| |
| |||||||
Log-Analyse und Auswertung: svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte WebseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.10.2011, 09:52
| #1 |
 |  svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Hallo, nachdem mein Laptop am 14.10. mit einem Fakealert-Trojaner/Virus infiziert wurde habe ich nach dessen Beseitigung anscheinend immer noch weitere Infektionen oder Reste, die sich nicht beseitigen lassen. Die Symptome sind, dass nach der Anmeldung des Benutzers direkt die ping.exe aufgeht und Kontakt mit Schadseiten aufnimmt. Der Prozess der ping.exe wächst mit der Zeit auf mehrere hundert MB an und verbraucht zunehmend mehr Rechenzeit... Über die ping.exe werden anscheinend ganze Webseiten auf meinen Rechner geladen, die dann im Internet-Explorer-Cache und Temp-Verzeichnis landen ohne dass die iexplore.exe geöffnet wurde. Weiterhin versuchen auch Firefox.exe, svchost.exe und iexplore.exe (falls der IE mal benutzt wird) Kontakt mit Schadseiten aufzunehmen. Malwarebytes blockiert die meisten dieser Zugriffe. Die Scanner, die ich benutzt habe (McAffee, Stinger, Malwarebytes) finden alle keine infizierten Dateien. Die Anleitung für Hilfesuchende konnte ich leider nicht komplett befolgen, da ich leider keinen Administrator-Account auf dem System (64 bit) habe. Defogger konnte deshalb nicht gestartet werden. Die OTL-Logs habe ich unten gepostet bzw. angehängt. (Firmen- und User/Rechnername sind per *** maskiert) Code:
ATTFilter OTL logfile created on: 10/26/2011 9:36:44 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.41% Memory free 7.73 Gb Paging File | 6.05 Gb Available in Paging File | 78.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 153.70 Gb Total Space | 93.55 Gb Free Space | 60.86% Space Free | Partition Type: NTFS Drive D: | 78.88 Gb Total Space | 57.72 Gb Free Space | 73.18% Space Free | Partition Type: NTFS Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 3.00 Gb Total Space | 1.41 Gb Free Space | 46.85% Space Free | Partition Type: NTFS Drive R: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS Drive V: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS Drive Y: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS Drive Z: | 1847.64 Gb Total Space | 1455.70 Gb Free Space | 78.79% Space Free | Partition Type: NTFS Computer Name: ***-E6410 | User Name: *** | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/10/26 09:34:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009/07/14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2009/07/14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe ========== Modules (No Company Name) ========== MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/13 01:44:04 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/05/13 01:44:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2010/01/06 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/05/02 20:33:54 | 000,035,328 | ---- | M] (*** Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\*** Software\Unified IP\InstallAssistant\***InstallAssistant.exe -- (***InstallAssistant) SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2010/01/06 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010/01/06 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2009/11/25 17:41:28 | 001,740,800 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2009/11/25 17:32:12 | 000,167,936 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) SRV - [2009/11/25 17:32:12 | 000,114,688 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/07/14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/06/29 17:54:54 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files (x86)\*** Software\Uniphi Connect\UniphiAdapterSvc.exe -- (***UniphiAdapterSvc) SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe -- (OracleMTSRecoveryService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\D79.tmp -- (MEMSWEEP2) DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/05/25 17:03:20 | 000,271,400 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2010/05/13 01:44:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/05/13 01:44:12 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2010/05/13 01:44:10 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010/05/13 01:44:10 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/05/13 01:44:08 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/05/13 01:44:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/05/13 01:44:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2010/05/13 01:44:06 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2010/05/13 01:44:06 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2010/05/13 01:44:06 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2010/05/13 01:44:04 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/05/13 01:44:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2010/05/13 01:44:00 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010/05/12 12:30:06 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:64bit: - [2010/04/27 11:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010/04/27 11:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM) DRV:64bit: - [2010/04/27 11:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM) DRV:64bit: - [2010/04/27 11:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010/04/10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2010/03/03 12:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010/03/03 12:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010/01/25 21:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2010/01/25 21:17:04 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2010/01/18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt) DRV:64bit: - [2010/01/06 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010/01/06 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010/01/06 