|
Log-Analyse und Auswertung: BKA TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.09.2011, 11:31 | #1 |
| BKA Trojaner Hallo, habe wie schon im Titel geschrieben den BKA Trojaner auf einem Laptop. Nun habe ich mich hier schon ein wenig umgesehen im Forum. Habe mir OTLPENet runtergeladen und damit eine CD erstellt nun habe ich den Laptop auch gestartet bekommen und einen Scan mit OTL durgeführt . Hier nun die Scans: OTL.txt Code:
ATTFilter OTL logfile created on: 9/27/2011 8:57:11 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2008/10/24 08:54:32 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008/10/24 08:54:30 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008/07/22 04:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/11/02 06:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007/10/03 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2009/05/27 13:46:02 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/05/27 13:45:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009/05/27 13:45:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008/07/10 23:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/03/12 21:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/06/25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 14:59:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 04:34:14 | 000,000,000 | ---D | M] [2008/09/12 12:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Extensions [2011/04/21 08:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions [2009/09/14 10:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2009/11/06 05:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/08/16 18:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml [2009/03/15 09:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml [2010/09/02 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/02 17:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010/08/01 06:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/08/01 06:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/08/01 06:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/08/01 06:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/08/01 06:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\Anika_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - ("Explorer.exe") - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe () O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/09/27 02:34:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe [2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe ========== Files - Modified Within 30 Days ========== [2011/09/27 20:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk [2011/09/27 13:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/27 13:38:44 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/09/27 13:38:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/09/27 13:38:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011/09/27 11:23:51 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/09/27 11:23:51 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/09/27 11:23:51 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/09/27 11:23:51 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/09/27 11:15:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/27 01:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/09/27 01:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011/09/27 20:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk [2011/09/27 13:38:25 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2011/04/15 16:05:51 | 000,000,066 | ---- | C] () -- C:\Users\Anika\AppData\default.pls [2011/01/05 15:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat [2010/09/02 17:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/20 12:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/20 12:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/10/20 12:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/06/16 14:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/06/16 14:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/02/03 13:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/23 15:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS [2008/10/05 07:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat [2008/07/17 08:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008/07/17 07:56:03 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/07/17 07:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/07/17 07:56:03 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/07/17 07:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/07/17 05:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008/07/17 03:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/07/17 02:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008/07/14 05:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/05/29 16:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab [2008/05/29 16:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab [2008/05/29 16:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab [2008/05/29 16:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab [2008/05/29 16:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab [2008/05/29 16:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab [2008/05/29 16:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab [2008/05/29 16:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab [2008/05/29 16:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab [2008/05/29 16:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab [2008/05/29 16:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab [2008/05/29 16:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab [2008/05/29 16:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab [2008/05/29 16:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab [2008/05/29 16:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab [2008/05/29 16:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab [2008/05/29 16:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab [2008/05/29 16:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab [2008/05/29 16:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab [2008/05/29 16:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab [2008/05/29 16:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab [2008/05/29 16:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab [2008/05/29 16:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab [2008/05/29 16:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi [2008/05/29 16:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini [2008/02/08 16:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/11/04 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener [2010/08/16 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/04 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner [2009/07/08 06:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org [2008/10/05 07:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template [2010/07/08 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems [2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2008/07/17 08:50:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH [2010/11/08 09:09:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2008/07/17 08:52:51 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2008/07/17 09:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems [2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010/08/03 17:03:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom [2010/08/25 15:03:00 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2008/07/17 09:47:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2011/04/27 13:40:11 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 9/27/2011 8:57:11 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A787B327-ABF4-4655-8FC3-01F65FB68880}_is1" = Vortest 7 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EXMARaLDA_is1" = EXMARaLDA 1.4 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LetsTrade" = LetsTrade Komponenten "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Drivers" = NVIDIA Drivers "softonic-de3 Toolbar" = softonic-de3 Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "Zylom Games Player Plugin" = Zylom Games Player Plugin < End of report > mfg Jan |
