|
Log-Analyse und Auswertung: einschätzung malware-logWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.02.2012, 15:44 | #1 |
| einschätzung malware-log Hey Leute, versuche gerade einen Rechner etwas herzurichten. Hab malware ausgeführt und folgende log erhalten. wollte gern wissen, ob irgendwas beunruhigendes herausgelesen werden kann. Datenbank Version: v2012.02.20.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Julchen :: JULCHEN-PC [Administrator] Schutz: Aktiviert 20.02.2012 15:26:09 mbam-log-2012-02-20 (15-26-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195376 Laufzeit: 7 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> 1888 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio.TB) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{729C39E9-6A9B-796A-6EAC-8B97FA342916} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Julchen\AppData\Roaming\Exovy\rexe.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Löschen bei Neustart. (Ende) danke schon mal! |
21.02.2012, 13:40 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Da ist auf jeden Fall Malware drauf aktiv gewesen. Was wurde noch entfernt und womit?
__________________
__________________ |
21.02.2012, 13:50 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
21.02.2012, 17:33 | #5 |
| einschätzung malware-log Hey, hier der log von malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.21.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Julchen :: JULCHEN-PC [Administrator] Schutz: Deaktiviert 21.02.2012 14:03:36 mbam-log-2012-02-21 (14-03-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 358942 Laufzeit: 3 Stunde(n), 27 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3f8f1b50d1c0d744a38ca078cc3dcd65 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-21 04:13:02 # local_time=2012-02-21 05:13:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 337294 105345251 80072 0 # compatibility_mode=5892 16776574 100 95 75751378 167362672 0 0 # compatibility_mode=8192 67108863 100 0 3766 3766 0 0 # scanned=173507 # found=9 # cleaned=0 # scan_time=10839 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I ${Memory} Variante von Win32/Adware.Toolbar.Dealio Anwendung 00000000000000000000000000000000 I |
21.02.2012, 19:05 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> einschätzung malware-log |
21.02.2012, 21:04 | #7 |
| einschätzung malware-log Hier ist die OTL-log OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.02.2012 20:35:34 - Run 1 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,53% Memory free 6,06 Gb Paging File | 4,89 Gb Available in Paging File | 80,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 93,16 Gb Free Space | 32,31% Space Free | Partition Type: NTFS Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.21 20:32:13 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\\Downloads\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.08.05 22:10:48 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.15 21:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.05.15 21:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.29 18:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWR.exe PRC - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2009.04.01 20:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.12 01:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.02.11 14:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2008.10.27 11:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2009.02.02 16:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.08.05 22:10:48 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008.10.27 11:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.08 10:08:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.01 20:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.10.09 15:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.10.09 15:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.10.09 15:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.22 14:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 17:04:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 14:48:26 | 000,000,000 | ---D | M] [2009.07.06 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions [2011.12.25 21:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions [2011.12.10 14:15:17 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.07.04 14:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.27 13:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.25 21:00:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.17 16:47:56 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml [2011.02.28 18:16:17 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml [2011.03.30 18:37:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml [2011.05.09 17:33:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml [2011.09.09 14:49:39 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml [2012.02.21 09:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.21 09:39:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.15 19:36:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2011.12.22 23:57:52 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.02.20 17:04:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.03.24 10:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.15 19:36:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 19:36:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.15 19:36:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 19:36:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 19:36:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 19:36:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DBC965D-7897-4BF2-A434-36FF1340302A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FCC4B3-E330-40BD-9603-ED0FDB7FA090}: DhcpNameServer = 83.169.186.33 83.169.186.97 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell - "" = AutoRun O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell - "" = AutoRun O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell - "" = AutoRun O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.21 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.21 09:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.02.20 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\\Roaming [2012.02.20 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Intel [2012.02.20 17:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2012.02.20 17:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.02.20 