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010/01/06 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2010/01/06 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009/11/18 10:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B) DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow) DRV - [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TrufosAlt.sys -- (TrufosAlt) DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..network.proxy.backup.ftp: "172.16.21.152" FF - prefs.js..network.proxy.backup.ftp_port: 81 FF - prefs.js..network.proxy.backup.socks: "172.16.21.152" FF - prefs.js..network.proxy.backup.socks_port: 81 FF - prefs.js..network.proxy.backup.ssl: "172.16.21.152" FF - prefs.js..network.proxy.backup.ssl_port: 81 FF - prefs.js..network.proxy.ftp: "172.16.21.152" FF - prefs.js..network.proxy.ftp_port: 81 FF - prefs.js..network.proxy.http: "172.16.21.152" FF - prefs.js..network.proxy.http_port: 81 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.16.21.152" FF - prefs.js..network.proxy.socks_port: 81 FF - prefs.js..network.proxy.ssl: "172.16.21.152" FF - prefs.js..network.proxy.ssl_port: 81 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 22:17:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 11:04:29 | 000,000,000 | ---D | M] [2011/02/24 13:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011/09/28 10:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions [2011/07/18 17:29:53 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\engine@plasmoo.com [2011/02/28 12:46:28 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\imageblock@hemantvats.com [2011/10/14 15:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/10/06 20:33:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/10/03 22:17:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/06 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2011/09/23 03:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [perfpal] C:\Program Files (x86)\*** Software\Unified IP Shared\Tools\PerfPal\savelog.bat () O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anmeldung.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O15:64bit: - ..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([autodiscover] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([bos1cas1] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([corpdev] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([corpdev] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([hr] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([hr] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([it] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([it] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([sales] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([sales] https in Trusted sites) O15 - HKCU\..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([autodiscover] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([bos1cas1] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([corpdev] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([corpdev] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([hr] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([hr] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([it] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([it] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([sales] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([sales] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07) O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.64.15.40 10.64.15.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{702D714C-C851-4A51-AD74-5055E94072C0}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B75AD69B-5CDF-4BB5-99A9-D896685AE54F}: DhcpNameServer = 10.64.15.40 10.64.15.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A3000A-07D2-48AD-BA3A-F1F162044C25}: NameServer = 10.74.83.22 193.254.160.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ***UniphiConnectDDEClient - hkey= - key= - C:\Program Files (x86)\*** Uniphi Connect DDE Client\UCDDE.exe (*** Software) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: dyKoehJmNj.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/10/26 09:34:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011/10/21 23:27:29 | 007,104,275 | ---- | C] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe [2011/10/21 23:26:23 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys [2011/10/21 22:41:30 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/10/17 10:30:17 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2011/10/17 09:18:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/10/16 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/10/14 20:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2011/10/14 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011/10/14 17:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2011/10/14 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/10/14 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011/10/14 15:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/10/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/10/14 13:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/14 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/14 13:10:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/10/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/10/13 16:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/10/13 16:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/10/13 16:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/10/13 16:33:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/10/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/10/13 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\UCCAdminSDK_AgentAssigner [2011/10/11 10:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Studio .NET 2002 [2011/10/09 14:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2011/10/09 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Roxio [2011/10/06 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/10/05 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\*** Software [2011/09/30 09:21:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon [2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2011/09/28 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\csunit.org [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/10/26 09:34:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011/10/26 09:32:04 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011/10/26 08:55:26 | 000,969,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/10/26 08:55:26 | 000,795,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/10/26 08:55:26 | 000,171,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/10/26 08:53:42 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/26 08:53:42 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/26 08:48:06 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini [2011/10/26 08:46:40 | 000,007,604 | RHS- | M] () -- C:\Users\***\ntuser.pol [2011/10/26 08:46:11 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2011/10/26 08:46:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2011/10/26 08:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/26 08:45:51 | 3112,583,168 | -HS- | M] () -- C:\hiberfil.sys [2011/10/25 11:00:10 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe [2011/10/25 10:57:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2011/10/25 10:45:58 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2011/10/24 16:12:48 | 000,023,562 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys [2011/10/21 22:44:58 | 337,447,378 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe [2011/10/21 14:35:57 | 000,067,175 | ---- | M] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf [2011/10/21 10:13:28 | 008,646,656 | ---- | M] () -- C:\Users\***\Documents\***.qdb [2011/10/18 16:10:32 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011/10/17 16:58:51 | 000,005,278 | ---- | M] () -- C:\Windows\SysWow64\SiteList.xml [2011/10/16 20:12:50 | 000,002,991 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011/10/14 20:34:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/10/14 18:33:30 | 000,000,000 | ---- | M] () -- C:\Windows\SMSClientInstall.LHR [2011/10/14 17:42:03 | 000,403,885 | ---- | M] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011/10/14 16:34:04 | 000,000,100 | ---- | M] () -- C:\index.ini [2011/10/14 14:40:07 | 000,987,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/14 13:10:49 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/13 14:20:26 | 000,000,691 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011/10/11 16:43:07 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011/10/06 15:20:25 | 000,200,146 | ---- | M] () -- C:\Users\***\Documents\***_UIP66Demo.rts [2011/10/05 17:35:18 | 000,002,000 | ---- | M] () -- C:\Users\***\Documents\Default.rdp [2011/10/05 15:50:20 | 000,000,340 | ---- | M] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms [2011/10/03 22:17:28 | 000,002,066 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/09/30 11:12:15 | 000,004,913 | ---- | M] () -- C:\Users\***\Desktop\Users.csv [2011/09/27 21:41:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/09/27 16:19:03 | 000,000,334 | ---- | M] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/10/26 09:28:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011/10/21 14:35:55 | 000,067,175 | ---- | C] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf [2011/10/17 16:58:51 | 000,005,278 | ---- | C] () -- C:\Windows\SysWow64\SiteList.xml [2011/10/16 20:12:50 | 000,002,991 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011/10/14 18:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\SMSClientInstall.LHR [2011/10/14 17:42:03 | 000,403,885 | ---- | C] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip [2011/10/14 17:23:37 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011/10/14 16:34:04 | 000,000,100 | ---- | C] () -- C:\index.ini [2011/10/14 15:21:23 | 000,028,775 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe [2011/10/14 15:21:23 | 000,024,677 | ---- | C] () -- C:\Windows\SysWow64\java.exe [2011/10/14 14:53:44 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2011/10/14 13:10:49 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/13 16:54:21 | 000,001,549 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2011/10/13 16:54:21 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2011/10/13 16:54:20 | 000,002,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CUEcards 2005.lnk [2011/10/13 16:54:20 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk [2011/10/13 16:54:20 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011/10/13 16:54:20 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/10/13 16:54:20 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2011/10/13 16:54:20 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/10/13 16:54:20 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2011/10/13 16:54:20 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/10/13 16:54:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/10/13 16:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/10/13 16:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/10/13 16:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/10/13 16:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/10/13 16:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/10/13 14:20:26 | 000,000,691 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011/10/05 15:50:20 | 000,000,340 | ---- | C] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms [2011/09/30 11:08:59 | 000,004,913 | ---- | C] () -- C:\Users\***\Desktop\Users.csv [2011/09/27 16:19:03 | 000,000,334 | ---- | C] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms [2011/09/13 14:25:19 | 000,000,011 | ---- | C] () -- C:\Windows\producer32.ini [2011/07/23 00:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/05/09 12:19:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini [2011/04/28 15:41:44 | 000,001,350 | ---- | C] () -- C:\Windows\ntbackup.ini [2011/04/15 06:35:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011/04/15 06:35:06 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011/04/04 20:43:39 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/15 12:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\dsedit.INI [2011/03/14 18:36:40 | 000,003,400 | ---- | C] () -- C:\Windows\W32RegistryState.dat [2011/03/05 00:59:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/02 11:32:19 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/03/02 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI [2011/03/01 18:20:46 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011/03/01 13:31:25 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011/02/24 13:20:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/21 12:21:28 | 000,987,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/21 12:20:57 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini [2010/11/01 22:06:12 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010/11/01 22:05:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2010/11/01 21:41:57 | 000,023,562 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/01 20:14:36 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2010/11/01 20:14:36 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2010/11/01 20:11:48 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL ========== LOP Check ========== [2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software [2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc [2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward [2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste [2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell [2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot [2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks [2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux [2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager [2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore [2011/10/07 17:02:06 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/09/13 15:51:35 | 000,000,000 | ---D | M] -- C:\$***Rollback$ [2011/10/14 20:16:44 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010/11/02 01:06:45 | 000,000,000 | ---D | M] -- C:\boot [2011/10/21 22:43:53 | 000,000,000 | --SD | M] -- C:\ComboFix [2011/10/24 22:00:16 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011/02/21 12:03:18 | 000,000,000 | ---D | M] -- C:\dell [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/06/15 13:25:25 | 000,000,000 | ---D | M] -- C:\GE36C1PCL6Winx64_30160EN [2011/04/15 06:59:37 | 000,000,000 | ---D | M] -- C:\ifx [2011/09/13 15:27:08 | 000,000,000 | ---D | M] -- C:\inetpub [2011/10/05 09:21:14 | 000,000,000 | ---D | M] -- C:\log [2010/11/01 20:51:31 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/03/02 17:40:14 | 000,000,000 | ---D | M] -- C:\oracle [2011/10/25 11:09:26 | 000,000,000 | ---D | M] -- C:\Outlook [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/10/14 20:31:10 | 000,000,000 | R--D | M] -- C:\Program Files [2011/10/21 11:29:14 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/10/24 16:12:52 | 000,000,000 | ---D | M] -- C:\ProgramData [2011/10/16 18:20:23 | 000,000,000 | ---D | M] -- C:\Qoobox [2011/10/19 15:44:46 | 000,000,000 | ---D | M] -- C:\Quarantine [2011/02/21 11:47:21 | 000,000,000 | ---D | M] -- C:\Recovery [2011/09/13 15:09:16 | 000,000,000 | ---D | M] -- C:\SYBASE15 [2011/10/26 09:38:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/10/13 15:00:23 | 000,000,000 | R--D | M] -- C:\Users [2011/10/26 08:46:19 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe [2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "UseWUServer" = 1 "NoAutoUpdate" = 1 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
26.10.2011, 13:16
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte WebseitenZitat:
Poste alle relevanten bzw. schon erzeugen Logs von den dir eingesetzten Tools.
__________________ |
|
26.10.2011, 14:46
| #3 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Hi Arne,
__________________ich habe mal die Logfiles zusammen getragen die ich finden konnte. ComboFix beschreibt in seinen Logs leider nicht, warum es eine Datei gelöscht hat. McAfee hat hingegen die folgenden Trojaner identifiziert: Downloader.a!ss (Trojan) Downloader.a!ta (Trojan) Das initiale Problem war, dass mein Laptop plötzlich ausging. Nach einem Neustart bekam ich ein Popup mit diversen angeblichen Festplatten- und Virusproblemen. Aufgrund des Titels des Popups bin habe ich auf den Fakealert-Trojaner geschlossen. Teile der Festplatte waren versteckt und das Profil war kaputt. Nach dem Entfernen der .exe aus dem Autostart und dem "ent-verstecken" der Dateien hatte ich im abgesicherten Modus neu gestartet und ComboFiix ausgeführt. Danach war auch das Profil wieder in Ordnung... Danke und Grüße |
|
26.10.2011, 15:27
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte WebseitenZitat:
 Einen ganz klaren Hinweis gibt es zu http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.10.2011, 15:43
| #5 | |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte WebseitenZitat:
Dieser hat sich jedoch an diesem nachgelagerten Problem bis jetzt die Zähne ausgebissen... |
|
26.10.2011, 19:03
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte WebseitenZitat:
Warum setzt der hausinterne Support die Kiste nicht neu auf und will das über ein Forum gelöst kriegen? 