29.09.2011, 10:08 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" [2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE :Files C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe :Commands [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
29.09.2011, 12:42 | #3 |
| BKA Trojaner Hallo Arne,
__________________ich habe nun deinen "Fix" durchgeführt. denke es hat soweit alles klappt Windows startet wieder normal. Die gewünschen Datein bzw Die Zip Datei habe ich auch schon erfolgreich hochgeladen . Nun hier noch die Log Datei: Code:
ATTFilter ========== OTL ========== HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully. C:\Program Files\softonic-de3\tbsoft.dll moved successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Program Files\softonic-de3\tbsoft.dll not found. Prefs.js: "Live Search" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully. C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully. C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Program Files\softonic-de3\tbsoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File de3\tbsoft.dll not found. Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. File de3\tbsoft.dll not found. Registry value HKEY_USERS\Anika_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe deleted successfully. C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. X:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found. File E:\AUTOSTART.EXE not found. ========== FILES ========== File\Folder C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTLPE by OldTimer - Version 3.1.48.0 log created on 09292011_161836 Files\Folders moved on Reboot... File\Folder X:\AUTORUN.INF not found! Registry entries deleted on Reboot... mfg Jan |
29.09.2011, 13:13 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Führe danach auch bitte ESET aus, danach sehen wir weiter. ESET Online Scanner
n.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.09.2011, 19:27 | #5 |
| BKA Trojaner So ich habe nun mit Malware gescannt sowie mit dem Online Scanner hier nun die Logfiles: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7827 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 29.09.2011 16:53:53 mbam-log-2011-09-29 (16-53-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 338439 Laufzeit: 1 Stunde(n), 45 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-29 06:17:19 # local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 8291 8291 0 0 # compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0 # compatibility_mode=8192 67108863 100 0 131 131 0 0 # scanned=170824 # found=2 # cleaned=0 # scan_time=10845 C:\Users\Anika\Downloads\SoftonicDownloader64308.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe a variant of Win32/Injector.GAW trojan (unable to clean) 00000000000000000000000000000000 I ich hoffe ihr könnt mir weiterhelfen. danke im vorraus mfg jan |
29.09.2011, 19:32 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> BKA Trojaner |
29.09.2011, 20:19 | #7 |
| BKA Trojaner das ging ja schnell mit der antwort, so habe alles wie beschrieben ausgeführt . hier die log.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.09.2011 20:48:02 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Anika\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,21% Memory free 6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 185,13 Gb Free Space | 67,22% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,51 Gb Free Space | 55,20% Space Free | Partition Type: FAT32 Computer Name: ANIKA-PC | User Name: Anika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe PRC - [2011.09.09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2011.09.08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.08.12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2010.08.01 12:23:20 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.07.22 10:20:56 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe ========== Modules (No Company Name) ========== MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Win32 Services (SafeList) ========== SRV - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2008.07.22 10:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.07.11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011.07.11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1806 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011.09.29 15:00:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.09.29 15:01:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.25 20:59:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 10:34:14 | 000,000,000 | ---D | M] [2008.09.12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Extensions [2011.09.29 15:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions [2009.09.14 16:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.06 11:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.17 00:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml [2009.03.15 15:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml [2010.09.02 23:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.02 23:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.09.29 15:00:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX [2008.10.05 14:15:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2009.07.07 17:35:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.08.01 12:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.01 12:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.08.01 12:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.01 12:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.01 12:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011.09.29 22:18:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 213.191.74.18 62.109.123.196 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - ("Explorer.exe") -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.29 22:18:45 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2011.09.29 22:18:36 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.29 20:44:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe [2011.09.29 17:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.09.29 16:12:37 | 000,000,000 | -H-D | C] -- C:\$AVG [2011.09.29 15:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ MALWAREBYTES ANTI-MALWARE [2011.09.29 15:02:18 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\AVG2012 [2011.09.29 15:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011.09.29 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011.09.29 14:53:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011.09.29 14:53:16 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\Malwarebytes [2011.09.29 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.29 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.29 14:53:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.29 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.29 14:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011.09.27 08:34:52 | 000,000,000 | -HSD | C] -- C:\found.000 [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe ========== Files - Modified Within 30 Days ========== [2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.29 20:45:49 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe [2011.09.29 20:35:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.29 19:36:12 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.09.29 19:35:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.29 15:03:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.29 15:03:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.29 15:03:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.29 15:03:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.29 15:03:35 | 105,314,671 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.09.29 15:01:33 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.09.29 14:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.29 14:54:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.09.29 14:53:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.28 02:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk [2011.09.27 07:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.27 07:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.09.29 16:22:59 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2011.09.29 15:03:35 | 105,314,671 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.09.29 15:01:33 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.09.29 14:53:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.28 02:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk [2011.01.05 21:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat [2010.09.02 23:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.20 18:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 18:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.20 18:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.06.16 20:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.16 20:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.02.03 19:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.23 21:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS [2008.10.05 13:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat [2008.07.17 14:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.07.17 13:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.17 13:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.17 13:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.17 13:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.17 11:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2008.07.17 09:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.07.17 08:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.07.14 11:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.05.29 22:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab [2008.05.29 22:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab [2008.05.29 22:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab [2008.05.29 22:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab [2008.05.29 22:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab [2008.05.29 22:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab [2008.05.29 22:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab [2008.05.29 22:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab [2008.05.29 22:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab [2008.05.29 22:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab [2008.05.29 22:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab [2008.05.29 22:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab [2008.05.29 22:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab [2008.05.29 22:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab [2008.05.29 22:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab [2008.05.29 22:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab [2008.05.29 22:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab [2008.05.29 22:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab [2008.05.29 22:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab [2008.05.29 22:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab [2008.05.29 22:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab [2008.05.29 22:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab [2008.05.29 22:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab [2008.05.29 22:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi [2008.05.29 22:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini [2008.02.08 22:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012 [2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener [2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner [2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org [2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template [2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems [2011.09.29 14:54:00 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.09.07 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Adobe [2010.08.26 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Apple Computer [2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012 [2010.08.17 00:35:54 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\CyberLink [2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener [2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner [2008.09.07 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Google [2008.09.05 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Identities [2008.09.07 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Macromedia [2011.09.29 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Media Center Programs [2011.09.29 13:50:34 | 000,000,000 | --SD | M] -- C:\Users\Anika\AppData\Roaming\Microsoft [2008.09.12 18:49:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Mozilla [2009.02.03 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Nero [2009.02.03 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\NeroDigital™ [2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org [2009.07.08 11:55:29 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org2 [2011.09.29 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Skype [2011.09.29 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\skypePM [2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template [2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems < %APPDATA%\*.exe /s > [2011.03.13 15:41:22 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Anika\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > < End of report > [/CODE] |
29.09.2011, 20:21 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
30.09.2011, 09:54 | #9 |
| BKA Trojaner so nun habe ich den scan mit dem kaspersky tdsskiller durchgeführt. hier nun das ergebniss: Code:
ATTFilter 10:18:49.0611 6000 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43 10:18:49.0783 6000 ============================================================ 10:18:49.0783 6000 Current date / time: 2011/09/30 10:18:49.0783 10:18:49.0783 6000 SystemInfo: 10:18:49.0783 6000 10:18:49.0783 6000 OS Version: 6.0.6002 ServicePack: 2.0 10:18:49.0783 6000 Product type: Workstation 10:18:49.0783 6000 ComputerName: ANIKA-PC 10:18:49.0783 6000 UserName: Anika 10:18:49.0783 6000 Windows directory: C:\Windows 10:18:49.0783 6000 System windows directory: C:\Windows 10:18:49.0783 6000 Processor architecture: Intel x86 10:18:49.0783 6000 Number of processors: 2 10:18:49.0783 6000 Page size: 0x1000 10:18:49.0783 6000 Boot type: Normal boot 10:18:49.0783 6000 ============================================================ 10:18:50.0345 6000 Initialize success 10:18:58.0441 5464 ============================================================ 10:18:58.0441 5464 Scan started 10:18:58.0441 5464 Mode: Manual; SigCheck; TDLFS; 10:18:58.0441 5464 ============================================================ 10:18:59.0221 5464 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:18:59.0564 5464 ACPI - ok 10:18:59.0705 5464 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 10:18:59.0892 5464 adp94xx - ok 10:19:00.0141 5464 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 10:19:00.0297 5464 adpahci - ok 10:19:00.0609 5464 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 10:19:00.0641 5464 adpu160m - ok 10:19:00.0875 5464 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 10:19:00.0890 5464 adpu320 - ok 10:19:01.0187 5464 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 10:19:01.0467 5464 AFD - ok 10:19:01.0842 5464 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 10:19:01.0873 5464 agp440 - ok 10:19:02.0232 5464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:19:02.0263 5464 aic78xx - ok 10:19:02.0450 5464 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 10:19:02.0466 5464 aliide - ok 10:19:02.0793 5464 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 10:19:02.0809 5464 amdagp - ok 10:19:02.0981 5464 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 10:19:03.0012 5464 amdide - ok 10:19:03.0651 5464 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 10:19:04.0447 5464 AmdK7 - ok 10:19:04.0650 5464 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 10:19:04.0806 5464 AmdK8 - ok 10:19:05.0071 5464 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 10:19:05.0087 5464 