| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook-Virus (screensaver)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2011, 20:24
| #1 | |||||||
 |  Facebook-Virus (screensaver) Hallo zusammen, leider war ich auch so naiv und habe mir den Facebook-Bildschirmschonervirus (den genauen Dateinamen weiß ich leider nicht mehr) am Wochenende eingefangen. Da ich leider nicht so Richtig weiter weiß, hab ich mich hier angemeldet und hoffe, dass man mir helfen kann... Das habe ich bisher schon gemacht - mich über meine eigene Dummheit geärgert - am Sa einen Quick-Scan mit Malewarbytes gemacht - am Sa einen Scan mit ESET gemacht - gestern Abend noch einen Quick-Scan mit Malewarebytes gemacht (hatte aber vorher nicht upgedatet) - während dieses Quick-Scans meldete mein Avira Funde - anschließend habe ich einen Vollscan mit Malewarebytes und Avira durchgeführt - gerade habe ich nochmal einen Scan mit ESET gemacht Hier die Logs: Malewarebytes Sa: Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
|
|
21.10.2011, 13:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebook-Virus (screensaver) CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
21.10.2011, 15:36
| #3 |
| | Facebook-Virus (screensaver) Vielen Dank!
__________________Hier der Inhalt der OTL.txt: Code:
ATTFilter OTL logfile created on: 10/21/2011 4:17:14 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Korbi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.08% Memory free 7.73 Gb Paging File | 6.23 Gb Available in Paging File | 80.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65.00 Gb Total Space | 15.04 Gb Free Space | 23.13% Space Free | Partition Type: NTFS Drive D: | 398.76 Gb Total Space | 395.90 Gb Free Space | 99.28% Space Free | Partition Type: NTFS Drive F: | 1.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: KORBI-PC | User Name: Korbi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Korbi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\ceb238ccdff3bd6383c8193f02e72c7f\log4net.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\9afcaaf58168b7eea2fb8a49799368c5\DeskUpdateNotifier.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc) SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV:64bit: - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe (Fujitsu Technology Solutions) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: d:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: d:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 19:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/07 20:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korbi\AppData\Roaming\mozilla\Extensions [2011/10/01 19:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Korbi\AppData\Roaming\mozilla\Firefox\Profiles\j06iwqcg.default\extensions [2011/07/17 22:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/07/17 22:31:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/10/01 19:47:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" File not found O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Korbi\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Korbi\Desktop\PartyPoker.lnk () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DB0F48-DDFE-4F46-A74F-1B2FA5751587}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59629462-8365-496A-97DE-5C61C2AF78F4}: NameServer = 195.50.140.182 195.50.140.114 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/07/24 18:09:32 | 000,094,208 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004/09/07 23:00:56 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/10/21 16:15:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Korbi\Desktop\OTL.exe [2011/10/20 20:03:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Korbi\Desktop\esetsmartinstaller_enu.exe [2011/10/15 23:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/10/15 22:13:43 | 000,000,000 | ---D | C] -- C:\Users\Korbi\AppData\Roaming\Malwarebytes [2011/10/15 22:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/15 22:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/15 22:13:09 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/10/15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/10/15 18:20:54 | 000,000,000 | ---D | C] -- C:\Users\Korbi\AppData\Roaming\Avira [2011/10/15 18:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/10/15 18:20:35 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/10/15 18:20:35 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/10/15 18:20:35 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/10/15 18:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/10/15 18:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/10/15 12:55:26 | 000,000,000 | ---D | C] -- C:\Users\Korbi\AppData\Local\CrashDumps [2011/10/15 12:00:03 | 000,000,000 | RHSD | C] -- C:\Users\Korbi\M-1-52-5782-8752-5245 [2011/10/01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Korbi\Documents\JUK ========== Files - Modified Within 30 Days ========== [2011/10/21 16:17:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/21 16:17:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/21 16:15:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Korbi\Desktop\OTL.exe [2011/10/21 16:09:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/21 16:09:25 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys [2011/10/21 05:52:56 | 000,019,204 | ---- | M] () -- C:\Users\Korbi\Documents\2011-10-21.hrf [2011/10/20 20:03:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Korbi\Desktop\esetsmartinstaller_enu.exe [2011/10/19 20:34:01 | 000,019,201 | ---- | M] () -- C:\Users\Korbi\Documents\2011-10-19.hrf [2011/10/15 18:20:42 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/10/15 17:46:40 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/10/15 17:46:40 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/10/15 17:46:40 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/10/15 17:46:40 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/10/15 17:46:39 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/10/14 18:11:36 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/10/14 13:45:38 | 000,019,355 | ---- | M] () -- C:\Users\Korbi\Documents\2011-10-14.hrf [2011/10/11 15:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/10/11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/10/09 10:13:23 | 000,017,408 | ---- | M] () -- C:\Users\Korbi\AppData\Local\WebpageIcons.db [2011/10/08 15:26:56 | 000,019,383 | ---- | M] () -- C:\Users\Korbi\Documents\2011-10-08.hrf [2011/09/30 09:44:42 | 000,019,846 | ---- | M] () -- C:\Users\Korbi\Documents\2011-09-30.hrf [2011/09/23 08:06:16 | 000,019,844 | ---- | M] () -- C:\Users\Korbi\Documents\2011-09-23.hrf ========== Files Created - No Company Name ========== [2011/10/21 05:52:56 | 000,019,204 | ---- | C] () -- C:\Users\Korbi\Documents\2011-10-21.hrf [2011/10/19 20:34:01 | 000,019,201 | ---- | C] () -- C:\Users\Korbi\Documents\2011-10-19.hrf [2011/10/15 18:20:42 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/10/14 13:38:49 | 000,019,355 | ---- | C] () -- C:\Users\Korbi\Documents\2011-10-14.hrf [2011/10/08 15:26:56 | 000,019,383 | ---- | C] () -- C:\Users\Korbi\Documents\2011-10-08.hrf [2011/09/30 09:37:28 | 000,019,846 | ---- | C] () -- C:\Users\Korbi\Documents\2011-09-30.hrf [2011/09/23 07:53:28 | 000,019,844 | ---- | C] () -- C:\Users\Korbi\Documents\2011-09-23.hrf [2011/08/25 21:36:30 | 000,017,408 | ---- | C] () -- C:\Users\Korbi\AppData\Local\WebpageIcons.db [2011/07/17 23:53:07 