__________________ --> svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten |
|
26.10.2011, 20:56
| #7 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Das wäre natürlich auch eine Möglichkeit, die ich allerdings nur als letzten Ausweg sehe, weil der im Ausland sitzt und es dann einige Tage dauert bis ich wieder vernünftig arbeiten kann. Deshalb wollte ich es erst hier versuchen, in der Hoffnung hier ein paar Tipps zu bekommen... |
|
27.10.2011, 08:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Dann poste erstmal alle Log. In der Zip im ANhang war nur die extras.txt!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 08:10
| #9 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Moin Arne, hier die Logs... |
|
27.10.2011, 10:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Sagmal wie oft wurde CF denn ausgeführt? 3x oder noch öfter? Zumindest das erste CF-Log fehlt. Und von Malwarebytes seh ich nur ein Protection-Log. Poste auch ALLE anderen Logs davon!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 12:32
| #11 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Das waren leider alle ComboFix-Logs die ich in diesem Verzeichnis gefunden habe... Aber es gibt gute Neuigkeiten: Ich habe den Kaspersky TDSSKiller laufen lassen und der hat folgendes gefunden: 11:43:36.0618 6840 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0 11:43:36.0621 6840 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected 11:43:36.0621 6840 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 11:43:36.0672 6840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 11:43:36.0672 6840 \Device\Harddisk0\DR0 - detected TDSS File System (1) Das Dateisystem und das Rootkit konnte der Scanner löschen und nach einem Reboot taucht die ping.exe auch nicht mehr im Taskmanager auf. Die Aufrufe der Webseiten von anderen Prozessen sind bislang auch nicht mehr vorgekommen. Ich frage mich nur warum die ganzen anderen Scanner dies nicht ebenfalls finden konnten... Danke und Grüße |
|
27.10.2011, 14:29
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Was ist denn nun mit den anderen Malwarebytes-Logs?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 14:38
| #13 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Hier sind alle MalwareBytes-Logs (Protection- und Scan-Logs)... |
|
27.10.2011, 14:55
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten mach bitte ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 15:23
| #15 |
| | svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten Hier der Log-Output vom Oldtimer: Code:
ATTFilter OTL logfile created on: 10/27/2011 4:06:20 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 61.27% Memory free 7.73 Gb Paging File | 5.98 Gb Available in Paging File | 77.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 153.70 Gb Total Space | 93.49 Gb Free Space | 60.83% Space Free | Partition Type: NTFS Drive D: | 78.88 Gb Total Space | 57.69 Gb Free Space | 73.14% Space Free | Partition Type: NTFS Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 931.51 Gb Total Space | 727.44 Gb Free Space | 78.09% Space Free | Partition Type: NTFS Drive H: | 3.00 Gb Total Space | 1.41 Gb Free Space | 46.85% Space Free | Partition Type: NTFS Drive R: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS Drive V: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS Drive Y: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS Drive Z: | 1847.64 Gb Total Space | 1455.70 Gb Free Space | 78.79% Space Free | Partition Type: NTFS Computer Name: ***-E6410 | User Name: *** | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/10/27 16:02:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe PRC - [2009/07/14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe ========== Modules (No Company Name) ========== MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/13 01:44:04 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/05/13 01:44:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2010/01/06 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/05/02 20:33:54 | 000,035,328 | ---- | M] (*** Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\*** Software\Unified IP\InstallAssistant\***InstallAssistant.exe -- (***InstallAssistant) SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2010/01/06 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield) SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010/01/06 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService) SRV - [2009/11/25 17:41:28 | 001,740,800 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2009/11/25 17:32:12 | 000,167,936 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) SRV - [2009/11/25 17:32:12 | 000,114,688 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/07/14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/06/29 17:54:54 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files (x86)\*** Software\Uniphi Connect\UniphiAdapterSvc.exe -- (***UniphiAdapterSvc) SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe -- (OracleMTSRecoveryService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\D79.tmp -- (MEMSWEEP2) DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/05/25 17:03:20 | 000,271,400 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2010/05/13 01:44:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/05/13 01:44:12 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2010/05/13 01:44:10 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010/05/13 01:44:10 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/05/13 01:44:08 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/05/13 01:44:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/05/13 01:44:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2010/05/13 01:44:06 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2010/05/13 01:44:06 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2010/05/13 01:44:06 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2010/05/13 01:44:04 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/05/13 01:44:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2010/05/13 01:44:00 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010/05/12 12:30:06 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:64bit: - [2010/04/27 11:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010/04/27 11:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM) DRV:64bit: - [2010/04/27 11:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM) DRV:64bit: - [2010/04/27 11:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010/04/10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2010/03/03 12:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010/03/03 12:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010/01/25 21:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2010/01/25 21:17:04 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2010/01/18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt) DRV:64bit: - [2010/01/06 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010/01/06 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010/01/06 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010/01/06 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2010/01/06 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009/11/18 10:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B) DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow) DRV - [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TrufosAlt.sys -- (TrufosAlt) DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..network.proxy.backup.ftp: "172.16.21.152" FF - prefs.js..network.proxy.backup.ftp_port: 81 FF - prefs.js..network.proxy.backup.socks: "172.16.21.152" FF - prefs.js..network.proxy.backup.socks_port: 81 FF - prefs.js..network.proxy.backup.ssl: "172.16.21.152" FF - prefs.js..network.proxy.backup.ssl_port: 81 FF - prefs.js..network.proxy.ftp: "172.16.21.152" FF - prefs.js..network.proxy.ftp_port: 81 FF - prefs.js..network.proxy.http: "172.16.21.152" FF - prefs.js..network.proxy.http_port: 81 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.16.21.152" FF - prefs.js..network.proxy.socks_port: 81 FF - prefs.js..network.proxy.ssl: "172.16.21.152" FF - prefs.js..network.proxy.ssl_port: 81 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 22:17:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 11:04:29 | 000,000,000 | ---D | M] [2011/02/24 13:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011/09/28 10:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions [2011/07/18 17:29:53 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\engine@plasmoo.com [2011/02/28 12:46:28 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\imageblock@hemantvats.com [2011/10/14 15:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/10/06 20:33:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/10/03 22:17:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/06 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2011/09/23 03:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [perfpal] C:\Program Files (x86)\*** Software\Unified IP Shared\Tools\PerfPal\savelog.bat () O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anmeldung.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O15:64bit: - ..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([autodiscover] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([bos1cas1] https in Local intranet) O15:64bit: - ..Trusted Domains: ***.com ([corpdev] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([corpdev] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([hr] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([hr] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([it] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([it] https in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([sales] http in Trusted sites) O15:64bit: - ..Trusted Domains: ***.com ([sales] https in Trusted sites) O15 - HKCU\..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([autodiscover] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([bos1cas1] https in Local intranet) O15 - HKCU\..Trusted Domains: ***.com ([corpdev] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([corpdev] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([hr] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([hr] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([it] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([it] https in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([sales] http in Trusted sites) O15 - HKCU\..Trusted Domains: ***.com ([sales] https in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07) O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.64.15.40 10.64.15.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{702D714C-C851-4A51-AD74-5055E94072C0}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B75AD69B-5CDF-4BB5-99A9-D896685AE54F}: DhcpNameServer = 10.64.15.40 10.64.15.41 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A3000A-07D2-48AD-BA3A-F1F162044C25}: NameServer = 10.74.83.22 193.254.160.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/04 13:08:14 | 000,000,183 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ***UniphiConnectDDEClient - hkey= - key= - C:\Program Files (x86)\*** Uniphi Connect DDE Client\UCDDE.exe (*** Software) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: dyKoehJmNj.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PEVSystemStart - Service SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: procexp90.Sys - Driver SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PEVSystemStart - Service SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: procexp90.Sys - Driver SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/10/27 11:34:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011/10/27 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\tdsskiller [2011/10/27 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011/10/26 15:10:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board [2011/10/26 12:44:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011/10/26 09:34:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011/10/21 23:27:29 | 007,104,275 | ---- | C] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe [2011/10/21 23:26:23 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys [2011/10/21 22:41:30 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/10/17 10:30:17 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2011/10/16 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/10/14 20:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2011/10/14 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011/10/14 17:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2011/10/14 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/10/14 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011/10/14 15:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/10/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/10/14 13:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/14 