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2012.02.20 17:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.02.20 17:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.02.20 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes [2012.02.20 15:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.20 15:24:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.20 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.02 12:21:41 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\2012-02 (Feb) [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.02.15 21:50:30 | 000,000,680 | ---- | C] () -- C:\Users\\AppData\Local\d3d9caps.dat [2009.12.18 22:56:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.06 19:20:09 | 000,013,312 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.06 14:25:14 | 004,151,934 | -H-- | C] () -- C:\Users\\AppData\Local\IconCache.db [2009.07.06 13:53:28 | 000,102,424 | ---- | C] () -- C:\Users\\AppData\Local\GDIPFONTCACHEV1.DAT [3 C:\Users\\Documents\*.tmp files -> C:\Users\\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.21 20:33:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000UA.job [2012.02.21 20:33:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.21 20:06:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.21 20:06:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.21 20:06:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.21 20:06:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.21 20:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.21 20:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.21 18:04:50 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.21 18:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.21 12:00:43 | 000,001,145 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.02.21 11:33:12 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000Core.job [2012.02.20 17:57:26 | 000,131,072 | ---- | M] () -- C:\Windows\SPInstall.etl [2012.02.20 16:16:12 | 000,000,134 | ---- | M] () -- C:\Users\\Desktop\Internet Explorer-Problembehebung.url [2012.02.06 22:36:24 | 253,541,601 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.25 19:02:47 | 000,187,543 | ---- | M] () -- C:\Users\\Desktop\Rette die Million.pdf [3 C:\Users\\Documents\*.tmp files -> C:\Users\\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.21 11:57:53 | 000,001,145 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.02.20 17:46:53 | 000,131,072 | ---- | C] () -- C:\Windows\SPInstall.etl [2012.02.20 16:16:12 | 000,000,134 | ---- | C] () -- C:\Users\\Desktop\Internet Explorer-Problembehebung.url [2012.01.25 19:02:47 | 000,187,543 | ---- | C] () -- C:\Users\\Desktop\Rette die Million.pdf [2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.06.03 14:04:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Dauksch\AppData\Roaming\Acer GameZone Console [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009.07.06 15:27:00 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\.# [2009.12.22 09:46:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer GameZone Console [2012.01.02 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Azureus [2011.11.27 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoft [2011.08.28 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.06 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\eSobi [2011.10.28 04:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Exovy [2012.02.21 09:17:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\go [2011.08.26 11:18:55 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\gtk-2.0 [2012.02.21 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\ICQ [2011.10.16 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PhotoFiltre [2010.07.30 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PlayFirst [2011.07.19 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Uwxabu [2012.02.21 18:01:47 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.06 15:27:00 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\.# [2009.12.22 09:46:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer [2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer GameZone Console [2009.07.07 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Adobe [2011.08.31 11:21:17 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Apple Computer [2012.01.02 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Azureus [2010.01.04 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DivX [2012.01.10 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\dvdcss [2011.11.27 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoft [2011.08.28 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.06 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\eSobi [2011.10.28 04:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Exovy [2012.02.21 09:17:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\go [2009.07.06 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Google [2011.08.26 11:18:55 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\gtk-2.0 [2010.02.19 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\HP [2012.02.21 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\ICQ [2009.07.06 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Identities [2012.02.20 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Intel [2009.07.06 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Macromedia [2012.02.20 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Media Center Programs [2012.02.21 10:08:12 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft [2010.03.29 20:29:47 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Move Networks [2012.01.21 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Mozilla [2011.10.16 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PhotoFiltre [2010.07.30 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PlayFirst [2012.02.21 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Skype [2011.09.07 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\skypePM [2012.01.13 18:57:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\U3 [2011.07.19 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Uwxabu [2012.01.23 14:10:08 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\vlc [2010.01.04 22:42:57 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.12.31 15:06:10 | 009,739,704 | ---- | M] (Vuze Inc.) -- C:\Users\\AppData\Roaming\Azureus\tmp\AZU38049.tmp\Vuze_4.7.0.2d_win32.exe [2011.02.10 18:34:52 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.03.29 20:29:47 | 000,144,053 | ---- | M] () -- C:\Users\\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.02.12 01:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.21 03:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.04.21 17:00:56 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914 < End of report > |