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/08 04:54:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/06/08 13:36:34 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009/07/30 13:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/09/19 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Canneverbe Limited [2011/10/21 06:21:57 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\SoftGrid Client [2011/07/20 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Tific [2011/07/17 23:53:56 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\TP [2011/09/19 17:58:34 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/07/13 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Adobe [2011/07/07 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\ATI [2011/10/15 18:20:54 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Avira [2011/09/19 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Canneverbe Limited [2011/07/07 20:18:25 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Identities [2011/07/07 20:31:15 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Macromedia [2011/10/15 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Malwarebytes [2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Media Center Programs [2011/10/20 20:00:37 | 000,000,000 | --SD | M] -- C:\Users\Korbi\AppData\Roaming\Microsoft [2011/07/07 20:28:53 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Mozilla [2011/07/13 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Mozilla-Cache [2011/10/21 06:21:57 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\SoftGrid Client [2011/07/20 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\Tific [2011/07/17 23:53:56 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\TP [2011/08/15 21:16:19 | 000,000,000 | ---D | M] -- C:\Users\Korbi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Fujitsu\Driver Pool\7\iaStor.sys [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\drivers\iaStor.sys [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b2da0d5f1235b4d6\iaStor.sys [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_1170b46175ba2765\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/06/08 13:36:09 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011/06/08 13:36:09 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/06/08 13:36:09 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/06/08 13:36:09 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/06/03 04:52:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/06/03 04:52:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
22.10.2011, 15:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/24 18:09:32 | 000,094,208 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/09/07 23:00:56 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.10.2011, 16:29
| #5 |
| | Facebook-Virus (screensaver) Ich habe den OTL-Fix durchgeführt, hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Journal
User: Korbi
->Temp folder emptied: 4492682 bytes
->Temporary Internet Files folder emptied: 443269559 bytes
->Java cache emptied: 290161 bytes
->FireFox cache emptied: 691881643 bytes
->Flash cache emptied: 1403 bytes
User: Oma
->Temp folder emptied: 2980717 bytes
->Temporary Internet Files folder emptied: 1348274 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42876970 bytes
->Flash cache emptied: 470 bytes
User: Public
User: RegBack
User: systemprofile
User: TxR
User: Wombat
->Temp folder emptied: 1172594 bytes
->Temporary Internet Files folder emptied: 392537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43238819 bytes
->Flash cache emptied: 470 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170004588 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,337.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10222011_172039
Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File\Folder C:\Users\Korbi\AppData\Local\Temp\2011-08-30-1177605853_04-RG.PDF not found!
C:\Users\Korbi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
22.10.2011, 16:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Facebook-Virus (screensaver) |
|
22.10.2011, 17:09
| #7 |
| | Facebook-Virus (screensaver) Danke! Hier der Report: Code:
ATTFilter 18:05:52.0429 3312 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
18:05:52.0569 3312 ============================================================
18:05:52.0569 3312 Current date / time: 2011/10/22 18:05:52.0569
18:05:52.0569 3312 SystemInfo:
18:05:52.0569 3312
18:05:52.0569 3312 OS Version: 6.1.7601 ServicePack: 1.0
18:05:52.0569 3312 Product type: Workstation
18:05:52.0569 3312 ComputerName: KORBI-PC
18:05:52.0569 3312 UserName: Korbi
18:05:52.0569 3312 Windows directory: C:\Windows
18:05:52.0569 3312 System windows directory: C:\Windows
18:05:52.0569 3312 Running under WOW64
18:05:52.0569 3312 Processor architecture: Intel x64
18:05:52.0569 3312 Number of processors: 4
18:05:52.0569 3312 Page size: 0x1000
18:05:52.0569 3312 Boot type: Normal boot
18:05:52.0569 3312 ============================================================
18:05:53.0177 3312 Initialize success
18:06:09.0479 4608 ============================================================
18:06:09.0479 4608 Scan started
18:06:09.0479 4608 Mode: Manual; SigCheck; TDLFS;
18:06:09.0479 4608 ============================================================
18:06:10.0135 4608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:06:10.0275 4608 1394ohci - ok
18:06:10.0384 4608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:06:10.0415 4608 ACPI - ok
18:06:10.0509 4608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:06:10.0603 4608 AcpiPmi - ok
18:06:10.0727 4608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:06:10.0759 4608 adp94xx - ok
18:06:10.0805 4608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:06:10.0837 4608 adpahci - ok
18:06:10.0883 4608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:06:10.0915 4608 adpu320 - ok
18:06:11.0008 4608 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:06:11.0086 4608 AFD - ok
18:06:11.0180 4608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:06:11.0211 4608 agp440 - ok
18:06:11.0273 4608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:06:11.0289 4608 aliide - ok
18:06:11.0383 4608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:06:11.0398 4608 amdide - ok
18:06:11.0445 4608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:06:11.0523 4608 AmdK8 - ok
18:06:11.0757 4608 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
18:06:12.0147 4608 amdkmdag - ok
18:06:12.0241 4608 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
18:06:12.0272 4608 amdkmdap - ok
18:06:12.0350 4608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:06:12.0412 4608 AmdPPM - ok
18:06:12.0506 4608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:06:12.0537 4608 amdsata - ok
18:06:12.0584 4608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:06:12.0615 4608 amdsbs - ok
18:06:12.0693 4608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:06:12.0709 4608 amdxata - ok
18:06:12.0880 4608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:06:13.0099 4608 AppID - ok
18:06:13.0192 4608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:06:13.0223 4608 arc - ok
18:06:13.0270 4608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:06:13.0301 4608 arcsas - ok
18:06:13.0348 4608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:13.0489 4608 AsyncMac - ok
18:06:13.0598 4608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:06:13.0629 4608 atapi - ok
