|
Log-Analyse und Auswertung: Trojaner "Bundeskriminalamt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.01.2012, 13:52 | #1 |
| Trojaner "Bundeskriminalamt" Hallo zusammen, ich bräuchte mal eure Hilfe. Habe mir auch so einen Virus/Trojaner eingefangen, der mir meinen Rechner blockiert. Er öffnet eine nicht schliessbare Internetseite, auf der ich aufgefordert werde, 100 Euro zu überweisen. Ich weis, das es das Thema schon 1 - 2 mal gibt, aber es scheint ja immer individuell zu beheben zu sein. Deswegen das neue Thema. Was ich bisher gemacht habe: Im abgesichterem Modus Antimalware runtergeladen und durchlaufen lassen. Das Programm hat 3 Trojaner gefunden und entfernt. Leider scheint der Logfile nicht mehr da zu sein. Danach habe ich meinen Rechner wieder normal starten können. Habe dann Antivir suchen lassen. 4 Treffer. Logfile: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 29. Januar 2012 07:26 Es wird nach 3323984 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : NOTEBOOK Versionsinformationen: BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 30.06.2011 11:00:45 AVSCAN.DLL : 10.0.5.0 57192 Bytes 30.06.2011 11:00:45 LUKE.DLL : 10.3.0.5 45416 Bytes 30.06.2011 11:00:47 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 30.06.2011 11:00:48 AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 07:22:12 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 12:36:27 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 19:14:25 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 19:14:26 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 19:14:26 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 19:14:27 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 19:14:27 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 19:14:27 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 19:14:27 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 19:14:28 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 19:14:28 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 19:14:28 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 19:14:28 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 13:28:20 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 16:06:36 VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 20:11:07 VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 22:22:18 VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 16:13:57 VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 18:49:52 VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 11:49:38 VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 11:49:40 VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 11:49:42 VBASE022.VDF : 7.11.21.13 135168 Bytes 13.01.2012 11:49:43 VBASE023.VDF : 7.11.21.40 163840 Bytes 16.01.2012 11:49:45 VBASE024.VDF : 7.11.21.65 1001472 Bytes 17.01.2012 11:49:53 VBASE025.VDF : 7.11.21.98 487424 Bytes 19.01.2012 11:49:57 VBASE026.VDF : 7.11.21.156 1010688 Bytes 25.01.2012 12:15:34 VBASE027.VDF : 7.11.21.176 600576 Bytes 26.01.2012 12:16:06 VBASE028.VDF : 7.11.21.177 2048 Bytes 26.01.2012 12:16:07 VBASE029.VDF : 7.11.21.178 2048 Bytes 26.01.2012 12:16:07 VBASE030.VDF : 7.11.21.179 2048 Bytes 26.01.2012 12:16:08 VBASE031.VDF : 7.11.21.199 142848 Bytes 27.01.2012 06:23:46 Engineversion : 8.2.8.44 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:27:38 AESCRIPT.DLL : 8.1.4.2 434553 Bytes 27.01.2012 12:19:07 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 12:18:58 AESBX.DLL : 8.2.4.5 434549 Bytes 04.12.2011 16:05:42 AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 18:02:07 AEPACK.DLL : 8.2.16.2 799095 Bytes 27.01.2012 12:18:54 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 29.12.2011 22:22:37 AEHEUR.DLL : 8.1.3.23 4333943 Bytes 27.01.2012 12:18:01 AEHELP.DLL : 8.1.19.0 254327 Bytes 23.01.2012 11:50:05 AEGEN.DLL : 8.1.5.18 409973 Bytes 27.01.2012 12:16:29 AEEMU.DLL : 8.1.3.0 393589 Bytes 04.03.2011 12:36:01 AECORE.DLL : 8.1.25.3 201079 Bytes 27.01.2012 12:16:18 AEBB.DLL : 8.1.1.0 53618 Bytes 04.03.2011 12:36:00 AVWINLL.DLL : 10.0.0.0 19304 Bytes 04.03.2011 12:36:13 AVPREF.DLL : 10.0.3.2 44904 Bytes 30.06.2011 11:00:45 AVREP.DLL : 10.0.0.10 174120 Bytes 18.05.2011 06:35:18 AVARKT.DLL : 10.0.26.1 255336 Bytes 30.06.2011 11:00:44 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 30.06.2011 11:00:45 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 12:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 04.03.2011 12:36:12 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 12:27:01 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 30.06.2011 11:00:43 RCTEXT.DLL : 10.0.64.0 98664 Bytes 30.06.2011 11:00:43 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Sonntag, 29. Januar 2012 07:26 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'SearchFilterHost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'NisSrv.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfimon.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'brccMCtl.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkBtMnt.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'ZuneLauncher.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'BrMfcWnd.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'pptd40nt.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'msseces.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '145' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'MsMpEng.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '530' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\32f5c2cc-5a856c56 [0] Archivtyp: ZIP --> report/Generator.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.U --> report/HDDDetect.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5ccf0d98-4b39fc61 [0] Archivtyp: ZIP --> support/ForMail.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.H --> support/SendMail.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EO Beginne mit der Desinfektion: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5ccf0d98-4b39fc61 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EO [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49c75d0f.qua' verschoben! C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\32f5c2cc-5a856c56 [FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '515d7567.qua' verschoben! Ende des Suchlaufs: Sonntag, 29. Januar 2012 08:57 Benötigte Zeit: 1:28:33 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 22720 Verzeichnisse wurden überprüft 602160 Dateien wurden geprüft 4 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 602156 Dateien ohne Befall 4507 Archive wurden durchsucht 0 Warnungen 2 Hinweise 446600 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Danach habe ich noch mal Anti Maleware im "normalen" Modus suchen lassen. Kein Fund. Dabei wurde denke ich der vorherige logfile überschrieben!?!? Jetzt habe ich Defogger suchen lassen. Der hat nichts gefunden und keinen Neustart verlangt. Nu die Logs von OTL: OTL: OTL logfile created on: 29.01.2012 10:42:08 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Thomas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 51,64% Memory free 5,21 Gb Paging File | 3,98 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 196,54 Gb Free Space | 68,22% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.29 10:37:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe PRC - [2011.06.30 12:00:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.04.28 11:25:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.04.22 12:20:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Thomas\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.09 08:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe PRC - [2008.05.20 17:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.04.25 09:24:56 