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/14 13:10:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/10/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/10/13 16:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/10/13 16:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/10/13 16:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/10/13 16:33:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/10/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/10/13 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\UCCAdminSDK_AgentAssigner [2011/10/11 10:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Studio .NET 2002 [2011/10/09 14:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2011/10/09 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Roxio [2011/10/06 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/10/05 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\*** Software [2011/09/30 09:21:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon [2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2011/09/28 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\csunit.org [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/10/27 16:02:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011/10/27 13:32:41 | 000,969,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/10/27 13:32:41 | 000,795,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/10/27 13:32:41 | 000,171,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/10/27 13:30:52 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/27 13:30:52 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/27 13:25:03 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini [2011/10/27 13:23:26 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2011/10/27 13:23:24 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2011/10/27 13:23:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/10/27 13:23:08 | 3112,583,168 | -HS- | M] () -- C:\hiberfil.sys [2011/10/26 09:32:04 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011/10/26 08:46:40 | 000,007,604 | RHS- | M] () -- C:\Users\***\ntuser.pol [2011/10/25 11:00:10 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe [2011/10/25 10:57:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2011/10/25 10:45:58 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2011/10/24 16:12:48 | 000,023,562 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys [2011/10/21 22:44:58 | 337,447,378 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe [2011/10/21 14:35:57 | 000,067,175 | ---- | M] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf [2011/10/21 10:13:28 | 008,646,656 | ---- | M] () -- C:\Users\***\Documents\***.qdb [2011/10/18 16:10:32 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011/10/17 16:58:51 | 000,005,278 | ---- | M] () -- C:\Windows\SysWow64\SiteList.xml [2011/10/16 20:12:50 | 000,002,991 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011/10/14 20:34:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/10/14 18:33:30 | 000,000,000 | ---- | M] () -- C:\Windows\SMSClientInstall.LHR [2011/10/14 17:42:03 | 000,403,885 | ---- | M] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011/10/14 16:34:04 | 000,000,100 | ---- | M] () -- C:\index.ini [2011/10/14 14:40:07 | 000,987,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/14 13:10:49 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/13 14:20:26 | 000,000,691 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011/10/11 16:43:07 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011/10/06 15:20:25 | 000,200,146 | ---- | M] () -- C:\Users\***\Documents\***_UIP66Demo.rts [2011/10/05 17:35:18 | 000,002,000 | ---- | M] () -- C:\Users\***\Documents\Default.rdp [2011/10/05 15:50:20 | 000,000,340 | ---- | M] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms [2011/10/03 22:17:28 | 000,002,066 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/09/30 11:12:15 | 000,004,913 | ---- | M] () -- C:\Users\***\Desktop\Users.csv [2011/09/27 21:41:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/09/27 16:19:03 | 000,000,334 | ---- | M] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/10/26 09:28:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011/10/21 14:35:55 | 000,067,175 | ---- | C] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf [2011/10/17 16:58:51 | 000,005,278 | ---- | C] () -- C:\Windows\SysWow64\SiteList.xml [2011/10/16 20:12:50 | 000,002,991 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2011/10/14 18:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\SMSClientInstall.LHR [2011/10/14 17:42:03 | 000,403,885 | ---- | C] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip [2011/10/14 17:23:37 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011/10/14 16:34:04 | 000,000,100 | ---- | C] () -- C:\index.ini [2011/10/14 15:21:23 | 000,028,775 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe [2011/10/14 15:21:23 | 000,024,677 | ---- | C] () -- C:\Windows\SysWow64\java.exe [2011/10/14 14:53:44 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2011/10/14 13:10:49 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/13 16:54:21 | 000,001,549 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2011/10/13 16:54:21 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2011/10/13 16:54:20 | 000,002,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CUEcards 2005.lnk [2011/10/13 16:54:20 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk [2011/10/13 16:54:20 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011/10/13 16:54:20 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/10/13 16:54:20 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2011/10/13 16:54:20 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/10/13 16:54:20 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2011/10/13 16:54:20 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/10/13 16:54:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/10/13 16:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/10/13 16:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/10/13 16:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/10/13 16:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/10/13 16:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/10/13 14:20:26 | 000,000,691 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011/10/05 15:50:20 | 000,000,340 | ---- | C] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms [2011/09/30 11:08:59 | 000,004,913 | ---- | C] () -- C:\Users\***\Desktop\Users.csv [2011/09/27 