arc - ok 10:19:05.0570 5464 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 10:19:05.0586 5464 arcsas - ok 10:19:05.0757 5464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:19:05.0804 5464 AsyncMac - ok 10:19:05.0976 5464 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:19:05.0991 5464 atapi - ok 10:19:06.0163 5464 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 10:19:06.0241 5464 ATSWPDRV - ok 10:19:06.0631 5464 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 10:19:06.0662 5464 AVGIDSDriver - ok 10:19:07.0037 5464 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 10:19:07.0068 5464 AVGIDSEH - ok 10:19:07.0317 5464 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 10:19:07.0333 5464 AVGIDSFilter - ok 10:19:07.0614 5464 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 10:19:07.0629 5464 AVGIDSShim - ok 10:19:07.0879 5464 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys 10:19:07.0895 5464 Avgldx86 - ok 10:19:08.0394 5464 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 10:19:08.0409 5464 Avgmfx86 - ok 10:19:08.0612 5464 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys 10:19:08.0628 5464 Avgrkx86 - ok 10:19:10.0188 5464 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 10:19:10.0219 5464 Avgtdix - ok 10:19:10.0453 5464 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:19:10.0562 5464 Beep - ok 10:19:10.0749 5464 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 10:19:10.0843 5464 blbdrive - ok 10:19:11.0030 5464 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:19:11.0139 5464 bowser - ok 10:19:11.0373 5464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:19:11.0436 5464 BrFiltLo - ok 10:19:11.0592 5464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:19:11.0654 5464 BrFiltUp - ok 10:19:11.0904 5464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:19:12.0107 5464 Brserid - ok 10:19:12.0247 5464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:19:12.0356 5464 BrSerWdm - ok 10:19:12.0497 5464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:19:12.0606 5464 BrUsbMdm - ok 10:19:12.0824 5464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:19:12.0918 5464 BrUsbSer - ok 10:19:13.0089 5464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:19:13.0230 5464 BTHMODEM - ok 10:19:13.0495 5464 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys 10:19:13.0557 5464 Cam5607 - ok 10:19:13.0651 5464 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:19:13.0713 5464 cdfs - ok 10:19:13.0838 5464 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:19:13.0916 5464 cdrom - ok 10:19:14.0103 5464 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 10:19:14.0166 5464 circlass - ok 10:19:14.0322 5464 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:19:14.0353 5464 CLFS - ok 10:19:14.0447 5464 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:19:14.0509 5464 CmBatt - ok 10:19:14.0556 5464 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 10:19:14.0587 5464 cmdide - ok 10:19:14.0618 5464 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:19:14.0634 5464 Compbatt - ok 10:19:14.0649 5464 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 10:19:14.0681 5464 crcdisk - ok 10:19:14.0852 5464 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 10:19:14.0930 5464 Crusoe - ok 10:19:15.0164 5464 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 10:19:15.0211 5464 DfsC - ok 10:19:15.0289 5464 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:19:15.0320 5464 disk - ok 10:19:15.0398 5464 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:19:15.0476 5464 drmkaud - ok 10:19:15.0570 5464 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:19:15.0617 5464 DXGKrnl - ok 10:19:15.0663 5464 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:19:15.0726 5464 E1G60 - ok 10:19:15.0835 5464 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:19:15.0851 5464 Ecache - ok 10:19:16.0038 5464 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 10:19:16.0116 5464 elxstor - ok 10:19:16.0319 5464 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 10:19:16.0397 5464 ErrDev - ok 10:19:16.0584 5464 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:19:16.0677 5464 exfat - ok 10:19:16.0787 5464 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:19:16.0849 5464 fastfat - ok 10:19:16.0896 5464 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:19:16.0958 5464 fdc - ok 10:19:17.0005 5464 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:19:17.0036 5464 FileInfo - ok 10:19:17.0099 5464 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:19:17.0177 5464 Filetrace - ok 10:19:17.0208 5464 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 10:19:17.0286 5464 flpydisk - ok 10:19:17.0364 5464 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:19:17.0395 5464 FltMgr - ok 10:19:17.0598 5464 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 10:19:17.0613 5464 fssfltr - ok 10:19:17.0754 5464 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:19:17.0801 5464 Fs_Rec - ok 10:19:17.0910 5464 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 10:19:17.0941 5464 gagp30kx - ok 10:19:18.0019 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:19:18.0035 5464 GEARAspiWDM - ok 10:19:18.0331 5464 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:19:18.0456 5464 HdAudAddService - ok 10:19:18.0659 5464 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:19:18.0768 5464 HDAudBus - ok 10:19:18.0893 5464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:19:18.0986 5464 HidBth - ok 10:19:19.0033 5464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:19:19.0158 5464 HidIr - ok 10:19:19.0236 5464 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:19:19.0283 5464 HidUsb - ok 10:19:19.0361 5464 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 10:19:19.0392 5464 Hotkey ( UnsignedFile.Multi.Generic ) - warning 10:19:19.0392 5464 Hotkey - detected UnsignedFile.Multi.Generic (1) 10:19:19.0485 5464 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 10:19:19.0517 5464 HpCISSs - ok 10:19:19.0595 5464 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:19:19.0688 5464 HTTP - ok 10:19:19.0782 5464 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 10:19:19.0813 5464 i2omp - ok 10:19:20.0031 5464 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:19:20.0094 5464 i8042prt - ok 10:19:20.0265 5464 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 10:19:20.0297 5464 iaStor - ok 10:19:20.0468 5464 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 10:19:20.0484 5464 iaStorV - ok 10:19:20.0624 5464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:19:20.0640 5464 iirsp - ok 10:19:20.0921 5464 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys 10:19:21.0404 5464 IntcAzAudAddService - ok 10:19:21.0560 5464 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:19:21.0591 5464 intelide - ok 10:19:21.0747 5464 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:19:21.0794 5464 intelppm - ok 10:19:21.0950 5464 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:19:22.0044 5464 IpFilterDriver - ok 10:19:22.0169 5464 IpInIp - ok 10:19:22.0371 5464 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 10:19:22.0434 5464 IPMIDRV - ok 10:19:22.0637 5464 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:19:22.0683 5464 IPNAT - ok 10:19:22.0886 5464 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:19:22.0933 5464 IRENUM - ok 10:19:23.0198 5464 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 10:19:23.0229 5464 isapnp - ok 10:19:23.0417 5464 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:19:23.0448 5464 iScsiPrt - ok 10:19:23.0869 5464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:19:23.0885 5464 iteatapi - ok 10:19:24.0056 5464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:19:24.0087 5464 iteraid - ok 10:19:24.0197 5464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:19:24.0212 5464 kbdclass - ok 10:19:24.0368 5464 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 10:19:24.0446 5464 kbdhid - ok 10:19:24.0774 5464 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:19:24.0867 5464 KSecDD - ok 10:19:25.0023 5464 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:19:25.0101 