18:06:13.0723 4608 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
18:06:13.0879 4608 athr - ok
18:06:13.0988 4608 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
18:06:14.0050 4608 AtiHDAudioService - ok
18:06:14.0191 4608 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:06:14.0206 4608 AtiPcie - ok
18:06:14.0331 4608 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:06:14.0347 4608 avgntflt - ok
18:06:14.0378 4608 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
18:06:14.0393 4608 avipbb - ok
18:06:14.0440 4608 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:06:14.0456 4608 avkmgr - ok
18:06:14.0596 4608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:06:14.0674 4608 b06bdrv - ok
18:06:14.0783 4608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:06:14.0846 4608 b57nd60a - ok
18:06:14.0955 4608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:06:15.0017 4608 Beep - ok
18:06:15.0095 4608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:06:15.0158 4608 blbdrive - ok
18:06:15.0251 4608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:06:15.0314 4608 bowser - ok
18:06:15.0392 4608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:06:15.0470 4608 BrFiltLo - ok
18:06:15.0579 4608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:06:15.0610 4608 BrFiltUp - ok
18:06:15.0719 4608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:06:15.0782 4608 Brserid - ok
18:06:15.0891 4608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:06:15.0938 4608 BrSerWdm - ok
18:06:16.0000 4608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:06:16.0047 4608 BrUsbMdm - ok
18:06:16.0094 4608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:06:16.0125 4608 BrUsbSer - ok
18:06:16.0234 4608 BthAvrcp (a47f2fb394cad4a03878ee5c1670ffa1) C:\Windows\system32\DRIVERS\BthAvrcp.sys
18:06:16.0265 4608 BthAvrcp - ok
18:06:16.0375 4608 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:06:16.0421 4608 BthEnum - ok
18:06:16.0531 4608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:06:16.0593 4608 BTHMODEM - ok
18:06:16.0687 4608 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:06:16.0733 4608 BthPan - ok
18:06:16.0858 4608 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:06:16.0921 4608 BTHPORT - ok
18:06:17.0030 4608 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:06:17.0077 4608 BTHUSB - ok
18:06:17.0108 4608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:06:17.0186 4608 cdfs - ok
18:06:17.0295 4608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:06:17.0357 4608 cdrom - ok
18:06:17.0467 4608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:06:17.0529 4608 circlass - ok
18:06:17.0623 4608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:06:17.0654 4608 CLFS - ok
18:06:17.0716 4608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:06:17.0747 4608 CmBatt - ok
18:06:17.0794 4608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:06:17.0810 4608 cmdide - ok
18:06:17.0919 4608 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:06:17.0966 4608 CNG - ok
18:06:18.0091 4608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:06:18.0106 4608 Compbatt - ok
18:06:18.0200 4608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:06:18.0262 4608 CompositeBus - ok
18:06:18.0356 4608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:06:18.0387 4608 crcdisk - ok
18:06:18.0559 4608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:06:18.0621 4608 DfsC - ok
18:06:18.0730 4608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:06:18.0808 4608 discache - ok
18:06:18.0902 4608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:06:18.0933 4608 Disk - ok
18:06:18.0980 4608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:06:19.0042 4608 drmkaud - ok
18:06:19.0167 4608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:06:19.0214 4608 DXGKrnl - ok
18:06:19.0307 4608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:06:19.0463 4608 ebdrv - ok
18:06:19.0588 4608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:06:19.0619 4608 elxstor - ok
18:06:19.0666 4608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:06:19.0713 4608 ErrDev - ok
18:06:19.0807 4608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:06:19.0885 4608 exfat - ok
18:06:19.0978 4608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:06:20.0056 4608 fastfat - ok
18:06:20.0150 4608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:06:20.0212 4608 fdc - ok
18:06:20.0321 4608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:06:20.0337 4608 FileInfo - ok
18:06:20.0368 4608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:06:20.0415 4608 Filetrace - ok
18:06:20.0462 4608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:06:20.0493 4608 flpydisk - ok
18:06:20.0540 4608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:06:20.0571 4608 FltMgr - ok
18:06:20.0665 4608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:06:20.0680 4608 FsDepends - ok
18:06:20.0711 4608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:06:20.0743 4608 Fs_Rec - ok
18:06:20.0821 4608 FUJ02B1 (ba0c1ffda496d8bcbcac63f8d98d20e3) C:\Windows\system32\DRIVERS\FUJ02B1.sys
18:06:20.0852 4608 FUJ02B1 - ok
18:06:20.0883 4608 FUJ02E3 (7135030cbf87d724b6037bb023923730) C:\Windows\system32\DRIVERS\FUJ02E3.sys
18:06:20.0945 4608 FUJ02E3 - ok
18:06:21.0023 4608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:06:21.0070 4608 fvevol - ok
18:06:21.0101 4608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:06:21.0133 4608 gagp30kx - ok
18:06:21.0148 4608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:06:21.0211 4608 hcw85cir - ok
18:06:21.0335 4608 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:06:21.0382 4608 HdAudAddService - ok
18:06:21.0476 4608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:06:21.0507 4608 HDAudBus - ok
18:06:21.0554 4608 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:06:21.0569 4608 HECIx64 - ok
18:06:21.0601 4608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:06:21.0647 4608 HidBatt - ok
18:06:21.0741 4608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:06:21.0803 4608 HidBth - ok
18:06:21.0897 4608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:06:21.0944 4608 HidIr - ok
18:06:22.0069 4608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:06:22.0115 4608 HidUsb - ok
18:06:22.0225 4608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:06:22.0256 4608 HpSAMD - ok
18:06:22.0318 4608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:06:22.0427 4608 HTTP - ok
18:06:22.0521 4608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:06:22.0537 4608 hwpolicy - ok
18:06:22.0599 4608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:06:22.0630 4608 i8042prt - ok
18:06:22.0677 4608 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
18:06:22.0693 4608 iaStor - ok
18:06:22.0739 4608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:06:22.0755 4608 iaStorV - ok
18:06:22.0973 4608 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:06:23.0254 4608 igfx - ok
18:06:23.0348 4608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:06:23.0379 4608 iirsp - ok
18:06:23.0410 4608 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
18:06:23.0457 4608 Impcd - ok
18:06:23.0597 4608 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
18:06:23.0644 4608 IntcAzAudAddService - ok
18:06:23.0691 4608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:06:23.0707 4608 intelide - ok