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\winrar\RarExt.dll MOD - [2009.01.09 16:10:52 | 000,139,264 | ---- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.06.30 12:00:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 11:25:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 12:00:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 12:00:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.07.18 23:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.30 18:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.30 12:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008.05.26 20:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.05.15 08:56:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (Int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 13:01:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 20:26:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.03 08:56:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.01.08 13:01:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [*NPE] C:\Users\Thomas\Downloads\NPE.exe (Symantec Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0528DA79-3E5A-4227-8519-C70CC3CC10FD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.29 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.01.29 03:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.29 03:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.29 03:02:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.29 03:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.29 02:10:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NPE [2012.01.29 02:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.01.29 01:54:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.01.25 12:52:52 | 000,000,000 | ---D | C] -- C:\bf79cb9499e94e1adefe7115a0535872 [2012.01.11 20:25:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.01.29 10:38:57 | 000,056,414 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.29 10:15:40 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.01.29 09:20:04 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 09:20:04 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 07:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.29 07:19:40 | 2682,662,912 | -HS- | M] () -- C:\hiberfil.sys [2012.01.29 03:02:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.29 02:19:22 | 006,365,664 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\SMRBackup250.dat [2012.01.25 20:19:37 | 000,056,414 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.14 09:35:35 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.14 09:35:35 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.14 09:35:35 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.14 09:35:35 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.02 17:20:18 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012.01.29 10:15:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.01.29 07:19:40 | 2682,662,912 | -HS- | C] () -- C:\hiberfil.sys [2012.01.29 03:02:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.29 02:12:12 | 006,365,664 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\SMRBackup250.dat [2011.07.03 10:09:29 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.07.03 10:09:26 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.04.26 08:22:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.26 08:22:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.25 10:22:39 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.25 10:22:01 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.04.25 10:21:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.04.25 10:03:21 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.04.24 07:14:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.22 12:36:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.04.22 12:16:26 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2011.04.22 12:16:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.04.22 12:16:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.04.22 12:16:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,258,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.01.28 10:33:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.22 13:36:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.25 12:52:55 | 000,000,000 | ---D | M] -- C:\bf79cb9499e94e1adefe7115a0535872 [2011.06.12 11:55:36 | 000,000,000 | -HSD | M] -- C:\Boot [2012.01.25 12:53:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.06.19 10:50:24 | 000,000,000 | ---D | M] -- C:\d1911a4812f40fc0fafa [2011.04.30 19:37:46 | 000,000,000 | ---D | M] -- C:\d94934739c66318cae89 [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.04.22 11:45:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.19 08:07:43 | 000,000,000 | ---D | M] -- C:\fda90545b9ed6d12f8810bdfbcfb [2011.07.17 18:51:52 | 000,000,000 | ---D | M] -- C:\FIND_MOZ_EXT [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.29 03:02:37 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.29 03:02:38 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.22 11:45:35 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.29 10:45:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.22 13:18:19 | 000,000,000 | ---D | M] -- C:\Treiber [2011.04.22 13:35:50 | 000,000,000 | R--D | M] -- C:\Users [2012.01.29 02:20:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-20 13:34:42 < > < End of report > Extras: OTL Extras logfile created on: 29.01.2012 10:42:08 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Thomas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 51,64% Memory free 5,21 Gb Paging File | 3,98 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 196,54 Gb Free Space | 68,22% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21136F3F-973F-4FE0-AD09-8B4B53D4A886}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C4D5B7BE-88D9-4996-B5FE-7846573E1649}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E6745DD0-B5A5-4587-8307-63EC3ECBEFFE}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{098BABB4-8AF5-4024-AF33-D6B7A2CFCF2D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{7B56F868-0A1D-4EEB-A1EC-7EA19E113FF8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{961BE916-088C-43B8-98EF-99D5830A154E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "TCP Query User{988E2865-AF68-4075-95F9-D8C90CF818AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{78C4CE6E-98D7-404B-9567-7E3A42393C58}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU) "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91C82FED-477B-4AF1-88FB-F967BB0D7F10}" = Winbond CIR Device Drivers "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0) "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "Zune" = Zune ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 29.01.2012 04:49:49 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:49:49.814]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:50:19 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:50:19.859]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:51:01 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:51:01.792]: [00000012]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106] Error - 29.01.2012 04:51:01 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:51:01.886]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:51:31 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:51:31.926]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:52:14 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:52:14.326]: [00000012]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106] Error - 29.01.2012 04:52:14 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:52:14.420]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:52:44 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:52:44.466]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error Error - 29.01.2012 04:53:26 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:53:26.845]: [00000012]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.106] Error - 29.01.2012 04:53:26 | Computer Name = Notebook | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/01/29 09:53:26.939]: [00000012]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6E09D14] Error [ System Events ] Error - 28.01.2012 21:21:37 | Computer Name = Notebook | Source = DCOM | ID = 10005 Description = Error - 28.01.2012 21:22:02 | Computer Name = Notebook | Source = Service Control Manager | ID = 7001 Description = Error - 28.01.2012 21:22:02 | Computer Name = Notebook | Source = Service Control Manager | ID = 7026 Description = Error - 28.01.2012 21:26:32 | Computer Name = Notebook | Source = DCOM | ID = 10005 Description = Error - 28.01.2012 21:26:32 | Computer Name = Notebook | Source = Microsoft Antimalware | ID = 2001 Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.119.872.