5464 lltdio - ok 10:19:25.0257 5464 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 10:19:25.0289 5464 LSI_FC - ok 10:19:25.0351 5464 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 10:19:25.0367 5464 LSI_SAS - ok 10:19:25.0398 5464 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 10:19:25.0429 5464 LSI_SCSI - ok 10:19:25.0476 5464 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:19:25.0538 5464 luafv - ok 10:19:25.0694 5464 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 10:19:25.0725 5464 MBAMProtector - ok 10:19:25.0850 5464 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 10:19:25.0881 5464 megasas - ok 10:19:25.0959 5464 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 10:19:26.0006 5464 MegaSR - ok 10:19:26.0053 5464 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:19:26.0115 5464 Modem - ok 10:19:26.0147 5464 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:19:26.0209 5464 monitor - ok 10:19:26.0240 5464 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:19:26.0271 5464 mouclass - ok 10:19:26.0303 5464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:19:26.0365 5464 mouhid - ok 10:19:26.0412 5464 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:19:26.0443 5464 MountMgr - ok 10:19:26.0474 5464 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 10:19:26.0505 5464 mpio - ok 10:19:26.0552 5464 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:19:26.0630 5464 mpsdrv - ok 10:19:26.0739 5464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:19:26.0755 5464 Mraid35x - ok 10:19:26.0849 5464 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:19:26.0927 5464 MRxDAV - ok 10:19:26.0973 5464 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:19:27.0036 5464 mrxsmb - ok 10:19:27.0083 5464 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:19:27.0161 5464 mrxsmb10 - ok 10:19:27.0192 5464 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:19:27.0223 5464 mrxsmb20 - ok 10:19:27.0270 5464 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 10:19:27.0301 5464 msahci - ok 10:19:27.0348 5464 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 10:19:27.0379 5464 msdsm - ok 10:19:27.0410 5464 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:19:27.0473 5464 Msfs - ok 10:19:27.0504 5464 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:19:27.0535 5464 msisadrv - ok 10:19:27.0566 5464 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:19:27.0629 5464 MSKSSRV - ok 10:19:27.0660 5464 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:19:27.0722 5464 MSPCLOCK - ok 10:19:27.0769 5464 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:19:27.0831 5464 MSPQM - ok 10:19:27.0894 5464 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:19:27.0925 5464 MsRPC - ok 10:19:27.0972 5464 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:19:28.0034 5464 mssmbios - ok 10:19:28.0065 5464 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:19:28.0112 5464 MSTEE - ok 10:19:28.0159 5464 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:19:28.0206 5464 Mup - ok 10:19:28.0268 5464 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:19:28.0299 5464 NativeWifiP - ok 10:19:28.0393 5464 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:19:28.0455 5464 NDIS - ok 10:19:28.0611 5464 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:19:28.0689 5464 NdisTapi - ok 10:19:28.0939 5464 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:19:29.0001 5464 Ndisuio - ok 10:19:29.0173 5464 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:19:29.0220 5464 NdisWan - ok 10:19:29.0298 5464 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:19:29.0376 5464 NDProxy - ok 10:19:29.0423 5464 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:19:29.0501 5464 NetBIOS - ok 10:19:29.0594 5464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:19:29.0657 5464 netbt - ok 10:19:29.0797 5464 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys 10:19:30.0015 5464 NETw4v32 - ok 10:19:30.0140 5464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:19:30.0156 5464 nfrd960 - ok 10:19:30.0265 5464 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:19:30.0343 5464 Npfs - ok 10:19:30.0421 5464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:19:30.0483 5464 nsiproxy - ok 10:19:30.0577 5464 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:19:30.0749 5464 Ntfs - ok 10:19:30.0873 5464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:19:30.0967 5464 ntrigdigi - ok 10:19:31.0014 5464 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:19:31.0170 5464 Null - ok 10:19:31.0451 5464 nvlddmkm (b0cc8b78a9f0c6d9c8909b9bf874a4de) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:19:32.0043 5464 nvlddmkm - ok 10:19:32.0184 5464 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 10:19:32.0199 5464 nvraid - ok 10:19:32.0262 5464 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 10:19:32.0293 5464 nvstor - ok 10:19:32.0340 5464 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 10:19:32.0371 5464 nv_agp - ok 10:19:32.0402 5464 NwlnkFlt - ok 10:19:32.0418 5464 NwlnkFwd - ok 10:19:32.0496 5464 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 10:19:32.0605 5464 ohci1394 - ok 10:19:32.0699 5464 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:19:32.0855 5464 Parport - ok 10:19:32.0933 5464 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:19:32.0964 5464 partmgr - ok 10:19:33.0026 5464 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:19:33.0135 5464 Parvdm - ok 10:19:33.0198 5464 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:19:33.0229 5464 pci - ok 10:19:33.0401 5464 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 10:19:33.0416 5464 pciide - ok 10:19:33.0463 5464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 10:19:33.0479 5464 pcmcia - ok 10:19:33.0572 5464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:19:33.0697 5464 PEAUTH - ok 10:19:33.0791 5464 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:19:33.0900 5464 PptpMiniport - ok 10:19:33.0931 5464 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 10:19:33.0993 5464 Processor - ok 10:19:34.0040 5464 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:19:34.0118 5464 PSched - ok 10:19:34.0196 5464 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 10:19:34.0493 5464 ql2300 - ok 10:19:34.0586 5464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:19:34.0633 5464 ql40xx - ok 10:19:34.0664 5464 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:19:34.0742 5464 QWAVEdrv - ok 10:19:34.0773 5464 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:19:34.0836 5464 RasAcd - ok 10:19:34.0929 5464 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:19:35.0023 5464 Rasl2tp - ok 10:19:35.0085 5464 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:19:35.0148 5464 RasPppoe - ok 10:19:35.0179 5464 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:19:35.0226 5464 RasSstp - ok 10:19:35.0288 5464 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:19:35.0335 5464 rdbss - ok 10:19:35.0397 5464 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:19:35.0475 5464 RDPCDD - ok 10:19:35.0569 5464 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 10:19:35.0631 5464 rdpdr - ok 10:19:35.0772 5464 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:19:35.0834 5464 RDPENCDD - ok 10:19:36.0131 5464 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:19:36.0209 5464 RDPWD - ok 10:19:36.0411 5464 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:19:36.0505 5464 rspndr - ok 10:19:36.0583 5464 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys 10:19:36.0661 5464 RTL8169 - ok 10:19:36.0755 5464 RTSTOR (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS 10:19:36.0801 5464 RTSTOR - ok 10:19:36.0911 5464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:19:36.0942 5464 sbp2port - ok 10:19:37.0004 5464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:19:37.0098 5464 secdrv - ok 10:19:37.0176 5464 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:19:37.0269 5464 Serenum - ok 10:19:37.0332 5464 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:19:37.0441 5464 Serial - ok 10:19:37.0472 5464 