18:06:23.0738 4608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:06:23.0769 4608 intelppm - ok
18:06:23.0894 4608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:23.0956 4608 IpFilterDriver - ok
18:06:24.0003 4608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:06:24.0034 4608 IPMIDRV - ok
18:06:24.0143 4608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:06:24.0206 4608 IPNAT - ok
18:06:24.0284 4608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:06:24.0331 4608 IRENUM - ok
18:06:24.0393 4608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:06:24.0409 4608 isapnp - ok
18:06:24.0455 4608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:06:24.0487 4608 iScsiPrt - ok
18:06:24.0549 4608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:06:24.0565 4608 kbdclass - ok
18:06:24.0643 4608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:06:24.0674 4608 kbdhid - ok
18:06:24.0783 4608 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:06:24.0799 4608 KSecDD - ok
18:06:24.0845 4608 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:06:24.0877 4608 KSecPkg - ok
18:06:24.0908 4608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:06:24.0955 4608 ksthunk - ok
18:06:25.0079 4608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:06:25.0142 4608 lltdio - ok
18:06:25.0282 4608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:06:25.0298 4608 LSI_FC - ok
18:06:25.0329 4608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:06:25.0345 4608 LSI_SAS - ok
18:06:25.0391 4608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:06:25.0407 4608 LSI_SAS2 - ok
18:06:25.0501 4608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:06:25.0516 4608 LSI_SCSI - ok
18:06:25.0547 4608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:06:25.0610 4608 luafv - ok
18:06:25.0719 4608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:06:25.0735 4608 megasas - ok
18:06:25.0797 4608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:06:25.0828 4608 MegaSR - ok
18:06:25.0859 4608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:06:25.0953 4608 Modem - ok
18:06:26.0062 4608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:06:26.0093 4608 monitor - ok
18:06:26.0218 4608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:06:26.0234 4608 mouclass - ok
18:06:26.0343 4608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:06:26.0374 4608 mouhid - ok
18:06:26.0483 4608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:06:26.0515 4608 mountmgr - ok
18:06:26.0561 4608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:06:26.0577 4608 mpio - ok
18:06:26.0608 4608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:06:26.0655 4608 mpsdrv - ok
18:06:26.0686 4608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:06:26.0795 4608 MRxDAV - ok
18:06:26.0889 4608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:26.0951 4608 mrxsmb - ok
18:06:27.0045 4608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:27.0092 4608 mrxsmb10 - ok
18:06:27.0139 4608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:27.0185 4608 mrxsmb20 - ok
18:06:27.0295 4608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:06:27.0310 4608 msahci - ok
18:06:27.0357 4608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:06:27.0388 4608 msdsm - ok
18:06:27.0482 4608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:06:27.0529 4608 Msfs - ok
18:06:27.0560 4608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:06:27.0622 4608 mshidkmdf - ok
18:06:27.0716 4608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:06:27.0731 4608 msisadrv - ok
18:06:27.0841 4608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:06:27.0919 4608 MSKSSRV - ok
18:06:27.0934 4608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:27.0997 4608 MSPCLOCK - ok
18:06:28.0090 4608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:06:28.0153 4608 MSPQM - ok
18:06:28.0199 4608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:06:28.0231 4608 MsRPC - ok
18:06:28.0277 4608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:06:28.0293 4608 mssmbios - ok
18:06:28.0371 4608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:06:28.0433 4608 MSTEE - ok
18:06:28.0465 4608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:06:28.0511 4608 MTConfig - ok
18:06:28.0605 4608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:06:28.0636 4608 Mup - ok
18:06:28.0745 4608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:06:28.0792 4608 NativeWifiP - ok
18:06:28.0870 4608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:06:28.0917 4608 NDIS - ok
18:06:28.0964 4608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:06:29.0042 4608 NdisCap - ok
18:06:29.0151 4608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:29.0213 4608 NdisTapi - ok
18:06:29.0260 4608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:29.0307 4608 Ndisuio - ok
18:06:29.0416 4608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:29.0494 4608 NdisWan - ok
18:06:29.0588 4608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:06:29.0666 4608 NDProxy - ok
18:06:29.0713 4608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:06:29.0791 4608 NetBIOS - ok
18:06:29.0884 4608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:06:29.0962 4608 NetBT - ok
18:06:30.0071 4608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:06:30.0087 4608 nfrd960 - ok
18:06:30.0134 4608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:06:30.0227 4608 Npfs - ok
18:06:30.0321 4608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:06:30.0399 4608 nsiproxy - ok
18:06:30.0461 4608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:06:30.0571 4608 Ntfs - ok
18:06:30.0664 4608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:06:30.0742 4608 Null - ok
18:06:30.0851 4608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:06:30.0867 4608 nvraid - ok
18:06:30.0914 4608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:06:30.0945 4608 nvstor - ok
18:06:30.0992 4608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:06:31.0007 4608 nv_agp - ok
18:06:31.0054 4608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:06:31.0101 4608 ohci1394 - ok
18:06:31.0226 4608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:06:31.0257 4608 Parport - ok
18:06:31.0288 4608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:06:31.0304 4608 partmgr - ok
18:06:31.0351 4608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:06:31.0382 4608 pci - ok
18:06:31.0429 4608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:06:31.0444 4608 pciide - ok
18:06:31.0475 4608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:06:31.0491 4608 pcmcia - ok
18:06:31.0522 4608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:06:31.0538 4608 pcw - ok
18:06:31.0569 4608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:06:31.0647 4608 PEAUTH - ok
18:06:31.0787 4608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:06:31.0850 4608 PptpMiniport - ok
18:06:31.0897 4608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:06:31.0912 4608 Processor - ok
18:06:32.0021 4608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:06:32.0099 4608 Psched - ok
18:06:32.0162 4608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:06:32.0271 4608 ql2300 - ok
18:06:32.0349 4608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:06:32.0380 4608 ql40xx - ok
18:06:32.0411 4608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:06:32.0458 4608 QWAVEdrv - ok