21.02.2012, 21:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6 FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" [2010.07.04 14:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.17 16:47:56 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml [2011.02.28 18:16:17 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml [2011.03.30 18:37:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml [2011.05.09 17:33:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml [2011.09.09 14:49:39 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml [2012.02.15 19:36:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2011.12.22 23:57:52 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell - "" = AutoRun O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell - "" = AutoRun O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell - "" = AutoRun O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914 :Files C:\Program Files\Common Files\Spigot C:\PROGRAM FILES\PDFFORGE TOOLBAR C:\Users\\AppData\Roaming\.# C:\Users\\AppData\Roaming\Uwxabu C:\Users\\AppData\Roaming\Exovy :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.02.2012, 21:47 | #9 |
| einschätzung malware-log puuuuh, ich hoffe ich habs richtig gemacht. hier die log: Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr Prefs.js: pdfforge@mybrowserbar.com:4.6 removed from extensions.enabledItems Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. Folder move failed. C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} scheduled to be moved on reboot. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml moved successfully. C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml moved successfully. C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully. C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully. C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6245c649-7133-11de-974b-001f16a6eb44}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6245c649-7133-11de-974b-001f16a6eb44}\ not found. File D:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ deleted successfully. ADS C:\ProgramData\TEMP:E1982A23 deleted successfully. ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully. ADS C:\ProgramData\TEMP:814B9485 deleted successfully. ADS C:\ProgramData\TEMP:3064D21D deleted successfully. ADS C:\ProgramData\TEMP:DCAF903C deleted successfully. ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully. ADS C:\ProgramData\TEMP:ADE16379 deleted successfully. ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ADS C:\ProgramData\TEMP:4F636E25 deleted successfully. ADS C:\ProgramData\TEMP:35759C73 deleted successfully. ADS C:\ProgramData\TEMP:798A3728 deleted successfully. ADS C:\ProgramData\TEMP:41099CE9 deleted successfully. ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully. ADS C:\ProgramData\TEMP:BB24555F deleted successfully. ADS C:\ProgramData\TEMP:B203B914 deleted successfully. ========== FILES ========== C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully. C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully. C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully. C:\Program Files\Common Files\Spigot folder moved successfully. C:\PROGRAM FILES\pdfforge Toolbar\Res\Lang folder moved successfully. C:\PROGRAM FILES\pdfforge Toolbar\Res folder moved successfully. C:\PROGRAM FILES\pdfforge Toolbar\IE\4.9 folder moved successfully. C:\PROGRAM FILES\pdfforge Toolbar\IE folder moved successfully. C:\PROGRAM FILES\pdfforge Toolbar folder moved successfully. C:\Users\xx\AppData\Roaming\.# folder moved successfully. C:\Users\xx\AppData\Roaming\Uwxabu folder moved successfully. C:\Users\xx\AppData\Roaming\Exovy folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: xy ->Temp folder emptied: 202338 bytes ->Temporary Internet Files folder emptied: 26832313 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1226 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xx ->Temp folder emptied: 1937332049 bytes ->Temporary Internet Files folder emptied: 47090927 bytes ->Java cache emptied: 3554001 bytes ->FireFox cache emptied: 49824396 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2842780 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 302477951 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20733644 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes RecycleBin emptied: 43603 bytes Total Files Cleaned = 2.280,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.1 log created on 02212012_213237 Files\Folders moved on Reboot... C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. Registry entries deleted on Reboot... |
21.02.2012, 22:00 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.02.2012, 22:10 | #11 |
| einschätzung malware-log Hier die neue log: Code:
ATTFilter 22:03:42.0034 1412 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 22:03:42.0190 1412 ============================================================ 22:03:42.0190 1412 Current date / time: 2012/02/21 22:03:42.0190 22:03:42.0190 1412 SystemInfo: 22:03:42.0190 1412 22:03:42.0190 1412 OS Version: 6.0.6002 ServicePack: 2.0 22:03:42.0190 1412 Product type: Workstation 22:03:42.0190 1412 ComputerName: xx-PC 22:03:42.0190 1412 UserName: xx 22:03:42.0190 1412 Windows directory: C:\Windows 22:03:42.0190 1412 System windows directory: C:\Windows 22:03:42.0190 1412 Processor architecture: Intel x86 22:03:42.0190 1412 Number of processors: 1 22:03:42.0190 1412 Page size: 0x1000 22:03:42.0190 1412 Boot type: Normal boot 22:03:42.0190 1412 ============================================================ 22:03:42.0908 1412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:03:42.0908 1412 \Device\Harddisk0\DR0: 22:03:42.0908 1412 MBR used 22:03:42.0908 1412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x240A5800 22:03:42.0954 1412 Initialize success 22:03:42.0954 1412 ============================================================ 22:06:25.0085 3288 ============================================================ 22:06:25.0085 3288 Scan started 22:06:25.0085 3288 Mode: Manual; SigCheck; TDLFS; 22:06:25.0085 3288 ============================================================ 22:06:25.0553 3288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 