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe: %%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8001.0 Fehlercode: 0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet werden. Error - 29.01.2012 02:19:56 | Computer Name = Notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 29.01.2012 02:21:23 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 29.01.2012 02:22:27 | Computer Name = Notebook | Source = DCOM | ID = 10005 Description = Error - 29.01.2012 02:22:27 | Computer Name = Notebook | Source = Service Control Manager | ID = 7009 Description = Error - 29.01.2012 02:22:27 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000 Description = < End of report > Als letztes noch der logfile von Gmer: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-01-29 13:37:55 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C Running: 1jo75uro.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT 8A9C2336 ZwCreateSection SSDT 8A9C233B ZwSetContextThread SSDT 8A9C22D7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 826E9998 4 Bytes [36, 23, 9C, 8A] .text ntkrnlpa.exe!KeSetEvent + 56D 826E9CF0 4 Bytes [3B, 23, 9C, 8A] .text ntkrnlpa.exe!KeSetEvent + 621 826E9DA4 4 Bytes [D7, 22, 9C, 8A] ? System32\drivers\udlv.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DA09340, 0x3EDF57, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- So, hoffe mal, alles richtig hinbekommen zu haben, und das ich um ein Format: C herumkomme. Gruß Thomas |
29.01.2012, 20:12 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt"Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
29.01.2012, 20:33 | #3 |
| Trojaner "Bundeskriminalamt" Hallo Arne,
__________________Erst ma sorry wegen den Code Tags. Hab´s zuspät gesehen. Hier der einzige Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.28.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Thomas :: NOTEBOOK [limited] 29.01.2012 09:01:33 mbam-log-2012-01-29 (09-01-33).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226156 Time elapsed: 49 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
30.01.2012, 06:19 | #4 |
| Trojaner "Bundeskriminalamt" Moin moin Sorry für den Doppelpost. Mir ist heute nacht im Bett eingefallen, wo der zweite Log (bzw. war es ja der Erste) von Malware Bytes stehen könnte. Hatte ihn im abg. Modus als Admin gemacht. Also sollte man auch auf der richtigen Benutzeroberfläche schauen. Also hier der erste Log mit den drei Funden von Malware Bytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.28.06 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Admin :: NOTEBOOK [Administrator] 29.01.2012 03:05:29 mbam-log-2012-01-29 (03-05-29).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 303938 Laufzeit: 40 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Thomas\AppData\Local\Temp\0.4780454529726499.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\21437723-5f92de33 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4780454529726499.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
30.01.2012, 10:34 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt" Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
30.01.2012, 21:45 | #6 |
| Trojaner "Bundeskriminalamt" N´abend... Da bin ich endlich wieder. Hier der logfile von Eset. Scheint nichts auffällig zu sein, außer der Zeit. Der Scan hat 3 3/4 Std. gedauert!! Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7d13f5df8946e745b1c56a0b328bfaeb # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-30 08:35:17 # local_time=2012-01-30 09:35:17 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 275596 64482617 120349 0 # compatibility_mode=5892 16776574 100 95 20066631 165474924 0 0 # compatibility_mode=8192 67108863 100 0 4066 4066 0 0 # scanned=117733 # found=0 # cleaned=0 # scan_time=13520 Ich muß in die Heia. Thomas |
30.01.2012, 22:12 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 06:26 | #8 |
| Trojaner "Bundeskriminalamt" Moin moin Hier das neue OTL log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.01.2012 05:49:54 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Thomas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 63,19% Memory free 5,21 Gb Paging File | 4,24 Gb Available in Paging File | 81,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 195,39 Gb Free Space | 67,82% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.29 10:37:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe PRC - [2011.06.30 12:00:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.04.28 11:25:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.04.22 12:20:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Thomas\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.09 08:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe PRC - [2008.05.20 17:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.04.25 09:24:56 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\winrar\RarExt.dll MOD - [2009.01.09 16:10:52 | 000,139,264 | ---- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.06.30 12:00:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 11:25:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 12:00:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 12:00:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.07.18 23:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.30 18:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.30 12:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008.05.26 20:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008.05.15 08:56:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (Int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 13:01:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 20:26:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.03 08:56:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.30 05:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.01.30 05:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\vcfnrzwd.default\extensions [2012.01.30 05:56:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\vcfnrzwd.default\extensions\toolbar@web.de [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.01.08 13:01:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0528DA79-3E5A-4227-8519-C70CC3CC10FD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SMR250 - Service SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.30 17:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.30 05:58:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.01.30 05:58:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe [2012.01.30 05:55:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla [2012.01.30 05:55:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla [2012.01.29 