18:06:32.0552 4608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:06:32.0614 4608 RasAcd - ok
18:06:32.0723 4608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:06:32.0801 4608 RasAgileVpn - ok
18:06:32.0833 4608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:32.0911 4608 Rasl2tp - ok
18:06:33.0004 4608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:33.0067 4608 RasPppoe - ok
18:06:33.0145 4608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:06:33.0223 4608 RasSstp - ok
18:06:33.0269 4608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:06:33.0347 4608 rdbss - ok
18:06:33.0441 4608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:06:33.0488 4608 rdpbus - ok
18:06:33.0581 4608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:33.0628 4608 RDPCDD - ok
18:06:33.0659 4608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:06:33.0706 4608 RDPENCDD - ok
18:06:33.0800 4608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:06:33.0847 4608 RDPREFMP - ok
18:06:33.0878 4608 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:06:33.0925 4608 RDPWD - ok
18:06:34.0034 4608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:06:34.0065 4608 rdyboost - ok
18:06:34.0159 4608 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:06:34.0190 4608 RFCOMM - ok
18:06:34.0221 4608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:06:34.0283 4608 rspndr - ok
18:06:34.0299 4608 RSUSBSTOR - ok
18:06:34.0361 4608 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:06:34.0377 4608 RTL8167 - ok
18:06:34.0393 4608 RtsUIR - ok
18:06:34.0439 4608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:06:34.0455 4608 sbp2port - ok
18:06:34.0502 4608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:06:34.0580 4608 scfilter - ok
18:06:34.0673 4608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:06:34.0736 4608 secdrv - ok
18:06:34.0829 4608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:06:34.0845 4608 Serenum - ok
18:06:34.0939 4608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:06:34.0970 4608 Serial - ok
18:06:35.0063 4608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:06:35.0095 4608 sermouse - ok
18:06:35.0141 4608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:06:35.0188 4608 sffdisk - ok
18:06:35.0251 4608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:06:35.0282 4608 sffp_mmc - ok
18:06:35.0329 4608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:06:35.0375 4608 sffp_sd - ok
18:06:35.0453 4608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:35.0485 4608 sfloppy - ok
18:06:35.0578 4608 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:06:35.0609 4608 Sftfs - ok
18:06:35.0656 4608 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:06:35.0687 4608 Sftplay - ok
18:06:35.0750 4608 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:06:35.0765 4608 Sftredir - ok
18:06:35.0797 4608 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:06:35.0812 4608 Sftvol - ok
18:06:35.0906 4608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:06:35.0921 4608 SiSRaid2 - ok
18:06:35.0968 4608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:06:35.0984 4608 SiSRaid4 - ok
18:06:36.0062 4608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:06:36.0124 4608 Smb - ok
18:06:36.0218 4608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:06:36.0233 4608 spldr - ok
18:06:36.0280 4608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:06:36.0327 4608 srv - ok
18:06:36.0452 4608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:06:36.0514 4608 srv2 - ok
18:06:36.0623 4608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:06:36.0655 4608 srvnet - ok
18:06:36.0748 4608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:06:36.0779 4608 stexstor - ok
18:06:36.0826 4608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:06:36.0842 4608 swenum - ok
18:06:36.0951 4608 SynTP (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
18:06:36.0967 4608 SynTP - ok
18:06:37.0107 4608 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
18:06:37.0279 4608 Tcpip - ok
18:06:37.0419 4608 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
18:06:37.0450 4608 TCPIP6 - ok
18:06:37.0497 4608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:06:37.0575 4608 tcpipreg - ok
18:06:37.0606 4608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:06:37.0669 4608 TDPIPE - ok
18:06:37.0669 4608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:06:37.0731 4608 TDTCP - ok
18:06:37.0793 4608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:06:37.0840 4608 tdx - ok
18:06:37.0871 4608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:06:37.0903 4608 TermDD - ok
18:06:38.0043 4608 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
18:06:38.0074 4608 TPM - ok
18:06:38.0105 4608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:38.0183 4608 tssecsrv - ok
18:06:38.0308 4608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:06:38.0371 4608 TsUsbFlt - ok
18:06:38.0480 4608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:06:38.0542 4608 tunnel - ok
18:06:38.0636 4608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:06:38.0667 4608 uagp35 - ok
18:06:38.0698 4608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:06:38.0776 4608 udfs - ok
18:06:38.0886 4608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:06:38.0901 4608 uliagpkx - ok
18:06:38.0932 4608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:06:38.0979 4608 umbus - ok
18:06:39.0057 4608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:06:39.0088 4608 UmPass - ok
18:06:39.0166 4608 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:39.0213 4608 usbccgp - ok
18:06:39.0213 4608 USBCCID - ok
18:06:39.0260 4608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:06:39.0307 4608 usbcir - ok
18:06:39.0400 4608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:06:39.0432 4608 usbehci - ok
18:06:39.0478 4608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:06:39.0525 4608 usbhub - ok
18:06:39.0619 4608 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:06:39.0650 4608 usbohci - ok
18:06:39.0681 4608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:06:39.0728 4608 usbprint - ok
18:06:39.0822 4608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:39.0884 4608 USBSTOR - ok
18:06:39.0962 4608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:06:39.0978 4608 usbuhci - ok
18:06:40.0024 4608 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:06:40.0071 4608 usbvideo - ok
18:06:40.0196 4608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:06:40.0196 4608 vdrvroot - ok
18:06:40.0258 4608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:40.0274 4608 vga - ok
18:06:40.0290 4608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:06:40.0352 4608 VgaSave - ok
18:06:40.0383 4608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:06:40.0399 4608 vhdmp - ok
18:06:40.0492 4608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:06:40.0524 4608 viaide - ok
18:06:40.0555 4608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:06:40.0570 4608 volmgr - ok
18:06:40.0633 4608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:06:40.0664 4608 volmgrx - ok
18:06:40.0711 4608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:06:40.0726 4608 volsnap - ok
18:06:40.0804 4608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:06:40.0820 4608 vsmraid - ok
18:06:40.0867 4608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:06:40.0898 4608 vwifibus - ok