22:06:25.0709 3288 ACPI - ok 22:06:25.0772 3288 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 22:06:25.0803 3288 adp94xx - ok 22:06:25.0865 3288 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 22:06:25.0881 3288 adpahci - ok 22:06:25.0912 3288 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 22:06:25.0928 3288 adpu160m - ok 22:06:25.0974 3288 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 22:06:25.0990 3288 adpu320 - ok 22:06:26.0115 3288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 22:06:26.0208 3288 AFD - ok 22:06:26.0271 3288 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 22:06:26.0286 3288 agp440 - ok 22:06:26.0333 3288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 22:06:26.0349 3288 aic78xx - ok 22:06:26.0442 3288 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 22:06:26.0458 3288 aliide - ok 22:06:26.0505 3288 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 22:06:26.0520 3288 amdagp - ok 22:06:26.0645 3288 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 22:06:26.0661 3288 amdide - ok 22:06:26.0692 3288 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 22:06:26.0864 3288 AmdK7 - ok 22:06:26.0910 3288 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 22:06:27.0004 3288 AmdK8 - ok 22:06:27.0160 3288 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 22:06:27.0176 3288 arc - ok 22:06:27.0238 3288 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 22:06:27.0254 3288 arcsas - ok 22:06:27.0332 3288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 22:06:27.0410 3288 AsyncMac - ok 22:06:27.0441 3288 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 22:06:27.0456 3288 atapi - ok 22:06:27.0566 3288 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 22:06:27.0597 3288 avgio - ok 22:06:27.0628 3288 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 22:06:27.0675 3288 avgntflt - ok 22:06:27.0722 3288 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys 22:06:27.0737 3288 avipbb - ok 22:06:27.0815 3288 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 22:06:27.0862 3288 b57nd60x - ok 22:06:27.0924 3288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 22:06:28.0002 3288 Beep - ok 22:06:28.0080 3288 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 22:06:28.0190 3288 blbdrive - ok 22:06:28.0314 3288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 22:06:28.0377 3288 bowser - ok 22:06:28.0455 3288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 22:06:28.0533 3288 BrFiltLo - ok 22:06:28.0564 3288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 22:06:28.0611 3288 BrFiltUp - ok 22:06:28.0689 3288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 22:06:28.0892 3288 Brserid - ok 22:06:28.0938 3288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 22:06:29.0048 3288 BrSerWdm - ok 22:06:29.0079 3288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 22:06:29.0204 3288 BrUsbMdm - ok 22:06:29.0235 3288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 22:06:29.0313 3288 BrUsbSer - ok 22:06:29.0375 3288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 22:06:29.0422 3288 BTHMODEM - ok 22:06:29.0484 3288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 22:06:29.0547 3288 cdfs - ok 22:06:29.0625 3288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 22:06:29.0656 3288 cdrom - ok 22:06:29.0687 3288 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 22:06:29.0750 3288 circlass - ok 22:06:29.0812 3288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 22:06:29.0828 3288 CLFS - ok 22:06:29.0906 3288 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 22:06:29.0952 3288 CmBatt - ok 22:06:29.0999 3288 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 22:06:30.0015 3288 cmdide - ok 22:06:30.0062 3288 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 22:06:30.0077 3288 Compbatt - ok 22:06:30.0108 3288 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 22:06:30.0124 3288 crcdisk - ok 22:06:30.0155 3288 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 22:06:30.0218 3288 Crusoe - ok 22:06:30.0327 3288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 22:06:30.0389 3288 DfsC - ok 22:06:30.0498 3288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 22:06:30.0514 3288 disk - ok 22:06:30.0608 3288 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 22:06:30.0623 3288 DKbFltr - ok 22:06:30.0701 3288 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 22:06:30.0842 3288 Dot4 - ok 22:06:30.0888 3288 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 22:06:30.0966 3288 Dot4Print - ok 22:06:31.0044 3288 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 22:06:31.0154 3288 dot4usb - ok 22:06:31.0232 3288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 22:06:31.0294 3288 drmkaud - ok 22:06:31.0434 3288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 22:06:31.0544 3288 DXGKrnl - ok 22:06:31.0622 3288 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 22:06:31.0700 3288 E1G60 - ok 22:06:31.0824 3288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 22:06:31.0840 3288 Ecache - ok 22:06:32.0027 3288 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 22:06:32.0058 3288 elxstor - ok 22:06:32.0168 3288 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 22:06:32.0230 3288 ErrDev - ok 22:06:32.0339 3288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 22:06:32.0433 3288 exfat - ok 22:06:32.0511 3288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 22:06:32.0589 3288 fastfat - ok 22:06:32.0682 3288 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 22:06:32.0729 3288 fdc - ok 22:06:32.0760 3288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 22:06:32.0776 3288 FileInfo - ok 22:06:32.0823 3288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 22:06:32.0854 3288 Filetrace - ok 22:06:32.0885 3288 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 22:06:32.0932 3288 flpydisk - ok 22:06:32.0994 3288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 22:06:33.0010 3288 FltMgr - ok 22:06:33.0057 3288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 22:06:33.0104 3288 Fs_Rec - ok 22:06:33.0135 3288 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 22:06:33.0150 3288 gagp30kx - ok 22:06:33.0244 3288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:06:33.0260 3288 GEARAspiWDM - ok 22:06:33.0369 3288 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 22:06:33.0478 3288 HdAudAddService - ok 22:06:33.0587 