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.01.29 03:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.29 03:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.29 03:02:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.29 03:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.29 02:10:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NPE [2012.01.29 02:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.01.29 01:54:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.01.25 12:52:52 | 000,000,000 | ---D | C] -- C:\bf79cb9499e94e1adefe7115a0535872 [2012.01.11 20:25:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.01.31 05:43:25 | 000,056,414 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.31 05:42:48 | 000,056,414 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.31 05:41:34 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 05:41:34 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 05:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.31 05:41:09 | 2682,580,992 | -HS- | M] () -- C:\hiberfil.sys [2012.01.29 10:15:40 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.01.29 03:02:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.29 02:19:22 | 006,365,664 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\SMRBackup250.dat [2012.01.14 09:35:35 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.14 09:35:35 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.14 09:35:35 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.14 09:35:35 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.02 17:20:18 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012.01.29 10:15:40 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.01.29 07:19:40 | 2682,580,992 | -HS- | C] () -- C:\hiberfil.sys [2012.01.29 03:02:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.29 02:12:12 | 006,365,664 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\SMRBackup250.dat [2011.07.03 10:09:29 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.07.03 10:09:26 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.04.26 08:22:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.26 08:22:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.25 10:22:39 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.25 10:22:01 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.04.25 10:21:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.04.25 10:03:21 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.04.24 07:14:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.22 12:36:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.04.22 12:16:26 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2011.04.22 12:16:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.04.22 12:16:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.04.22 12:16:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,258,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.01.30 22:04:59 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.30 05:58:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.10.16 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira [2011.10.03 17:41:37 | 000,000,000 | R--D | M] -- C:\Users\Admin\AppData\Roaming\Brother [2011.04.22 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2011.04.25 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield [2012.01.30 05:58:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.01.29 03:02:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.10.24 05:46:04 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2012.01.30 05:56:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.05.26 20:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys [2008.05.26 20:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_903234fc\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Schönen Tag... Thomas |
31.01.2012, 09:06 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2012.01.30 05:56:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\vcfnrzwd.default\extensions\toolbar@web.de [2012.01.02 17:20:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 20:52 | #10 |
| Trojaner "Bundeskriminalamt" N´abend Also, habe gerade den Fix mit OTL gemacht. Etwas später kam die Fehlermeldung, das OTL wegen eines Problems geschlossen wird. Danach war der Bildschirm schwarz. Taskmanager konnte ich noch öffnen. Habe aber trotzdem einen Neustart gemacht. Wollté es noch mal probieren, und als ich OTL öffnen wollte, kam das: Code:
ATTFilter Files\Folders moved on Reboot... Registry entries deleted on Reboot... Alle Vierenscanner waren deaktieviert, I-net getrennt und OTL als Admin gestartet. Langsam werde ich nervös. Sollte ich meine Daten sichern, oder sichere ich mir dann eventuell den Trojaner mit? Ha, habs noch mal versucht. Diesmal hats geklappt. Code:
ATTFilter All processes killed ========== OTL ========== Folder C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\vcfnrzwd.default\extensions\toolbar@web.de\ not found. Folder C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found. File C:\Programme\PokerStars\PokerStarsUpdate.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found. File C:\Programme\PokerStars.NET\PokerStarsUpdate.exe not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 12288 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Thomas ->Temp folder emptied: 454261 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 18333933 bytes ->Flash cache emptied: 0 bytes User: Verena ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 950618 bytes ->FireFox cache emptied: 294681884 bytes ->Flash cache emptied: 1862 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 112363675 bytes RecycleBin emptied: 4371 bytes Total Files Cleaned = 407,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01312012_205734 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Thomas Geändert von Eule (31.01.2012 um 21:07 Uhr) |
31.01.2012, 21:47 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 22:02 | #12 |
| Trojaner "Bundeskriminalamt" TDSS-Killer log file: Code:
ATTFilter 21:56:27.0668 3496 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36 21:56:28.0423 3496 ============================================================ 21:56:28.0423 3496 Current date / time: 2012/01/31 21:56:28.0423 21:56:28.0424 3496 SystemInfo: 21:56:28.0424 3496 21:56:28.0424 3496 OS Version: 6.0.6002 ServicePack: 2.0 21:56:28.0424 3496 Product type: Workstation 21:56:28.0424 3496 ComputerName: NOTEBOOK 21:56:28.0425 3496 UserName: Admin 21:56:28.0425 3496 Windows directory: C:\Windows 21:56:28.0425 3496 System windows directory: C:\Windows 21:56:28.0426 3496 Processor architecture: Intel x86 21:56:28.0426 3496 Number of processors: 2 21:56:28.0426 3496 Page size: 0x1000 21:56:28.0426 3496 Boot type: Normal boot 21:56:28.0426 3496 ============================================================ 21:56:30.0071 3496 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:56:32.0303 3496 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:56:32.0314 3496 \Device\Harddisk0\DR0: 21:56:32.0314 3496 MBR used 21:56:32.0314 3496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800 21:56:32.0314 3496 \Device\Harddisk1\DR1: 21:56:32.0315 3496 MBR used 21:56:32.0357 3496 Initialize success 21:56:32.0357 3496 ============================================================ 21:57:00.0422 3340 ============================================================ 21:57:00.0422 3340 Scan started 21:57:00.0422 3340 Mode: Manual; SigCheck; TDLFS; 21:57:00.0422 3340 ============================================================ 21:57:00.0998 3340 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 21:57:01.0283 3340 ACPI - ok 21:57:01.0420 3340 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 21:57:01.0559 3340 adp94xx - ok 21:57:01.0678 