16:19:03 | 000,000,334 | ---- | C] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms [2011/09/13 14:25:19 | 000,000,011 | ---- | C] () -- C:\Windows\producer32.ini [2011/07/23 00:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/05/09 12:19:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini [2011/04/28 15:41:44 | 000,001,350 | ---- | C] () -- C:\Windows\ntbackup.ini [2011/04/15 06:35:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011/04/15 06:35:06 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011/04/04 20:43:39 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/15 12:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\dsedit.INI [2011/03/14 18:36:40 | 000,003,400 | ---- | C] () -- C:\Windows\W32RegistryState.dat [2011/03/05 00:59:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/03/02 11:32:19 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/03/02 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI [2011/03/01 18:20:46 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011/03/01 13:31:25 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011/02/24 13:20:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/21 12:21:28 | 000,987,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/21 12:20:57 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini [2010/11/01 22:06:12 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010/11/01 22:05:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2010/11/01 21:41:57 | 000,023,562 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/01 20:14:36 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2010/11/01 20:14:36 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2010/11/01 20:11:48 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll [2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL ========== LOP Check ========== [2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software [2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc [2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward [2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste [2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell [2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot [2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks [2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux [2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager [2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore [2011/10/07 17:02:06 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/10/27 11:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software [2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc [2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward [2010/11/01 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2011/03/31 21:00:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste [2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell [2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot [2010/11/01 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks [2010/11/01 21:34:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011/10/14 13:11:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/02/21 12:27:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\McAfee [2009/07/14 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011/10/16 20:12:50 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011/02/24 13:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011/10/09 14:29:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio [2010/11/01 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio Log Files [2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux [2011/10/26 22:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011/03/05 01:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011/10/13 17:47:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VMware [2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager [2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark [2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore < %APPDATA%\*.exe /s > [2010/04/10 21:11:36 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe [2010/04/10 21:11:36 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe [2010/04/10 21:11:38 | 000,157,040 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe [2010/04/10 21:11:44 | 000,056,072 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe [2011/07/04 16:54:26 | 000,247,152 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Java Secure Application Manager\jsamtool.exe [2010/06/11 05:50:36 | 000,288,112 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe [2010/06/11 05:50:36 | 000,043,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\uninstall.exe [2009/11/13 03:59:04 | 000,220,040 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\AccessServiceComponent.x86.exe [2010/02/19 02:27:02 | 000,087,408 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\dsCboxBroker.exe [2010/02/19 02:27:00 | 000,701,808 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\dsCboxUI.exe [2011/07/27 09:47:51 | 001,168,624 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\neoCBoxSetup.exe [2010/02/19 02:27:04 | 000,183,680 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\uninstall.exe [2010/03/17 09:03:58 | 000,132,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe [2010/03/17 09:03:56 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [2010/03/17 09:03:00 | 000,329,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe [2010/03/17 09:01:24 | 000,218,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe [2010/03/17 09:04:02 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe [2011/10/16 20:12:50 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011/10/26 12:30:52 | 000,001,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ECB55EF8-F571-4465-87EA-DF1B2C492388}\_853F67D554F05449430E7E.exe < %SYSTEMDRIVE%\*.exe > [2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2004/11/15 10:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_56514e2bffcd0bde\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
| Themen zu svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten |
| auftrag, beseitigung, bho, blockiert, c:\windows\system32\rundll32.exe, defender, error, format, helper, hijack, iexplore.exe, infiziert, infizierte, intranet, logfile, netgear, nodrives, nvidia, ping.exe, plug-in, port, prozess, registry, rundll, scan, security, software, studio, svchost.exe, system, version=1.0, visual studio, windows, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