18:06:40.0929 4608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:06:40.0976 4608 vwififlt - ok
18:06:41.0070 4608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:06:41.0101 4608 WacomPen - ok
18:06:41.0148 4608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:41.0210 4608 WANARP - ok
18:06:41.0226 4608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:41.0257 4608 Wanarpv6 - ok
18:06:41.0335 4608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:06:41.0350 4608 Wd - ok
18:06:41.0397 4608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:06:41.0460 4608 Wdf01000 - ok
18:06:41.0569 4608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:06:41.0647 4608 WfpLwf - ok
18:06:41.0756 4608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:06:41.0772 4608 WIMMount - ok
18:06:41.0834 4608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:06:41.0865 4608 WmiAcpi - ok
18:06:41.0974 4608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:06:42.0037 4608 ws2ifsl - ok
18:06:42.0084 4608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:06:42.0130 4608 WudfPf - ok
18:06:42.0240 4608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:42.0318 4608 WUDFRd - ok
18:06:42.0364 4608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:06:42.0552 4608 \Device\Harddisk0\DR0 - ok
18:06:42.0598 4608 Boot (0x1200) (b3aa6432a38aae00fdf3ee97120d3cff) \Device\Harddisk0\DR0\Partition0
18:06:42.0598 4608 \Device\Harddisk0\DR0\Partition0 - ok
18:06:42.0630 4608 Boot (0x1200) (fb65249884451d10f25ecd02c52f9100) \Device\Harddisk0\DR0\Partition1
18:06:42.0630 4608 \Device\Harddisk0\DR0\Partition1 - ok
18:06:42.0630 4608 ============================================================
18:06:42.0630 4608 Scan finished
18:06:42.0630 4608 ============================================================
18:06:42.0645 2572 Detected object count: 0
18:06:42.0645 2572 Actual detected object count: 0
|
|
22.10.2011, 17:53
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2011, 18:40
| #9 |
| | Facebook-Virus (screensaver) Hier das log von Combofix. Sollte ich heute im Lotto gewinne, muss ich Dir wohl ein paar Millionen überlassen Code:
ATTFilter ComboFix 11-10-21.06 - Korbi 22.10.2011 19:22:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2811 [GMT 2:00]
ausgeführt von:: c:\users\Korbi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-22 bis 2011-10-22 ))))))))))))))))))))))))))))))
.
.
2011-10-22 15:20 . 2011-10-22 15:20 -------- d-----w- C:\_OTL
2011-10-21 14:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BA420A3-89D4-41E2-8099-E7CF0C639B7B}\mpengine.dll
2011-10-15 21:28 . 2011-10-15 21:28 -------- d-----w- c:\program files (x86)\ESET
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\users\Korbi\AppData\Roaming\Malwarebytes
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 20:13 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\users\Korbi\AppData\Roaming\Avira
2011-10-15 16:20 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 16:20 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 16:20 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\programdata\Avira
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\program files (x86)\Avira
2011-10-15 10:55 . 2011-10-15 20:14 -------- d-----w- c:\users\Korbi\AppData\Local\CrashDumps
2011-10-15 10:00 . 2011-10-15 20:22 -------- d-sh--r- c:\users\Korbi\M-1-52-5782-8752-5245
2011-10-12 17:56 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 17:56 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 17:56 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 17:56 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 17:56 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 17:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 17:56 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 07:47 . 2011-07-07 18:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 20:02 . 2011-07-30 20:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-30 20:02 . 2011-07-30 20:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-07-30 20:02 . 2011-07-30 20:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-07-30 20:02 . 2011-07-30 20:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-30 20:02 . 2011-07-30 20:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-07-30 20:02 . 2011-07-30 20:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-07-30 20:02 . 2011-07-30 20:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-07-30 20:02 . 2011-07-30 20:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-30 20:02 . 2011-07-30 20:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-07-30 20:02 . 2011-07-30 20:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-07-30 20:02 . 2011-07-30 20:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-07-30 20:02 . 2011-07-30 20:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-30 20:02 . 2011-07-30 20:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-07-30 20:02 . 2011-07-30 20:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-30 20:02 . 2011-07-30 20:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-30 20:02 . 2011-07-30 20:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-30 20:02 . 2011-07-30 20:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-30 20:02 . 2011-07-30 20:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-30 20:02 . 2011-07-30 20:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-30 20:02 . 2011-07-30 20:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-30 20:02 . 2011-07-30 20:02 448512 ----a-w- c:\windows\system32\html.iec
2011-07-30 20:02 . 2011-07-30 20:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-30 20:02 . 2011-07-30 20:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-07-30 20:02 . 2011-07-30 20:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-30 20:02 . 2011-07-30 20:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-30 20:02 . 2011-07-30 20:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-30 20:02 . 2011-07-30 20:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-30 20:02 . 2011-07-30 20:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-07-30 20:02 . 2011-07-30 20:02 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-30 20:02 . 2011-07-30 20:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-30 20:02 . 2011-07-30 20:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-30 20:02 . 2011-07-30 20:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-30 20:02 . 2011-07-30 20:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-07-30 20:02 . 2011-07-30 20:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-30 20:02 . 2011-07-30 20:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-30 20:02 . 2011-07-30 20:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-07-30 19:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-30 19:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-07 98304]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Wombat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 02693641
*Deregistered* - 02693641
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: Interfaces\{59629462-8365-496A-97DE-5C61C2AF78F4}: NameServer = 195.50.140.182 195.50.140.114
FF - ProfilePath - c:\users\Korbi\AppData\Roaming\Mozilla\Firefox\Profiles\j06iwqcg.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-BthSyncServ - c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-22 19:30:50
ComboFix-quarantined-files.txt 2011-10-22 17:30
.