3340 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 21:57:01.0787 3340 adpahci - ok 21:57:01.0820 3340 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 21:57:01.0932 3340 adpu160m - ok 21:57:01.0957 3340 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 21:57:02.0056 3340 adpu320 - ok 21:57:02.0209 3340 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 21:57:02.0291 3340 AFD - ok 21:57:02.0351 3340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 21:57:02.0416 3340 agp440 - ok 21:57:02.0511 3340 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 21:57:02.0591 3340 aic78xx - ok 21:57:02.0618 3340 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 21:57:02.0655 3340 aliide - ok 21:57:02.0691 3340 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 21:57:02.0750 3340 amdagp - ok 21:57:02.0841 3340 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 21:57:02.0876 3340 amdide - ok 21:57:02.0917 3340 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 21:57:02.0986 3340 AmdK7 - ok 21:57:03.0072 3340 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 21:57:03.0191 3340 AmdK8 - ok 21:57:03.0347 3340 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 21:57:03.0423 3340 arc - ok 21:57:03.0507 3340 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 21:57:03.0591 3340 arcsas - ok 21:57:03.0682 3340 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 21:57:03.0815 3340 AsyncMac - ok 21:57:03.0960 3340 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 21:57:04.0006 3340 atapi - ok 21:57:04.0114 3340 athr (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys 21:57:04.0406 3340 athr - ok 21:57:04.0527 3340 ATSWPDRV (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 21:57:04.0738 3340 ATSWPDRV - ok 21:57:04.0882 3340 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 21:57:04.0965 3340 avgntflt - ok 21:57:05.0001 3340 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 21:57:05.0176 3340 avipbb - ok 21:57:05.0245 3340 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys 21:57:05.0322 3340 b57nd60x - ok 21:57:05.0435 3340 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 21:57:05.0514 3340 Beep - ok 21:57:05.0621 3340 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 21:57:05.0726 3340 blbdrive - ok 21:57:05.0793 3340 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 21:57:05.0870 3340 bowser - ok 21:57:05.0966 3340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 21:57:06.0016 3340 BrFiltLo - ok 21:57:06.0071 3340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 21:57:06.0156 3340 BrFiltUp - ok 21:57:06.0311 3340 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 21:57:06.0449 3340 Brserid - ok 21:57:06.0545 3340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 21:57:06.0682 3340 BrSerWdm - ok 21:57:06.0708 3340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 21:57:06.0849 3340 BrUsbMdm - ok 21:57:06.0950 3340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 21:57:07.0045 3340 BrUsbSer - ok 21:57:07.0169 3340 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 21:57:07.0318 3340 BTHMODEM - ok 21:57:07.0561 3340 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 21:57:07.0716 3340 cdfs - ok 21:57:07.0940 3340 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 21:57:08.0143 3340 cdrom - ok 21:57:08.0219 3340 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 21:57:08.0313 3340 circlass - ok 21:57:08.0401 3340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 21:57:08.0454 3340 CLFS - ok 21:57:08.0549 3340 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 21:57:08.0617 3340 CmBatt - ok 21:57:08.0702 3340 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 21:57:08.0753 3340 cmdide - ok 21:57:08.0785 3340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 21:57:08.0838 3340 Compbatt - ok 21:57:08.0872 3340 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 21:57:08.0952 3340 crcdisk - ok 21:57:09.0035 3340 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 21:57:09.0144 3340 Crusoe - ok 21:57:09.0285 3340 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 21:57:09.0402 3340 DfsC - ok 21:57:09.0542 3340 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 21:57:09.0631 3340 disk - ok 21:57:09.0715 3340 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 21:57:09.0782 3340 drmkaud - ok 21:57:09.0881 3340 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 21:57:09.0932 3340 DXGKrnl - ok 21:57:10.0036 3340 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 21:57:10.0176 3340 E1G60 - ok 21:57:10.0327 3340 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 21:57:10.0491 3340 Ecache - ok 21:57:10.0640 3340 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 21:57:10.0726 3340 elxstor - ok 21:57:10.0838 3340 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 21:57:10.0949 3340 ErrDev - ok 21:57:11.0044 3340 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 21:57:11.0134 3340 exfat - ok 21:57:11.0230 3340 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 21:57:11.0377 3340 fastfat - ok 21:57:11.0437 3340 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 21:57:11.0560 3340 fdc - ok 21:57:11.0666 3340 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 21:57:11.0745 3340 FileInfo - ok 21:57:11.0776 3340 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 21:57:11.0859 3340 Filetrace - ok 21:57:11.0935 3340 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 21:57:12.0032 3340 flpydisk - ok 21:57:12.0113 3340 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 21:57:12.0179 3340 FltMgr - ok 21:57:12.0282 3340 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 21:57:12.0355 3340 Fs_Rec - ok 21:57:12.0396 3340 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 21:57:12.0481 3340 gagp30kx - ok 21:57:12.0585 3340 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 21:57:12.0681 3340 HdAudAddService - ok 21:57:12.0786 3340 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:57:12.0969 3340 HDAudBus - ok 21:57:13.0046 3340 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 21:57:13.0228 3340 HidBth - ok 21:57:13.0324 3340 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 21:57:13.0377 3340 HidIr - ok 21:57:13.0460 3340 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 21:57:13.0616 3340 HidUsb - ok 21:57:13.0667 3340 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 21:57:13.0731 3340 HpCISSs - ok 21:57:13.0804 3340 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 21:57:13.0900 3340 HSFHWAZL - ok 21:57:14.0002 3340 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys 21:57:14.0214 3340 HSF_DPV - ok 21:57:14.0326 3340 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 21:57:14.0416 3340 HSXHWAZL - ok 21:57:14.0457 3340 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 21:57:14.0677 3340 HTTP - ok 21:57:14.0785 3340 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 21:57:14.0842 3340 i2omp - ok 21:57:14.0901 3340 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 21:57:15.0060 3340 i8042prt - ok 21:57:15.0175 3340 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 21:57:15.0290 3340 iaStorV - ok 21:57:15.0337 3340 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 21:57:15.0380 3340 iirsp - ok 21:57:15.0475 3340 Int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\System32\drivers\int15.sys 21:57:15.0503 3340 Int15 ( UnsignedFile.Multi.Generic ) - warning 21:57:15.0503 3340 Int15 - detected UnsignedFile.Multi.Generic (1) 21:57:15.0648 3340 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys 21:57:15.0912 3340 IntcAzAudAddService - ok 21:57:16.0040 3340 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 21:57:16.0104 3340 intelide - ok 21:57:16.0138 3340 