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2031 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-07-13 bis 2011-08-13 ))))))))))))))))))))))))))))))
.
.
2011-08-11 17:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-11 17:00 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3010F92A-5C0B-4B7B-A533-78E6B91D000F}\mpengine.dll
2011-08-09 18:41 . 2011-08-09 18:41 -------- d-----w- c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33 -------- d-----w- c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-17 08:45 . 2011-05-19 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 08:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02 208528 ----a-w- d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Eraser - e:\progra~1\Eraser\Eraser.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-13 09:55:18
ComboFix-quarantined-files.txt 2011-08-13 07:55
.
Vor Suchlauf: 8 Verzeichnis(se), 11.414.396.928 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.133.616.128 Bytes frei
.
- - End Of File - - E3AE7CC5595D315ED0786F95571FEFB2
|
|
15.08.2011, 09:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Regnull::
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2011, 18:11
| #13 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter ComboFix 11-08-15.07 - username 15.08.2011 18:29:09.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2161 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: e:\username\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-07-15 bis 2011-08-15 ))))))))))))))))))))))))))))))
.
.
2011-08-15 16:34 . 2011-08-15 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-15 16:34 . 2011-08-15 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 11:38 . 2011-08-15 11:38 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys
2011-08-15 11:37 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\mpengine.dll
2011-08-13 08:47 . 2011-08-13 08:47 -------- d-----w- c:\program files\Defraggler
2011-08-13 07:55 . 2011-08-15 16:34 -------- d-----w- c:\users\username\AppData\Local\temp
2011-08-11 17:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-09 18:41 . 2011-08-09 18:41 -------- d-----w- c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33 -------- d-----w- c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 08:13 . 2011-05-19 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-14 08:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02 208528 ----a-w- d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 MpKsl7e8611f3;MpKsl7e8611f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys [2011-08-15 28752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL7E8611F3
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-15 18:36:40
ComboFix-quarantined-files.txt 2011-08-15 16:36
ComboFix2.txt 2011-08-13 07:55
.
Vor Suchlauf: 9.635.164.160 Bytes frei
Nach Suchlauf: 9.559.494.656 Bytes frei
.
- - End Of File - - D2B5C1C7D2CB1FE49EF48F743849A8BC
|
|
15.08.2011, 18:45
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner endgültig gelöscht? Hm, wiederhol das Scripten bitte nochmal, aber die CFScript vorher neu machen und diese Zeilen eintragen: Code:
ATTFilter Reglockdel::
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2011, 18:59
| #15 |
| | Bundespolizei Trojaner endgültig gelöscht?Code:
ATTFilter ComboFix 11-08-15.07 - username 15.08.2011 19:51:04.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2198 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: e:\username\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-07-15 bis 2011-08-15 ))))))))))))))))))))))))))))))
.
.
2011-08-15 17:55 . 2011-08-15 17:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-15 17:55 . 2011-08-15 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-15 11:38 . 2011-08-15 11:38 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys
2011-08-15 11:37 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\mpengine.dll
2011-08-13 08:47 . 2011-08-13 08:47 -------- d-----w- c:\program files\Defraggler
2011-08-13 07:55 . 2011-08-15 17:55 -------- d-----w- c:\users\username\AppData\Local\temp
2011-08-11 17:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-09 18:41 . 2011-08-09 18:41 -------- d-----w- c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33 -------- d-----w- c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 08:13 . 2011-05-19 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-14 08:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02 208528 ----a-w- d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 MpKsl7e8611f3;MpKsl7e8611f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys [2011-08-15 28752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL7E8611F3
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-15 19:57:22
ComboFix-quarantined-files.txt 2011-08-15 17:57
ComboFix2.txt 2011-08-15 17:21
ComboFix3.txt 2011-08-15 16:36
ComboFix4.txt 2011-08-13 07:55
.
Vor Suchlauf: 9.636.417.536 Bytes frei
Nach Suchlauf: 9.559.969.792 Bytes frei
.
- - End Of File - - 6709B0173C86DEEFBE20D6909C259A02
|
|
| Themen zu Bundespolizei Trojaner endgültig gelöscht? |
| 7-zip, antivir, antivir guard, any video converter, avgnt, avira, bho, bonjour, converter, desktop, document, error, flash player, hijack, hijackthis, install.exe, jashla.exe, jdownloader, langs, logfile, microsoft office word, microsoft security, mozilla, mp3, nvidia update, nvlddmkm.sys, object, office 2007, plug-in, problem, problembehandlung, prozess, realtek, registry, safer networking, security, security update, server, shell32.dll, software, sptd.sys, start menu, studio, system, trick, trojaner, version=1.0, video converter, virtualbox, visual studio, webcheck |
Textbox.
.
Linear-Darstellung