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:19:37.0566 5464 sermouse - ok 10:19:37.0628 5464 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 10:19:37.0691 5464 sffdisk - ok 10:19:37.0722 5464 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 10:19:37.0800 5464 sffp_mmc - ok 10:19:37.0831 5464 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 10:19:37.0909 5464 sffp_sd - ok 10:19:38.0018 5464 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 10:19:38.0081 5464 sfloppy - ok 10:19:38.0268 5464 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys 10:19:38.0283 5464 Si3531 - ok 10:19:38.0330 5464 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys 10:19:38.0346 5464 SiFilter - ok 10:19:38.0361 5464 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys 10:19:38.0377 5464 SiRemFil - ok 10:19:38.0408 5464 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 10:19:38.0439 5464 sisagp - ok 10:19:38.0502 5464 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 10:19:38.0517 5464 SiSRaid2 - ok 10:19:38.0611 5464 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 10:19:38.0642 5464 SiSRaid4 - ok 10:19:39.0032 5464 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:19:39.0157 5464 Smb - ok 10:19:39.0297 5464 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:19:39.0313 5464 spldr - ok 10:19:39.0563 5464 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:19:39.0656 5464 srv - ok 10:19:39.0859 5464 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 10:19:39.0921 5464 srv2 - ok 10:19:40.0031 5464 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 10:19:40.0062 5464 srvnet - ok 10:19:40.0155 5464 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:19:40.0187 5464 swenum - ok 10:19:40.0249 5464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:19:40.0280 5464 Symc8xx - ok 10:19:40.0343 5464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:19:40.0374 5464 Sym_hi - ok 10:19:40.0421 5464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:19:40.0467 5464 Sym_u3 - ok 10:19:40.0514 5464 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys 10:19:40.0545 5464 SynTP - ok 10:19:40.0655 5464 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 10:19:40.0748 5464 Tcpip - ok 10:19:40.0795 5464 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 10:19:40.0857 5464 Tcpip6 - ok 10:19:40.0920 5464 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:19:41.0013 5464 tcpipreg - ok 10:19:41.0091 5464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:19:41.0169 5464 TDPIPE - ok 10:19:41.0232 5464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:19:41.0325 5464 TDTCP - ok 10:19:41.0435 5464 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:19:41.0513 5464 tdx - ok 10:19:41.0715 5464 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:19:41.0731 5464 TermDD - ok 10:19:41.0871 5464 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:19:41.0981 5464 tssecsrv - ok 10:19:42.0277 5464 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:19:42.0417 5464 tunmp - ok 10:19:42.0480 5464 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:19:42.0542 5464 tunnel - ok 10:19:42.0573 5464 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 10:19:42.0605 5464 uagp35 - ok 10:19:42.0667 5464 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:19:42.0745 5464 udfs - ok 10:19:42.0839 5464 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 10:19:42.0870 5464 uliagpkx - ok 10:19:42.0901 5464 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 10:19:42.0948 5464 uliahci - ok 10:19:42.0979 5464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:19:42.0995 5464 UlSata - ok 10:19:43.0026 5464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:19:43.0073 5464 ulsata2 - ok 10:19:43.0104 5464 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:19:43.0166 5464 umbus - ok 10:19:43.0322 5464 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 10:19:43.0416 5464 USBAAPL - ok 10:19:43.0478 5464 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:19:43.0572 5464 usbccgp - ok 10:19:43.0665 5464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:19:43.0775 5464 usbcir - ok 10:19:43.0821 5464 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:19:43.0915 5464 usbehci - ok 10:19:43.0993 5464 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:19:44.0055 5464 usbhub - ok 10:19:44.0118 5464 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:19:44.0289 5464 usbohci - ok 10:19:44.0399 5464 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:19:44.0461 5464 usbprint - ok 10:19:44.0523 5464 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:19:44.0633 5464 usbscan - ok 10:19:44.0726 5464 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:19:44.0898 5464 USBSTOR - ok 10:19:44.0960 5464 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:19:45.0023 5464 usbuhci - ok 10:19:45.0085 5464 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 10:19:45.0147 5464 usbvideo - ok 10:19:45.0241 5464 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 10:19:45.0303 5464 vga - ok 10:19:45.0475 5464 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:19:45.0553 5464 VgaSave - ok 10:19:45.0834 5464 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 10:19:45.0865 5464 viaagp - ok 10:19:45.0943 5464 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 10:19:46.0037 5464 ViaC7 - ok 10:19:46.0068 5464 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 10:19:46.0099 5464 viaide - ok 10:19:46.0130 5464 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:19:46.0146 5464 volmgr - ok 10:19:46.0224 5464 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:19:46.0271 5464 volmgrx - ok 10:19:46.0380 5464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:19:46.0489 5464 volsnap - ok 10:19:46.0536 5464 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 10:19:46.0567 5464 vsmraid - ok 10:19:46.0707 5464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:19:46.0801 5464 WacomPen - ok 10:19:46.0926 5464 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:19:47.0004 5464 Wanarp - ok 10:19:47.0019 5464 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:19:47.0113 5464 Wanarpv6 - ok 10:19:47.0269 5464 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 10:19:47.0316 5464 Wd - ok 10:19:47.0363 5464 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 10:19:47.0441 5464 Wdf01000 - ok 10:19:47.0581 5464 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:19:47.0675 5464 WmiAcpi - ok 10:19:47.0768 5464 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:19:47.0831 5464 WpdUsb - ok 10:19:47.0877 5464 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:19:47.0955 5464 ws2ifsl - ok 10:19:48.0002 5464 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:19:48.0143 5464 WUDFRd - ok 10:19:48.0205 5464 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:19:48.0283 5464 \Device\Harddisk0\DR0 - ok 10:19:48.0314 5464 Boot (0x1200) (1b8297c60970d8ef2eb784fda74ab34c) \Device\Harddisk0\DR0\Partition0 10:19:48.0314 5464 \Device\Harddisk0\DR0\Partition0 - ok 10:19:48.0314 5464 Boot (0x1200) (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1 10:19:48.0330 5464 \Device\Harddisk0\DR0\Partition1 - ok 10:19:48.0330 5464 ============================================================ 10:19:48.0330 5464 Scan finished 10:19:48.0330 5464 ============================================================ 10:19:48.0345 5288 Detected object count: 1 10:19:48.0345 5288 Actual detected object count: 1 10:50:39.0098 5288 C:\Windows\system32\drivers\Hotkey.sys - copied to quarantine 10:50:39.0114 5288 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Quarantine |
30.09.2011, 10:32 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
30.09.2011, 15:15 | #11 |
| BKA Trojaner So nun hier das ergebniss vom combofix scan: Code:
ATTFilter Combofix Logfile: |
30.09.2011, 17:35 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
01.10.2011, 15:21 | #13 |