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 21:57:16.0249 3340 intelppm - ok 21:57:16.0365 3340 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:57:16.0487 3340 IpFilterDriver - ok 21:57:16.0509 3340 IpInIp - ok 21:57:16.0536 3340 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 21:57:16.0686 3340 IPMIDRV - ok 21:57:16.0711 3340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 21:57:16.0764 3340 IPNAT - ok 21:57:16.0854 3340 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 21:57:16.0918 3340 IRENUM - ok 21:57:16.0936 3340 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 21:57:16.0979 3340 isapnp - ok 21:57:17.0028 3340 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 21:57:17.0059 3340 iScsiPrt - ok 21:57:17.0157 3340 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 21:57:17.0193 3340 iteatapi - ok 21:57:17.0215 3340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 21:57:17.0264 3340 iteraid - ok 21:57:17.0287 3340 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 21:57:17.0328 3340 kbdclass - ok 21:57:17.0390 3340 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 21:57:17.0456 3340 kbdhid - ok 21:57:17.0569 3340 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 21:57:17.0678 3340 KSecDD - ok 21:57:17.0749 3340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 21:57:17.0878 3340 lltdio - ok 21:57:18.0070 3340 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 21:57:18.0217 3340 LSI_FC - ok 21:57:18.0285 3340 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 21:57:18.0414 3340 LSI_SAS - ok 21:57:18.0514 3340 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 21:57:18.0575 3340 LSI_SCSI - ok 21:57:18.0607 3340 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 21:57:18.0713 3340 luafv - ok 21:57:18.0748 3340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 21:57:18.0775 3340 mdmxsdk - ok 21:57:18.0851 3340 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 21:57:18.0919 3340 megasas - ok 21:57:18.0963 3340 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 21:57:19.0052 3340 MegaSR - ok 21:57:19.0163 3340 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 21:57:19.0268 3340 Modem - ok 21:57:19.0295 3340 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 21:57:19.0395 3340 monitor - ok 21:57:19.0424 3340 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 21:57:19.0462 3340 mouclass - ok 21:57:19.0542 3340 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 21:57:19.0615 3340 mouhid - ok 21:57:19.0654 3340 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 21:57:19.0703 3340 MountMgr - ok 21:57:19.0853 3340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 21:57:19.0985 3340 MpFilter - ok 21:57:20.0125 3340 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 21:57:20.0299 3340 mpio - ok 21:57:20.0429 3340 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 21:57:20.0479 3340 MpNWMon - ok 21:57:20.0550 3340 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 21:57:20.0619 3340 mpsdrv - ok 21:57:20.0666 3340 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 21:57:20.0704 3340 Mraid35x - ok 21:57:20.0764 3340 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 21:57:20.0821 3340 MRxDAV - ok 21:57:20.0911 3340 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:57:20.0999 3340 mrxsmb - ok 21:57:21.0047 3340 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:57:21.0120 3340 mrxsmb10 - ok 21:57:21.0136 3340 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:57:21.0207 3340 mrxsmb20 - ok 21:57:21.0286 3340 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 21:57:21.0317 3340 msahci - ok 21:57:21.0349 3340 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 21:57:21.0379 3340 msdsm - ok 21:57:21.0405 3340 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 21:57:21.0467 3340 Msfs - ok 21:57:21.0506 3340 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 21:57:21.0574 3340 msisadrv - ok 21:57:21.0658 3340 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 21:57:21.0749 3340 MSKSSRV - ok 21:57:21.0860 3340 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 21:57:21.0936 3340 MSPCLOCK - ok 21:57:21.0974 3340 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 21:57:22.0064 3340 MSPQM - ok 21:57:22.0124 3340 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 21:57:22.0316 3340 MsRPC - ok 21:57:22.0414 3340 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 21:57:22.0470 3340 mssmbios - ok 21:57:22.0497 3340 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 21:57:22.0560 3340 MSTEE - ok 21:57:22.0618 3340 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 21:57:22.0671 3340 Mup - ok 21:57:22.0779 3340 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 21:57:22.0861 3340 NativeWifiP - ok 21:57:23.0036 3340 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 21:57:23.0160 3340 NDIS - ok 21:57:23.0208 3340 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 21:57:23.0271 3340 NdisTapi - ok 21:57:23.0378 3340 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 21:57:23.0470 3340 Ndisuio - ok 21:57:23.0543 3340 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:57:23.0618 3340 NdisWan - ok 21:57:23.0695 3340 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 21:57:23.0789 3340 NDProxy - ok 21:57:23.0815 3340 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 21:57:23.0934 3340 NetBIOS - ok 21:57:23.0988 3340 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 21:57:24.0156 3340 netbt - ok 21:57:24.0281 3340 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 21:57:24.0352 3340 nfrd960 - ok 21:57:24.0397 3340 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 21:57:24.0473 3340 NisDrv - ok 21:57:24.0542 3340 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 21:57:24.0652 3340 Npfs - ok 21:57:24.0740 3340 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 21:57:24.0847 3340 nsiproxy - ok 21:57:24.0977 3340 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 21:57:25.0391 3340 Ntfs - ok 21:57:25.0495 3340 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 21:57:25.0629 3340 ntrigdigi - ok 21:57:25.0657 3340 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 21:57:25.0732 3340 Null - ok 21:57:25.0759 3340 NVHDA - ok 21:57:26.0181 3340 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:57:27.0742 3340 nvlddmkm - ok 21:57:27.0833 3340 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 21:57:27.0901 3340 nvstor - ok 21:57:27.0944 3340 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys 21:57:28.0057 3340 nvstor32 - ok 21:57:28.0096 3340 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 21:57:28.0145 3340 nv_agp - ok 21:57:28.0158 3340 NwlnkFlt - ok 21:57:28.0173 3340 NwlnkFwd - ok 21:57:28.0194 3340 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 21:57:28.0303 3340 ohci1394 - ok 21:57:28.0395 3340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 21:57:28.0613 3340 Parport - ok 21:57:28.0683 3340 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 21:57:28.0732 3340 partmgr - ok 21:57:28.0751 3340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 21:57:28.0816 3340 Parvdm - ok 21:57:28.0939 3340 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 21:57:28.0996 3340 pci - ok 21:57:29.0030 3340 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 21:57:29.0079 3340 pciide - ok 21:57:29.0103 3340 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 21:57:29.0177 3340 pcmcia - ok 21:57:29.0298 3340 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 21:57:29.0492 3340 PEAUTH - ok 21:57:29.0653 3340 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 21:57:29.0754 3340 PptpMiniport - ok 21:57:29.0777 3340 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 21:57:29.0864 3340 Processor - ok 21:57:29.0999 