3288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:06:33.0696 3288 HDAudBus - ok 22:06:33.0743 3288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 22:06:33.0852 3288 HidBth - ok 22:06:33.0884 3288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 22:06:33.0977 3288 HidIr - ok 22:06:34.0086 3288 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 22:06:34.0164 3288 HidUsb - ok 22:06:34.0258 3288 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 22:06:34.0274 3288 HpCISSs - ok 22:06:34.0367 3288 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 22:06:34.0476 3288 HTTP - ok 22:06:34.0554 3288 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 22:06:34.0570 3288 i2omp - ok 22:06:34.0632 3288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 22:06:34.0679 3288 i8042prt - ok 22:06:34.0804 3288 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys 22:06:34.0851 3288 iaStor - ok 22:06:34.0898 3288 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 22:06:34.0929 3288 iaStorV - ok 22:06:35.0381 3288 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys 22:06:37.0050 3288 igfx - ok 22:06:37.0191 3288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 22:06:37.0206 3288 iirsp - ok 22:06:37.0378 3288 IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys 22:06:37.0690 3288 IntcAzAudAddService - ok 22:06:37.0799 3288 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys 22:06:37.0830 3288 IntcHdmiAddService - ok 22:06:37.0924 3288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 22:06:37.0924 3288 intelide - ok 22:06:37.0986 3288 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 22:06:38.0033 3288 intelppm - ok 22:06:38.0142 3288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:06:38.0298 3288 IpFilterDriver - ok 22:06:38.0345 3288 IpInIp - ok 22:06:38.0392 3288 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 22:06:38.0454 3288 IPMIDRV - ok 22:06:38.0517 3288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 22:06:38.0564 3288 IPNAT - ok 22:06:38.0626 3288 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 22:06:38.0688 3288 irda - ok 22:06:38.0735 3288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 22:06:38.0798 3288 IRENUM - ok 22:06:38.0844 3288 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 22:06:38.0860 3288 isapnp - ok 22:06:38.0938 3288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 22:06:38.0954 3288 iScsiPrt - ok 22:06:38.0985 3288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 22:06:39.0000 3288 iteatapi - ok 22:06:39.0032 3288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 22:06:39.0047 3288 iteraid - ok 22:06:39.0078 3288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:06:39.0094 3288 kbdclass - ok 22:06:39.0172 3288 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 22:06:39.0250 3288 kbdhid - ok 22:06:39.0344 3288 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 22:06:39.0422 3288 KSecDD - ok 22:06:39.0546 3288 L1C (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys 22:06:39.0640 3288 L1C - ok 22:06:39.0734 3288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 22:06:39.0827 3288 lltdio - ok 22:06:39.0936 3288 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 22:06:39.0952 3288 LSI_FC - ok 22:06:39.0983 3288 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 22:06:39.0999 3288 LSI_SAS - ok 22:06:40.0046 3288 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 22:06:40.0061 3288 LSI_SCSI - ok 22:06:40.0092 3288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 22:06:40.0139 3288 luafv - ok 22:06:40.0233 3288 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 22:06:40.0248 3288 MBAMProtector - ok 22:06:40.0326 3288 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 22:06:40.0326 3288 megasas - ok 22:06:40.0389 3288 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 22:06:40.0436 3288 MegaSR - ok 22:06:40.0498 3288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 22:06:40.0545 3288 Modem - ok 22:06:40.0670 3288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 22:06:40.0732 3288 monitor - ok 22:06:40.0763 3288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 22:06:40.0779 3288 mouclass - ok 22:06:40.0810 3288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 22:06:40.0841 3288 mouhid - ok 22:06:40.0888 3288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 22:06:40.0904 3288 MountMgr - ok 22:06:40.0966 3288 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 22:06:40.0982 3288 mpio - ok 22:06:41.0028 3288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 22:06:41.0075 3288 mpsdrv - ok 22:06:41.0122 3288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 22:06:41.0138 3288 Mraid35x - ok 22:06:41.0184 3288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 22:06:41.0278 3288 MRxDAV - ok 22:06:41.0372 3288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:06:41.0465 3288 mrxsmb - ok 22:06:41.0543 3288 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:06:41.0621 3288 mrxsmb10 - ok 22:06:41.0684 3288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:06:41.0777 3288 mrxsmb20 - ok 22:06:41.0808 3288 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 22:06:41.0840 3288 msahci - ok 22:06:41.0886 3288 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 22:06:41.0902 3288 msdsm - ok 22:06:41.0980 3288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 22:06:42.0042 3288 Msfs - ok 22:06:42.0089 3288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 22:06:42.0105 3288 msisadrv - ok 22:06:42.0152 3288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 22:06:42.0198 3288 MSKSSRV - ok 22:06:42.0245 3288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 22:06:42.0276 3288 MSPCLOCK - ok 22:06:42.0323 3288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 22:06:42.0386 3288 MSPQM - ok 22:06:42.0448 3288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 22:06:42.0464 3288 MsRPC - ok 22:06:42.0510 3288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 22:06:42.0526 3288 mssmbios - ok 22:06:42.0620 3288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 22:06:42.0682 3288 MSTEE - ok 22:06:42.0776 3288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 22:06:42.0807 3288 Mup - ok 22:06:42.0854 3288 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 22:06:42.0885 3288 mwlPSDFilter - ok 22:06:42.0932 3288 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 22:06:42.0947 3288 mwlPSDNServ - ok 22:06:42.0978 3288 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 22:06:42.0994 3288 