| BKA Trojaner so ich hoffe ich hab alles richtig gemacht hier die log datein. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-10-01 12:00:55 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0 Running: p3iiwn4n.exe; Driver: C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA31E7F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA31E7FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA31E8080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA31E811C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 3F1 822EEB74 4 Bytes [3C, 7F, 1E, A3] .text ntkrnlpa.exe!KeSetEvent + 621 822EEDA4 8 Bytes [E4, 7F, 1E, A3, 80, 80, 1E, ...] {IN AL, 0x7f; PUSH DS; MOV [0xa31e8080], EAX} .text ntkrnlpa.exe!KeSetEvent + 681 822EEE04 4 Bytes [1C, 81, 1E, A3] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E006340, 0x3ECA97, 0xE8000020] ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\Anika\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73B97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73BEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73B9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73B8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73B975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73B8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73B9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73B8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73B8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73B871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73C1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73BBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73B8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73B86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73B8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73B92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Google Desktop Search "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@toolbar_eula_launcher C:\Program Files\GoogleEULA\EULALauncher.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@AVG_TRAY "C:\Program Files\AVG\AVG2012\avgtray.exe" Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2011-10-01 05:11:00 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2011-09-30 08:29:24 Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24! 19583823 ---- EOF - GMER 1.0.15 ---- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:12:15 on 01.10.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.0.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys "AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys "AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys "AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys "AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys "AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys "catchme" (catchme) - ? - C:\Users\Anika\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "uwlorpoc" (uwlorpoc) - ? - C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (File not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgse.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgssie.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" "Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-01 12:12:50 ----------------------------- 12:12:50.251 OS Version: Windows 6.0.6002 Service Pack 2 12:12:50.251 Number of processors: 2 586 0xF0D 12:12:50.251 ComputerName: ANIKA-PC UserName: Anika 12:12:52.919 Initialize success 12:14:31.893 AVAST engine defs: 11100100 12:14:48.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 12:14:48.913 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 12:14:49.521 Disk 0 MBR read successfully 12:14:49.521 Disk 0 MBR scan 12:14:49.521 Disk 0 Windows VISTA default MBR code 12:14:49.677 Disk 0 scanning sectors +625137345 12:14:50.442 Disk 0 scanning C:\Windows\system32\drivers 12:16:51.248 Service scanning 12:16:52.683 Modules scanning 12:18:48.155 Disk 0 trace - called modules: 12:18:48.248 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 12:18:48.264 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683eac8] 12:18:48.264 3 CLASSPNP.SYS[8a9a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85530028] 12:18:50.183 AVAST engine scan C:\Windows 12:22:02.967 AVAST engine scan C:\Windows\system32 12:34:40.020 AVAST engine scan C:\Windows\system32\drivers 12:40:47.540 AVAST engine scan C:\Users\Anika 13:54:48.813 AVAST engine scan C:\ProgramData 14:07:29.189 Scan finished successfully 16:19:46.902 Disk 0 MBR has been saved successfully to "C:\Users\Anika\Desktop\MBR.dat" 16:19:46.918 The log file has been saved successfully to "C:\Users\Anika\Desktop\aswMBR.txt" Geändert von cosinus (01.10.2011 um 21:40 Uhr) Grund: Verschachtelte CODE-Tags entfernt |
01.10.2011, 21:39 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Edit: So hab die Verschachtelungen mal entfernt. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
03.10.2011, 14:44 | #15 |
| BKA Trojaner so hier nun die logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7844 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 02.10.2011 16:27:51 mbam-log-2011-10-02 (16-27-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 338039 Laufzeit: 3 Stunde(n), 26 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/02/2011 at 05:14 PM Application Version : 5.0.1128 Core Rules Database Version : 7746 Trace Rules Database Version: 5558 Scan type : Complete Scan Total Scan Time : 04:07:12 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 656 Memory threats detected : 0 Registry items scanned : 38984 Registry threats detected : 0 File items scanned : 202664 File threats detected : 300 Adware.Tracking Cookie C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad.yieldmanager[2].txt [ /ad.yieldmanager ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adcentriconline[1].txt [ /adcentriconline ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adfarm1.adition[2].txt [ /adfarm1.adition ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ads.pointroll[2].txt [ /ads.pointroll ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adtech[1].txt [ /adtech ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@advertising[2].txt [ /advertising ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@atdmt[1].txt [ /atdmt ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bluestreak[1].txt [ /bluestreak ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bs.serving-sys[2].txt [ /bs.serving-sys ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@doubleclick[2].txt [ /doubleclick ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@fastclick[1].txt [ /fastclick ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@mediaplex[1].txt [ /mediaplex ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@msnaccountservices.112.2o7[1].txt [ /msnaccountservices.112.2o7 ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@revsci[2].txt [ /revsci ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@serving-sys[2].txt [ /serving-sys ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@smartadserver[2].txt [ /smartadserver ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tracking.quisma[1].txt [ /tracking.quisma ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tradedoubler[2].txt [ /tradedoubler ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@weborama[1].txt [ /weborama ] C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@zanox[1].txt [ /zanox ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.etracker[2].txt [ Cookie:anika@www.etracker.de/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnportal.112.2o7[1].txt [ Cookie:anika@msnportal.112.2o7.net/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@serving-sys[1].txt [ Cookie:anika@serving-sys.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt[2].txt [ Cookie:anika@atdmt.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@webmasterplan[1].txt [ Cookie:anika@webmasterplan.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adfarm1.adition[1].txt [ Cookie:anika@adfarm1.adition.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@ww251.smartadserver[1].txt [ Cookie:anika@ww251.smartadserver.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@zanox-affiliate[2].txt [ Cookie:anika@zanox-affiliate.de/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.zanox-affiliate[1].txt [ Cookie:anika@www.zanox-affiliate.de/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@admanager.trackset[1].txt [ Cookie:anika@admanager.trackset.