3340 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 21:57:30.0129 3340 PSched - ok 21:57:30.0218 3340 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 21:57:30.0506 3340 ql2300 - ok 21:57:30.0625 3340 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 21:57:30.0730 3340 ql40xx - ok 21:57:30.0783 3340 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 21:57:30.0855 3340 QWAVEdrv - ok 21:57:30.0896 3340 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 21:57:30.0970 3340 RasAcd - ok 21:57:31.0059 3340 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:57:31.0175 3340 Rasl2tp - ok 21:57:31.0274 3340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 21:57:31.0357 3340 RasPppoe - ok 21:57:31.0467 3340 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 21:57:31.0546 3340 RasSstp - ok 21:57:31.0642 3340 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 21:57:31.0825 3340 rdbss - ok 21:57:31.0902 3340 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:57:31.0998 3340 RDPCDD - ok 21:57:32.0062 3340 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 21:57:32.0195 3340 rdpdr - ok 21:57:32.0281 3340 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 21:57:32.0381 3340 RDPENCDD - ok 21:57:32.0472 3340 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 21:57:32.0591 3340 RDPWD - ok 21:57:32.0690 3340 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 21:57:32.0786 3340 rspndr - ok 21:57:32.0856 3340 RTSTOR (830b682cb24206f457ea8a617605209f) C:\Windows\system32\drivers\RTSTOR.SYS 21:57:32.0949 3340 RTSTOR - ok 21:57:33.0015 3340 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 21:57:33.0089 3340 sbp2port - ok 21:57:33.0161 3340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 21:57:33.0287 3340 secdrv - ok 21:57:33.0318 3340 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 21:57:33.0386 3340 Serenum - ok 21:57:33.0456 3340 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 21:57:33.0540 3340 Serial - ok 21:57:33.0597 3340 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 21:57:33.0648 3340 sermouse - ok 21:57:33.0721 3340 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 21:57:33.0763 3340 sffdisk - ok 21:57:33.0807 3340 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 21:57:33.0867 3340 sffp_mmc - ok 21:57:33.0891 3340 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 21:57:33.0940 3340 sffp_sd - ok 21:57:34.0007 3340 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 21:57:34.0088 3340 sfloppy - ok 21:57:34.0146 3340 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 21:57:34.0218 3340 sisagp - ok 21:57:34.0285 3340 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 21:57:34.0334 3340 SiSRaid2 - ok 21:57:34.0387 3340 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 21:57:34.0437 3340 SiSRaid4 - ok 21:57:34.0506 3340 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 21:57:34.0602 3340 Smb - ok 21:57:34.0677 3340 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 21:57:34.0727 3340 spldr - ok 21:57:34.0777 3340 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 21:57:34.0852 3340 srv - ok 21:57:34.0884 3340 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 21:57:34.0959 3340 srv2 - ok 21:57:35.0039 3340 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 21:57:35.0105 3340 srvnet - ok 21:57:35.0166 3340 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 21:57:35.0218 3340 ssmdrv - ok 21:57:35.0282 3340 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 21:57:35.0378 3340 StillCam - ok 21:57:35.0522 3340 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 21:57:35.0613 3340 swenum - ok 21:57:35.0668 3340 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 21:57:35.0738 3340 Symc8xx - ok 21:57:35.0772 3340 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 21:57:35.0817 3340 Sym_hi - ok 21:57:35.0842 3340 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 21:57:35.0881 3340 Sym_u3 - ok 21:57:35.0987 3340 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys 21:57:36.0025 3340 SynTP - ok 21:57:36.0107 3340 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys 21:57:36.0285 3340 Tcpip - ok 21:57:36.0428 3340 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys 21:57:36.0601 3340 Tcpip6 - ok 21:57:36.0701 3340 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys 21:57:36.0752 3340 tcpipreg - ok 21:57:36.0794 3340 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 21:57:36.0866 3340 TDPIPE - ok 21:57:36.0900 3340 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 21:57:36.0962 3340 TDTCP - ok 21:57:37.0069 3340 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 21:57:37.0144 3340 tdx - ok 21:57:37.0194 3340 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 21:57:37.0241 3340 TermDD - ok 21:57:37.0326 3340 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:57:37.0388 3340 tssecsrv - ok 21:57:37.0478 3340 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 21:57:37.0523 3340 tunmp - ok 21:57:37.0551 3340 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 21:57:37.0637 3340 tunnel - ok 21:57:37.0657 3340 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 21:57:37.0736 3340 uagp35 - ok 21:57:37.0845 3340 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 21:57:37.0918 3340 udfs - ok 21:57:37.0976 3340 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 21:57:38.0059 3340 uliagpkx - ok 21:57:38.0093 3340 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 21:57:38.0243 3340 uliahci - ok 21:57:38.0330 3340 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 21:57:38.0435 3340 UlSata - ok 21:57:38.0461 3340 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 21:57:38.0546 3340 ulsata2 - ok 21:57:38.0572 3340 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 21:57:38.0656 3340 umbus - ok 21:57:38.0744 3340 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 21:57:38.0810 3340 usbccgp - ok 21:57:38.0866 3340 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 21:57:39.0045 3340 usbcir - ok 21:57:39.0165 3340 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 21:57:39.0226 3340 usbehci - ok 21:57:39.0333 3340 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 21:57:39.0445 3340 usbhub - ok 21:57:39.0558 3340 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 21:57:39.0637 3340 usbohci - ok 21:57:39.0699 3340 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 21:57:39.0767 3340 usbprint - ok 21:57:39.0799 3340 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:57:39.0919 3340 USBSTOR - ok 21:57:39.0999 3340 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 21:57:40.0084 3340 usbuhci - ok 21:57:40.0157 3340 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 21:57:40.0210 3340 usbvideo - ok 21:57:40.0287 3340 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 21:57:40.0353 3340 vga - ok 21:57:40.0410 3340 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 21:57:40.0499 3340 VgaSave - ok 21:57:40.0560 3340 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 21:57:40.0632 3340 viaagp - ok 21:57:40.0677 3340 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 21:57:40.0787 3340 ViaC7 - ok 21:57:40.0819 3340 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 21:57:40.0870 3340 viaide - ok 21:57:40.0930 3340 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 21:57:40.0996 3340 volmgr - ok 21:57:41.0085 3340 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 21:57:41.0156 3340 volmgrx - ok 21:57:41.0219 3340 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 21:57:41.0274 3340 volsnap - ok 21:57:41.0348 3340 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 21:57:41.0449 3340 vsmraid - ok 21:57:41.0498 3340 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 21:57:41.0652 3340 