mwlPSDVDisk - ok 22:06:43.0088 3288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 22:06:43.0134 3288 NativeWifiP - ok 22:06:43.0212 3288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 22:06:43.0275 3288 NDIS - ok 22:06:43.0353 3288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 22:06:43.0446 3288 NdisTapi - ok 22:06:43.0493 3288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 22:06:43.0571 3288 Ndisuio - ok 22:06:43.0696 3288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:06:43.0774 3288 NdisWan - ok 22:06:43.0821 3288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 22:06:43.0852 3288 NDProxy - ok 22:06:43.0899 3288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 22:06:43.0961 3288 NetBIOS - ok 22:06:44.0008 3288 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 22:06:44.0070 3288 netbt - ok 22:06:44.0258 3288 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 22:06:44.0523 3288 NETw5v32 - ok 22:06:44.0585 3288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 22:06:44.0601 3288 nfrd960 - ok 22:06:44.0726 3288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 22:06:44.0788 3288 Npfs - ok 22:06:44.0850 3288 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 22:06:44.0928 3288 NSCIRDA - ok 22:06:45.0006 3288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 22:06:45.0100 3288 nsiproxy - ok 22:06:45.0209 3288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 22:06:45.0303 3288 Ntfs - ok 22:06:45.0381 3288 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys 22:06:45.0396 3288 NTIDrvr - ok 22:06:45.0443 3288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 22:06:45.0537 3288 ntrigdigi - ok 22:06:45.0584 3288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 22:06:45.0646 3288 Null - ok 22:06:45.0693 3288 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 22:06:45.0708 3288 nvraid - ok 22:06:45.0771 3288 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 22:06:45.0786 3288 nvstor - ok 22:06:45.0864 3288 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 22:06:45.0880 3288 nv_agp - ok 22:06:45.0896 3288 NwlnkFlt - ok 22:06:45.0911 3288 NwlnkFwd - ok 22:06:45.0958 3288 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 22:06:46.0020 3288 ohci1394 - ok 22:06:46.0098 3288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 22:06:46.0208 3288 Parport - ok 22:06:46.0254 3288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 22:06:46.0270 3288 partmgr - ok 22:06:46.0301 3288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 22:06:46.0410 3288 Parvdm - ok 22:06:46.0473 3288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 22:06:46.0488 3288 pci - ok 22:06:46.0520 3288 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 22:06:46.0535 3288 pciide - ok 22:06:46.0598 3288 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 22:06:46.0613 3288 pcmcia - ok 22:06:46.0785 3288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 22:06:47.0050 3288 PEAUTH - ok 22:06:47.0237 3288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 22:06:47.0300 3288 PptpMiniport - ok 22:06:47.0315 3288 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 22:06:47.0378 3288 Processor - ok 22:06:47.0487 3288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 22:06:47.0549 3288 PSched - ok 22:06:47.0612 3288 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 22:06:47.0721 3288 ql2300 - ok 22:06:47.0799 3288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 22:06:47.0814 3288 ql40xx - ok 22:06:47.0861 3288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 22:06:47.0924 3288 QWAVEdrv - ok 22:06:47.0939 3288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 22:06:47.0986 3288 RasAcd - ok 22:06:48.0033 3288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:06:48.0095 3288 Rasl2tp - ok 22:06:48.0173 3288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 22:06:48.0220 3288 RasPppoe - ok 22:06:48.0298 3288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 22:06:48.0314 3288 RasSstp - ok 22:06:48.0454 3288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 22:06:48.0532 3288 rdbss - ok 22:06:48.0579 3288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:06:48.0688 3288 RDPCDD - ok 22:06:48.0797 3288 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 22:06:48.0844 3288 rdpdr - ok 22:06:48.0875 3288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 22:06:48.0938 3288 RDPENCDD - ok 22:06:49.0000 3288 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 22:06:49.0047 3288 RDPWD - ok 22:06:49.0187 3288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 22:06:49.0234 3288 rspndr - ok 22:06:49.0296 3288 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS 22:06:49.0390 3288 RTSTOR - ok 22:06:49.0484 3288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 22:06:49.0499 3288 sbp2port - ok 22:06:49.0562 3288 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 22:06:49.0671 3288 sdbus - ok 22:06:49.0749 3288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:06:49.0827 3288 secdrv - ok 22:06:49.0874 3288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 22:06:49.0952 3288 Serenum - ok 22:06:49.0983 3288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 22:06:50.0076 3288 Serial - ok 22:06:50.0123 3288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 22:06:50.0170 3288 sermouse - ok 22:06:50.0232 3288 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 22:06:50.0279 3288 sffdisk - ok 22:06:50.0326 3288 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 22:06:50.0373 3288 sffp_mmc - ok 22:06:50.0404 3288 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 22:06:50.0466 3288 sffp_sd - ok 22:06:50.0513 3288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 22:06:50.0576 3288 sfloppy - ok 22:06:50.0638 3288 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 22:06:50.0654 3288 sisagp - ok 22:06:50.0716 3288 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 22:06:50.0732 3288 SiSRaid2 - ok 22:06:50.0778 3288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 22:06:50.0794 3288 SiSRaid4 - ok 22:06:50.0888 3288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 22:06:50.0919 3288 Smb - ok 22:06:50.0966 3288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 22:06:50.0981 3288 spldr - ok 22:06:51.0044 3288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 22:06:51.0106 3288 srv - ok 22:06:51.0137 3288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 22:06:51.0184 3288 srv2 - ok 22:06:51.0262 