Vor Suchlauf: 10 Verzeichnis(se), 19.201.921.024 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 19.166.916.608 Bytes frei
.
- - End Of File - - FA0F2426CA506D24089F64F6ECD87272
|
|
23.10.2011, 18:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Korbi\M-1-52-5782-8752-5245
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2011, 18:45
| #11 |
| | Facebook-Virus (screensaver) Ok. Hier das Log: Code:
ATTFilter ComboFix 11-10-23.01 - Korbi 23.10.2011 19:33:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2632 [GMT 2:00]
ausgeführt von:: c:\users\Korbi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Korbi\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Korbi\M-1-52-5782-8752-5245
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-23 bis 2011-10-23 ))))))))))))))))))))))))))))))
.
.
2011-10-23 17:36 . 2011-10-23 17:36 -------- d-----w- c:\users\Wombat\AppData\Local\temp
2011-10-23 17:36 . 2011-10-23 17:36 -------- d-----w- c:\users\Oma\AppData\Local\temp
2011-10-23 17:36 . 2011-10-23 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-22 15:20 . 2011-10-22 15:20 -------- d-----w- C:\_OTL
2011-10-21 14:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BA420A3-89D4-41E2-8099-E7CF0C639B7B}\mpengine.dll
2011-10-15 21:28 . 2011-10-15 21:28 -------- d-----w- c:\program files (x86)\ESET
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\users\Korbi\AppData\Roaming\Malwarebytes
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 20:13 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\users\Korbi\AppData\Roaming\Avira
2011-10-15 16:20 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-15 16:20 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-15 16:20 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\programdata\Avira
2011-10-15 16:20 . 2011-10-15 16:20 -------- d-----w- c:\program files (x86)\Avira
2011-10-15 10:55 . 2011-10-15 20:14 -------- d-----w- c:\users\Korbi\AppData\Local\CrashDumps
2011-10-12 17:56 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 17:56 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 17:56 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 17:56 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 17:56 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 17:56 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 17:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 17:56 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 07:47 . 2011-07-07 18:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 20:02 . 2011-07-30 20:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-30 20:02 . 2011-07-30 20:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-07-30 20:02 . 2011-07-30 20:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-07-30 20:02 . 2011-07-30 20:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-30 20:02 . 2011-07-30 20:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-07-30 20:02 . 2011-07-30 20:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-07-30 20:02 . 2011-07-30 20:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-07-30 20:02 . 2011-07-30 20:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-30 20:02 . 2011-07-30 20:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-07-30 20:02 . 2011-07-30 20:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-07-30 20:02 . 2011-07-30 20:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-07-30 20:02 . 2011-07-30 20:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-30 20:02 . 2011-07-30 20:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-07-30 20:02 . 2011-07-30 20:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-30 20:02 . 2011-07-30 20:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-30 20:02 . 2011-07-30 20:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-07-30 20:02 . 2011-07-30 20:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-07-30 20:02 . 2011-07-30 20:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-07-30 20:02 . 2011-07-30 20:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-07-30 20:02 . 2011-07-30 20:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-30 20:02 . 2011-07-30 20:02 448512 ----a-w- c:\windows\system32\html.iec
2011-07-30 20:02 . 2011-07-30 20:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-30 20:02 . 2011-07-30 20:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-07-30 20:02 . 2011-07-30 20:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-30 20:02 . 2011-07-30 20:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-07-30 20:02 . 2011-07-30 20:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-30 20:02 . 2011-07-30 20:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-07-30 20:02 . 2011-07-30 20:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-07-30 20:02 . 2011-07-30 20:02 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-30 20:02 . 2011-07-30 20:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-30 20:02 . 2011-07-30 20:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-30 20:02 . 2011-07-30 20:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-07-30 20:02 . 2011-07-30 20:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-07-30 20:02 . 2011-07-30 20:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-07-30 20:02 . 2011-07-30 20:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-30 20:02 . 2011-07-30 20:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-07-30 19:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-30 19:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-22_17.26.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-22 15:23 . 2011-10-22 15:23 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-10-22 21:41 . 2011-10-22 21:41 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-07-07 18:23 . 2011-10-23 07:06 36124 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-22 15:25 34508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-23 07:06 34508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-07 18:23 . 2011-10-23 07:06 8630 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-351109351-4133078722-3413134335-1000_UserData.bin
- 2011-10-22 15:24 . 2011-10-22 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-23 07:03 . 2011-10-23 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-22 15:24 . 2011-10-22 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-23 07:03 . 2011-10-23 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-22 15:23 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-22 21:41 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-07 20:06 . 2011-10-22 21:41 16923256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-351109351-4133078722-3413134335-1000-8192.dat
- 2011-07-31 22:08 . 2011-10-22 15:23 18137396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-351109351-4133078722-3413134335-1000-4096.dat
+ 2011-07-31 22:08 . 2011-10-22 17:36 18137396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-351109351-4133078722-3413134335-1000-4096.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-07 98304]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Wombat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2010-10-11 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2009-07-21 62312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"BthSyncServ"="c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: Interfaces\{59629462-8365-496A-97DE-5C61C2AF78F4}: NameServer = 195.50.140.182 195.50.140.114
FF - ProfilePath - c:\users\Korbi\AppData\Roaming\Mozilla\Firefox\Profiles\j06iwqcg.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-23 19:40:52
ComboFix-quarantined-files.txt 2011-10-23 17:40
ComboFix2.txt 2011-10-22 17:30
.