WacomPen - ok 21:57:41.0793 3340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:57:41.0899 3340 Wanarp - ok 21:57:41.0926 3340 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:57:42.0038 3340 Wanarpv6 - ok 21:57:42.0103 3340 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 21:57:42.0143 3340 Wd - ok 21:57:42.0245 3340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 21:57:42.0322 3340 Wdf01000 - ok 21:57:42.0441 3340 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 21:57:42.0544 3340 winachsf - ok 21:57:42.0686 3340 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys 21:57:42.0851 3340 winbondcir - ok 21:57:43.0037 3340 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys 21:57:43.0138 3340 WinUSB - ok 21:57:43.0246 3340 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:57:43.0313 3340 WmiAcpi - ok 21:57:43.0461 3340 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 21:57:43.0540 3340 WpdUsb - ok 21:57:43.0626 3340 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 21:57:43.0747 3340 ws2ifsl - ok 21:57:43.0870 3340 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 21:57:44.0023 3340 WudfPf - ok 21:57:44.0138 3340 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:57:44.0268 3340 WUDFRd - ok 21:57:44.0346 3340 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 21:57:44.0391 3340 XAudio - ok 21:57:44.0449 3340 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 21:57:44.0628 3340 \Device\Harddisk0\DR0 - ok 21:57:44.0636 3340 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1 21:57:48.0639 3340 \Device\Harddisk1\DR1 - ok 21:57:48.0655 3340 Boot (0x1200) (cb3df41a81844cf04eb9799144b2fead) \Device\Harddisk0\DR0\Partition0 21:57:48.0656 3340 \Device\Harddisk0\DR0\Partition0 - ok 21:57:48.0668 3340 ============================================================ 21:57:48.0668 3340 Scan finished 21:57:48.0668 3340 ============================================================ 21:57:48.0718 2564 Detected object count: 1 21:57:48.0718 2564 Actual detected object count: 1 21:58:02.0693 2564 Int15 ( UnsignedFile.Multi.Generic ) - skipped by user 21:58:02.0693 2564 Int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:59:28.0928 0276 Deinitialize success |
31.01.2012, 22:22 | #13 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2012, 22:52 | #14 |
| Trojaner "Bundeskriminalamt" Hier noch der Combofix log: [Code] Combofix Logfile: Code:
ATTFilter ComboFix 12-01-30.02 - Admin 31.01.2012 22:33:23.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2557.1672 [GMT 1:00] ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-12-28 bis 2012-01-31 )))))))))))))))))))))))))))))) . . 2012-01-31 21:40 . 2012-01-31 21:40 -------- d-----w- c:\users\Admin\AppData\Local\temp 2012-01-31 20:03 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{151EABDD-73C4-4E1D-9FB2-FEFF835349AE}\mpengine.dll 2012-01-31 19:17 . 2012-01-31 19:17 -------- d-----w- c:\users\Admin\AppData\Local\CrashDumps 2012-01-31 19:14 . 2012-01-31 19:14 -------- d-----w- C:\_OTL 2012-01-30 16:42 . 2012-01-30 16:42 -------- d-----w- c:\program files\ESET 2012-01-30 04:55 . 2012-01-30 04:55 -------- d-----w- c:\users\Admin\AppData\Local\Mozilla 2012-01-29 02:05 . 2012-01-29 02:05 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes 2012-01-29 02:02 . 2012-01-29 02:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes 2012-01-29 02:02 . 2012-01-29 02:02 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 02:02 . 2012-01-29 02:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-29 02:02 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-29 01:10 . 2012-01-29 01:40 -------- d-----w- c:\users\Admin\AppData\Local\NPE 2012-01-29 01:10 . 2012-01-29 01:11 -------- d-----w- c:\programdata\Norton 2012-01-29 00:54 . 2012-01-29 00:54 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-01-25 11:52 . 2012-01-25 11:52 -------- d-----w- C:\bf79cb9499e94e1adefe7115a0535872 2012-01-20 13:33 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-20 13:33 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-20 13:33 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-20 13:33 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-20 13:33 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-20 13:33 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-11 18:26 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 18:26 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-11 18:26 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-11 18:26 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-11 18:26 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-11 18:26 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-11 18:25 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 18:25 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll 2012-01-02 16:20 . 2012-01-08 12:01 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-01-02 16:19 . 2012-01-08 12:01 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-02 16:19 . 2011-12-17 01:19 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-02 16:19 . 2011-12-17 01:19 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-02 16:19 . 2011-12-17 01:19 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-06 04:19 . 2011-09-15 12:44 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-04 09:26 . 2011-04-22 12:04 236576 ------w- c:\windows\system32\MpSigStub.exe 2011-12-31 16:04 . 2011-12-31 16:04 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-11-23 16:28 . 2011-05-20 04:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:37 . 2011-12-18 09:51 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-08 14:42 . 2011-12-18 09:51 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-03 22:47 . 2011-12-18 10:41 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-03 22:40 . 2011-12-18 10:41 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-03 22:39 . 2011-12-18 10:41 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-03 22:31 . 2011-12-18 10:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-08 12:01 . 2012-01-02 16:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-13 1033512] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456] . c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 60122348 *Deregistered* - 60122348 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Zusätzlicher Suchlauf ------- . TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcfnrzwd.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Notify-AWinNotifyVitaKey MC3000 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-01-31 22:40 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6002 Disk: Hitachi_HTS543232L9A300 rev.FB4OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(3896) c:\windows\system32\NVSVC.DLL . Zeit der Fertigstellung: 2012-01-31 22:42:22 ComboFix-quarantined-files.txt 2012-01-31 21:42 . Vor Suchlauf: 12 Verzeichnis(se), 211.866.533.888 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 211.970.564.096 Bytes frei . - - End Of File - - 5C1FC8B110506C61929143BAA8E4DD14 |
01.02.2012, 10:23 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner "Bundeskriminalamt"Zitat:
Umgehend eins der beiden deinstallieren. Eigentlich hätte MSE auch bei der Installation warnen müssen, dass kein anderer Virenscanner installiert sein darf!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner "Bundeskriminalamt" |
anti maleware, antivir, autorun, bho, desktop, error, euro, fehler, firefox, flash player, home, install.exe, logfile, maleware, microsoft security, mozilla thunderbird, nt.dll, plug-in, programm, prozesse, realtek, registry, required, rojaner gefunden, rundll, security, software, starten, svchost.exe, symantec, thomas, trojaner, trojaner gefunden, udp, usb 2.0, version=1.0, verweise, virus/trojaner, windows |