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@statse.webtrendslive[2].txt [ Cookie:anika@statse.webtrendslive.com/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adsrv.admediate[1].txt [ Cookie:anika@adsrv.admediate.net/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@de.sitestat[1].txt [ Cookie:anika@de.sitestat.com/idgcom-de/pcwelt/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@2o7[1].txt [ Cookie:anika@2o7.net/ ] C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt.combing[1].txt [ Cookie:anika@atdmt.combing.com/ ] C:\USERS\ANIKA\Cookies\anika@weborama[1].txt [ Cookie:anika@weborama.fr/ ] C:\USERS\ANIKA\Cookies\anika@ad.yieldmanager[2].txt [ Cookie:anika@ad.yieldmanager.com/ ] C:\USERS\ANIKA\Cookies\anika@adcentriconline[1].txt [ Cookie:anika@adcentriconline.com/ ] C:\USERS\ANIKA\Cookies\anika@serving-sys[2].txt [ Cookie:anika@serving-sys.com/ ] C:\USERS\ANIKA\Cookies\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ] C:\USERS\ANIKA\Cookies\anika@atdmt[1].txt [ Cookie:anika@atdmt.com/ ] C:\USERS\ANIKA\Cookies\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ] C:\USERS\ANIKA\Cookies\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ] C:\USERS\ANIKA\Cookies\anika@adfarm1.adition[2].txt [ Cookie:anika@adfarm1.adition.com/ ] C:\USERS\ANIKA\Cookies\anika@vdwp.solution.weborama[2].txt [ Cookie:anika@vdwp.solution.weborama.fr/ ] C:\USERS\ANIKA\Cookies\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ] C:\USERS\ANIKA\Cookies\anika@revsci[2].txt [ Cookie:anika@revsci.net/ ] C:\USERS\ANIKA\Cookies\anika@tracking.quisma[1].txt [ Cookie:anika@tracking.quisma.com/ ] C:\USERS\ANIKA\Cookies\anika@fastclick[1].txt [ Cookie:anika@fastclick.net/ ] C:\USERS\ANIKA\Cookies\anika@ads.pointroll[2].txt [ Cookie:anika@ads.pointroll.com/ ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] apps.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] cdn1.eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] cloud.video.unrulymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] hottraffic.nl [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] hs.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] hzmedia.heyzap.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] imagesrv.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] m1.emea.2mdn.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] macromedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] media.mtvnservices.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] media.scanscout.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] media1.break.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] msntest.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] secure-us.imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] spe.atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] static.plymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] track.webgains.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@APMEBF[1].TXT [ /APMEBF ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ACCOUNT.LIVE[2].TXT [ /ACCOUNT.LIVE ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADVERTISING[1].TXT [ /ADVERTISING ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADS.HEIAS[1].TXT [ /ADS.HEIAS ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADTECH[1].TXT [ /ADTECH ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ] C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ] .de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .msnportal.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .hamburgerabendblatt.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .xiti.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .allesklarcomag.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adopt.euroclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .arcor.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .rambler.ru [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] media.adrevolver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .thomascookag.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .comvelgmbh.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .roitracking.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .divx.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .aolde.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adserver.71i.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .videoegg.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .wissende.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .bluestreak.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] stat.novasol.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .hamburgerabendblattdedev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .estat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] link.mercent.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .perf.overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .guj.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] eas4.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] rts.pgmediaserve.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .cgm.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .hasenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .hansenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .vodafonegroup.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .bwincom.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .nacamar.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] track.effiliation.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.adserver01.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adserver3.openadex.dk [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] tracking.dc-storm.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .agofev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .kontera.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .movitex.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .dmtracker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .thelabelfinder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .randomhouse.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .vinvest.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adserver.qplaygames.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .yieldmanager.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adxpose.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tracking.3gnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .trafficrevenue.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .server.cpmstar.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] dr.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] soundvenueas.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] s01.flagcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ] Trojan.Downloader-Gen/A C:\PROGRAM FILES\DEGENER\VORTEST 7\MEDIA\A.EXE Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-29 06:17:19 # local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 8291 8291 0 0 # compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0 # compatibility_mode=8192 67108863 100 0 131 131 0 0 # scanned=170824 # found=2 # cleaned=0 # scan_time=10845 C:\Users\Anika\Downloads\SoftonicDownloader64308.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe a variant of Win32/Injector.GAW trojan (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-02 03:31:07 # local_time=2011-10-02 05:31:07 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 252462 252462 0 0 # compatibility_mode=5892 16776638 100 100 13724021 155086293 0 0 # compatibility_mode=8192 67108863 100 0 244302 244302 0 0 # scanned=167447 # found=1 # cleaned=0 # scan_time=15902 C:\Users\Anika\Downloads\SoftonicDownloader64308.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I |
Themen zu BKA Trojaner |
antivir, autorun, avira, bho, bonjour, conduit, converter, desktop, error, excel, firefox, flash player, geld, google, google chrome, home, hotkey.sys, install.exe, launch, logfile, microsoft office word, mp3, nvlddmkm.sys, office 2007, plug-in, realtek, recover, registry, rundll, scan, sched.exe, security, security update, shell32.dll, software, trojane, trojaner, usb, usb 2.0, version=1.0, vista |