3288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 22:06:51.0293 3288 srvnet - ok 22:06:51.0356 3288 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 22:06:51.0371 3288 ssmdrv - ok 22:06:51.0434 3288 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 22:06:51.0449 3288 StarOpen ( UnsignedFile.Multi.Generic ) - warning 22:06:51.0449 3288 StarOpen - detected UnsignedFile.Multi.Generic (1) 22:06:51.0496 3288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 22:06:51.0527 3288 swenum - ok 22:06:51.0605 3288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 22:06:51.0621 3288 Symc8xx - ok 22:06:51.0699 3288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 22:06:51.0714 3288 Sym_hi - ok 22:06:51.0761 3288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 22:06:51.0777 3288 Sym_u3 - ok 22:06:51.0824 3288 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys 22:06:51.0839 3288 SynTP - ok 22:06:51.0995 3288 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 22:06:52.0073 3288 Tcpip - ok 22:06:52.0136 3288 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 22:06:52.0214 3288 Tcpip6 - ok 22:06:52.0260 3288 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 22:06:52.0323 3288 tcpipreg - ok 22:06:52.0370 3288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 22:06:52.0463 3288 TDPIPE - ok 22:06:52.0510 3288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 22:06:52.0557 3288 TDTCP - ok 22:06:52.0604 3288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 22:06:52.0635 3288 tdx - ok 22:06:52.0713 3288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 22:06:52.0728 3288 TermDD - ok 22:06:52.0822 3288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:06:52.0869 3288 tssecsrv - ok 22:06:52.0916 3288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 22:06:52.0962 3288 tunmp - ok 22:06:53.0056 3288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 22:06:53.0087 3288 tunnel - ok 22:06:53.0134 3288 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 22:06:53.0150 3288 uagp35 - ok 22:06:53.0196 3288 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 22:06:53.0212 3288 UBHelper - ok 22:06:53.0274 3288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 22:06:53.0337 3288 udfs - ok 22:06:53.0399 3288 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 22:06:53.0415 3288 uliagpkx - ok 22:06:53.0446 3288 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 22:06:53.0477 3288 uliahci - ok 22:06:53.0508 3288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 22:06:53.0524 3288 UlSata - ok 22:06:53.0586 3288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 22:06:53.0602 3288 ulsata2 - ok 22:06:53.0680 3288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 22:06:53.0774 3288 umbus - ok 22:06:53.0867 3288 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 22:06:53.0945 3288 USBAAPL - ok 22:06:54.0039 3288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 22:06:54.0117 3288 usbccgp - ok 22:06:54.0210 3288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 22:06:54.0320 3288 usbcir - ok 22:06:54.0366 3288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 22:06:54.0398 3288 usbehci - ok 22:06:54.0491 3288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 22:06:54.0538 3288 usbhub - ok 22:06:54.0585 3288 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 22:06:54.0678 3288 usbohci - ok 22:06:54.0741 3288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 22:06:54.0819 3288 usbprint - ok 22:06:54.0881 3288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 22:06:54.0928 3288 usbscan - ok 22:06:54.0990 3288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:06:55.0037 3288 USBSTOR - ok 22:06:55.0178 3288 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 22:06:55.0209 3288 usbuhci - ok 22:06:55.0271 3288 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 22:06:55.0318 3288 usbvideo - ok 22:06:55.0365 3288 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 22:06:55.0427 3288 vga - ok 22:06:55.0474 3288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 22:06:55.0536 3288 VgaSave - ok 22:06:55.0583 3288 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 22:06:55.0599 3288 viaagp - ok 22:06:55.0630 3288 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 22:06:55.0692 3288 ViaC7 - ok 22:06:55.0724 3288 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 22:06:55.0739 3288 viaide - ok 22:06:55.0786 3288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 22:06:55.0802 3288 volmgr - ok 22:06:55.0880 3288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 22:06:55.0895 3288 volmgrx - ok 22:06:55.0942 3288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 22:06:55.0973 3288 volsnap - ok 22:06:56.0020 3288 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 22:06:56.0036 3288 vsmraid - ok 22:06:56.0129 3288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 22:06:56.0207 3288 WacomPen - ok 22:06:56.0254 3288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:06:56.0332 3288 Wanarp - ok 22:06:56.0379 3288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:06:56.0410 3288 Wanarpv6 - ok 22:06:56.0488 3288 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 22:06:56.0504 3288 Wd - ok 22:06:56.0550 3288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 22:06:56.0597 3288 Wdf01000 - ok 22:06:56.0722 3288 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 22:06:56.0769 3288 WmiAcpi - ok 22:06:56.0862 3288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 22:06:56.0909 3288 WpdUsb - ok 22:06:56.0956 3288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 22:06:56.0987 3288 ws2ifsl - ok 22:06:57.0081 3288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:06:57.0128 3288 WUDFRd - ok 22:06:57.0206 3288 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0 22:06:57.0580 3288 \Device\Harddisk0\DR0 - ok 22:06:57.0611 3288 Boot (0x1200) (64f45d84ca6c654c67545fd1ef4d0996) \Device\Harddisk0\DR0\Partition0 22:06:57.0627 3288 \Device\Harddisk0\DR0\Partition0 - ok 22:06:57.0642 3288 ============================================================ 22:06:57.0642 3288 Scan finished 22:06:57.0642 3288 ============================================================ 22:06:57.0674 2568 Detected object count: 1 22:06:57.0674 2568 Actual detected object count: 1 22:07:08.0406 2568 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 22:07:08.0406 2568 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
22.02.2012, 11:33 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.02.2012, 12:14 | #13 |