Vor Suchlauf: 14 Verzeichnis(se), 18.827.739.136 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.794.455.040 Bytes frei
.
- - End Of File - - CF84614176A976F3C01DEDB3399EDC8E
|
|
23.10.2011, 19:12
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2011, 19:41
| #13 |
| | Facebook-Virus (screensaver) Hier der Inhalt der aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-23 20:30:29
-----------------------------
20:30:29.074 OS Version: Windows x64 6.1.7601 Service Pack 1
20:30:29.074 Number of processors: 4 586 0x2505
20:30:29.074 ComputerName: KORBI-PC UserName: Korbi
20:30:29.838 Initialize success
20:31:40.638 AVAST engine defs: 11102301
20:31:54.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:31:54.990 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
20:31:55.006 Disk 0 MBR read successfully
20:31:55.006 Disk 0 MBR scan
20:31:55.021 Disk 0 Windows 7 default MBR code
20:31:55.021 Service scanning
20:31:56.644 Modules scanning
20:31:56.644 Disk 0 trace - called modules:
20:31:56.644 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:31:56.659 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b28790]
20:31:56.659 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004a68960]
20:31:56.659 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b2b050]
20:31:57.985 AVAST engine scan C:\Windows
20:32:02.338 AVAST engine scan C:\Windows\system32
20:34:13.362 AVAST engine scan C:\Windows\system32\drivers
20:34:28.089 AVAST engine scan C:\Users\Korbi
20:36:22.952 AVAST engine scan C:\ProgramData
20:36:47.693 Scan finished successfully
20:37:14.135 Disk 0 MBR has been saved successfully to "C:\Users\Korbi\Desktop\MBR.dat"
20:37:14.135 The log file has been saved successfully to "C:\Users\Korbi\Desktop\aswMBR.txt"
|
|
24.10.2011, 09:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook-Virus (screensaver) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 22:20
| #15 |
| | Facebook-Virus (screensaver) Hier die drei Logs: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/24/2011 at 09:43 PM
Application Version : 5.0.1134
Core Rules Database Version : 7840
Trace Rules Database Version: 5652
Scan type : Complete Scan
Total Scan Time : 01:28:28
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 70130
Registry threats detected : 0
File items scanned : 186387
File threats detected : 122
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.tldadserv.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.copernic-media.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
mediadb.kicker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.espn.112.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.counter-go.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.care2.112.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.tracker.icerocket.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.tracker.icerocket.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.bubblestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.bubblestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediaite.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.mediaite.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
stats.gluxx.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.buzzerbeaterstats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.buzzerbeaterstats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.buzzerbeaterstats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www2.adserverpub.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
s03.flagcounter.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.blogcounter.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
stats.o2more.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.blogcounter.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.bwincom.122.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
mediathek.tvtouring.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediathek.tvtouring.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediathek.tvtouring.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.mediathek.tvtouring.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www9.addfreestats.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
audit.median.hu [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
www.counter-gratis.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J06IWQCG.DEFAULT\COOKIES.SQLITE ]
.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
secure.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
secure.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
ad.yieldmanager.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
earlyexperience.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
secure.partyaccount.com [ C:\USERS\KORBI\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c43998379a14814eb02345a6deabf89e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-15 10:47:23
# local_time=2011-10-16 12:47:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 19812 19812 0 0
# compatibility_mode=5893 16776574 100 94 1045 70345293 0 0
# compatibility_mode=8192 67108863 100 0 1358 1358 0 0
# scanned=190113
# found=0
# cleaned=0
# scan_time=3400
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c43998379a14814eb02345a6deabf89e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-20 07:01:11
# local_time=2011-10-20 09:01:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 438287 438287 0 0
# compatibility_mode=5893 16776574 100 94 539 70763768 0 0
# compatibility_mode=8192 67108863 100 0 419833 419833 0 0
# scanned=189191
# found=0
# cleaned=0
# scan_time=3353
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c43998379a14814eb02345a6deabf89e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 08:43:00
# local_time=2011-10-24 10:43:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 790436 790436 0 0
# compatibility_mode=5893 16776574 100 94 83 71115917 0 0
# compatibility_mode=8192 67108863 100 0 771982 771982 0 0
# scanned=172130
# found=0
# cleaned=0
# scan_time=2913
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8013
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
24.10.2011 23:16:11
mbam-log-2011-10-24 (23-16-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 402451
Laufzeit: 28 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Facebook-Virus (screensaver) |
| .dll, 4d36e972-e325-11ce-bfc1-08002be10318, administratorrechte, anti-malware, appdata, audio, avira, datei, dateien, desktop, downloader, escan, explorer, free, malewarbytes, malwarebytes, microsoft, nicht mehr, nt.dll, programm, registry, software, starten, temp, trojan.agent, update, verweise, virus gefunden, windows media player, windows update |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