| einschätzung malware-log da isse Code:
ATTFilter ComboFix 12-02-22.01 - xx 22.02.2012 11:49:57.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3001.1856 [GMT 1:00] ausgeführt von:: c:\users\xx\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\xx\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif c:\users\xx\Documents\~WRL0004.tmp c:\users\xx\Documents\~WRL1896.tmp c:\users\xx\Documents\~WRL2952.tmp c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-01-22 bis 2012-02-22 )))))))))))))))))))))))))))))) . . 2012-02-22 11:02 . 2012-02-22 11:02 -------- d-----w- c:\users\xx\AppData\Local\temp 2012-02-22 11:02 . 2012-02-22 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-22 11:02 . 2012-02-22 11:02 -------- d-----w- c:\users\xy\AppData\Local\temp 2012-02-21 20:32 . 2012-02-21 20:32 -------- d-----w- C:\_OTL 2012-02-21 13:09 . 2012-02-21 13:09 -------- d-----w- c:\program files\ESET 2012-02-20 16:16 . 2012-02-20 16:16 -------- d-----w- c:\users\Public\Roaming 2012-02-20 16:16 . 2012-02-20 16:16 -------- d-----w- c:\users\xx\Roaming 2012-02-20 16:16 . 2012-02-20 16:16 -------- d-----w- c:\users\xx\AppData\Roaming\Intel 2012-02-20 16:16 . 2012-02-20 16:16 -------- d-----w- c:\users\Default\Roaming 2012-02-20 16:16 . 2012-02-20 16:16 -------- d-----w- c:\users\xy\Roaming 2012-02-20 16:14 . 2012-02-20 16:14 -------- d-----w- c:\program files\Cisco 2012-02-20 16:14 . 2012-02-20 16:14 -------- d-----w- c:\program files\Common Files\Intel 2012-02-20 16:14 . 2012-02-20 16:14 -------- d-----w- c:\programdata\Intel 2012-02-20 14:25 . 2012-02-20 14:25 -------- d-----w- c:\users\xx\AppData\Roaming\Malwarebytes 2012-02-20 14:24 . 2012-02-20 14:24 -------- d-----w- c:\programdata\Malwarebytes 2012-02-20 14:24 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 14:24 . 2012-02-20 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-15 18:36 . 2012-02-20 16:04 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-02-15 18:36 . 2012-02-15 18:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-02-15 18:36 . 2012-02-15 18:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-02-15 18:36 . 2012-02-15 18:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-02-20 16:04 . 2011-09-09 13:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-01 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-13 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^xx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate] 2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-09-04 23:42 136176 ----atw- c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2009-04-09 00:56 1071624 ----a-w- c:\program files\Launch Manager\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon] 2008-10-27 10:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2011-04-28 07:59 220552 ----a-w- c:\program files\PDF24\pdf24.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2009-04-11 04:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 16:50] . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 16:50] . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000Core.job - c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 23:42] . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000UA.job - c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 23:42] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = mStart Page = mLocal Page = uInternet Settings,ProxyOverride = *.local IE: Free YouTube to MP3 Converter - c:\users\xx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.de FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-F A T - c:\windows\unin0407.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-02-22 12:02 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-02-22 12:07:05 ComboFix-quarantined-files.txt 2012-02-22 11:07 . Vor Suchlauf: 13 Verzeichnis(se), 102.980.698.112 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 102.922.088.448 Bytes frei . - - End Of File - - 34D3CCD10C55FA7D1D419FBAE5C7D474 |
22.02.2012, 14:55 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | einschätzung malware-log Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
22.02.2012, 16:49 | #15 |
| einschätzung malware-log hier die GMER log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-22 16:46:57 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: kotlyulg.exe; Driver: C:\Users\xx\AppData\Local\Temp\uglirfog.sys ---- System - GMER 1.0.15 ---- SSDT 810244A4 ZwCreateThread SSDT 81024490 ZwOpenProcess SSDT 81024495 ZwOpenThread SSDT 8102449F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 822F69A4 4 Bytes [A4, 44, 02, 81] .text ntkrnlpa.exe!KeSetEvent + 3F1 822F6B74 4 Bytes [90, 44, 02, 81] .text ntkrnlpa.exe!KeSetEvent + 40D 822F6B90 4 Bytes [95, 44, 02, 81] .text ntkrnlpa.exe!KeSetEvent + 621 822F6DA4 4 Bytes [9F, 44, 02, 81] ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\xx\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\explorer.exe[2536] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7671B37C 4 Bytes [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[644] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [019B1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74967817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [749BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7496BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7495F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [749675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7495E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74998395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7496DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7495FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7495FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [749571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [749ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7498C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7495D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74956853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7495687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74962AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
Themen zu einschätzung malware-log |
administrator, appdata, autostart, dateien, dateisystem, explorer, files, folge, folgende, gelöscht, heuristiks/extra, heuristiks/shuriken, leute, log, löschen, malware, microsoft, pup.dealio.tb, quarantäne, rechner, roaming, service, service pack 2, services, software, speicher, trojan.zbotr.gen, updater.exe, version, vista |