|
Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizeivirus paysafecard (auf Windows XP)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.03.2012, 23:48 | #1 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Guten Abend! Wie zahlreiche Leute vor mir hat auch mich soeben der 100€ Ukash Virus erwischt. Und wie auch der Kollegen von vor einigen Minuten bin auch ich auf iLoad geraten und-zack! hier bin ich nun Ich hoffe sehr, hier finden sich an paar erfahrene Ukash-Killer, die mir weiterhelfen können Danke schonmal im Voraus und hier Extras&OTL.Txt als Codes und Anhang - weiß nicht, wie ihr das lieber habt. Liebe Grüße, Regression Extras.Txt: Code:
ATTFilter OTL Extras logfile created on: 14.03.2012 23:23:03 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free 2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "D:\Programme\FinePixViewer.exe" "%1" (FUJIFILM Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup "C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth "C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "D:\Programme\jAlbum\jAlbum.exe" = D:\Programme\jAlbum\jAlbum.exe:*:Enabled:jAlbum "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) "F:\Network\EpsonNetSetup\ENEasyApp.exe" = F:\Network\EpsonNetSetup\ENEasyApp.exe:*:Enabled:EpsonNet Setup "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24 "{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy "{3A4FB885-E21E-48E9-9AFF-FF37D1ECB45F}" = Multimedia office keyboard "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5B0E58BD-1F06-4A17-80FB-7C93C5FD039B}" = Lyrics Plugin for iTunes "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6091F327-2B13-4193-A6F1-4B2271613A74}_is1" = Feed Notifier 2.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression "{6E6F96BF-82BD-4EA7-96C9-CEF827A3B161}" = Collage Maker "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.7 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 10.0.650.0 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "5513-1208-7298-9440" = JDownloader 0.9 "ABC Amber Audio Converter" = ABC Amber Audio Converter "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "C-Media Audio" = C-Media 3D Audio "conduitEngine" = Conduit Engine "Corel Applications" = Corel(R) Applications "de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl "DesktopIconAmazon" = Desktop Icon für Amazon "DivX Setup.divx.com" = DivX-Setup "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus Office BX310FN_TX510FN Benutzerhandbuch" = Epson Stylus Office BX310FN_TX510FN Handbuch "EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall "ewidoantispyware4" = ewido anti-spyware 4.0 "facemoods" = Facemoods Toolbar "foobar2000" = foobar2000 v1.0.3 "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3 "Free Studio_is1" = Free Studio version 5.1.4 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "GSview 4.9" = GSview 4.9 "ie8" = Windows Internet Explorer 8 "Indeo® Software" = Indeo® Software "InstallShield_{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302 "IrfanView" = IrfanView (remove only) "iScrobbler" = iScrobbler "LastFM_is1" = Last.fm 1.5.4.27091 "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "MP3 Remix for Winamp" = MP3 Remix for Winamp "MP3 WAV Converter 2.65" = MP3 WAV Converter 2.65 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Neopets" = Neopets "NVIDIA Display Driver" = NVIDIA Display Driver "Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a "PosteRazor_is1" = PosteRazor "Q10" = Q10 Editor "Screenshot Utility_is1" = Screenshot Utility version 1.0 "Simfy" = simfy "Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.5 "ST6UNST #1" = iPodLibrary v1.2b "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "TagScanner_is1" = TagScanner 5.1.597 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VisiPics_is1" = VisiPics V1.30 "VLC media player" = VLC media player 1.1.8 "Wallpaper Changer_is1" = Wallpaper Changer (Remove only) "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.02.2012 05:22:37 | Computer Name = DACHGESCHOSS | Source = .NET Runtime | ID = 1026 Description = Application: SciLors GrooveDownloader.vshost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException Stack: at Microsoft.VisualStudio.HostingProcess.EntryPoint.Main() Error - 22.02.2012 12:58:57 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 22.02.2012 13:02:33 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 26.02.2012 16:55:46 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.1.33, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 28.02.2012 06:22:23 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714. Error - 01.03.2012 04:14:29 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.5.3.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 01.03.2012 12:09:24 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung gimp-2.6.exe, Version 0.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.03.2012 04:32:04 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.1.3133, fehlgeschlagenes Modul dsp_pacemaker.dll, Version 1.3.2.0, Fehleradresse 0x00006f53. Error - 08.03.2012 15:44:06 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714. Error - 10.03.2012 04:07:35 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iTunes.exe, Version 10.6.0.40, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Update Service (gupdate). Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Machine Debug Manager. Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google Update Service (gupdate). Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.03.2012 18:02:17 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ewido anti-spyware 4.0 driver Fips intelppm Error - 14.03.2012 18:02:34 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 14.03.2012 18:19:13 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 14.03.2012 18:20:20 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report > Code:
ATTFilter OTL logfile created on: 14.03.2012 23:23:03 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free 2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe PRC - [2011.06.15 20:56:45 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.06.15 20:56:53 | 000,271,856 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.01.13 02:00:00 | 000,156,160 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2011.01.13 02:00:00 | 000,125,440 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2006.06.16 15:38:44 | 000,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010.06.09 20:56:48 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006.06.16 15:38:54 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver) DRV - [2004.08.03 23:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2010\bdaphffext\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.08 20:44:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.08 20:44:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M] [2012.02.12 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.14 09:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.26 11:52:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.13 10:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2010.03.16 10:55:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.16 10:55:22 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.07 16:54:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml [2010.03.16 10:55:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.16 10:55:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.16 10:55:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wallpaper] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ExifLauncher2.lnk = D:\Programme\QuickDCF2.exe (FUJIFILM Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Mozilla Thunderbird (2).lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Multimedia office keyboard.lnk = C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271189193484 (WUWebControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D613512D-69CA-4093-BFAD-DEB17341F5EE}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.03 19:58:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - StartUpReg: Firefox - hkey= - key= - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 23:20:22 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe [2012.03.14 23:19:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Eigene Dateien [2012.03.14 23:12:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Adobe [2012.03.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Chromium [2012.03.14 23:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\IETldCache [2012.03.14 23:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Microsoft [2012.03.14 23:02:11 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Microsoft [2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\SendTo [2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten [2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Zubehör [2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü [2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Autostart [2012.03.14 23:02:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Cookies [2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Vorlagen [2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Recent [2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Netzwerkumgebung [2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen [2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Druckumgebung [2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Macromedia [2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Favoriten [2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop [2012.03.08 21:18:19 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.03.08 20:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe [2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012.03.14 23:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job [2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Datenträgerbereinigung.job [2012.03.09 12:30:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.08 21:19:05 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.03.08 20:21:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.14 23:02:12 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Remoteunterstützung.lnk [2012.03.08 21:19:05 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.09.15 21:44:01 | 000,470,309 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1957994488-1417001333-839522115-1003-0.dat [2011.09.04 23:14:21 | 000,378,634 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.04.07 14:55:32 | 020,586,196 | ---- | C] () -- C:\Programme\vlc-1.1.8-win32.exe [2011.03.04 11:55:17 | 000,103,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.03.02 16:18:21 | 000,000,197 | ---- | C] () -- C:\WINDOWS\Assimil_d_fi.INI [2011.03.02 16:18:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010.12.28 16:06:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2TXT.DAT [2010.10.13 22:34:55 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.09.26 16:28:12 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2010.09.26 16:28:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2010.08.10 22:55:12 | 000,240,768 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.29 16:47:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.06.27 13:06:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2010.06.14 17:51:24 | 000,001,528 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.18 21:08:33 | 001,133,418 | ---- | C] () -- C:\Programme\abcaudio_setup.exe [2010.04.22 22:25:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.04.22 07:45:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.04.21 19:20:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010.04.21 19:20:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010.04.21 19:20:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.04.21 19:20:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.04.21 19:20:25 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.04.21 19:20:25 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.04.21 19:20:25 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.04.21 19:20:25 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.04.21 19:20:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.04.21 19:20:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.04.21 19:20:23 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010.04.21 19:20:23 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010.04.21 19:20:23 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010.04.21 19:20:23 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010.04.21 19:20:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010.04.21 19:20:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010.04.21 19:20:22 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat [2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat [2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat ========== LOP Check ========== [2010.04.13 20:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2010.06.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2012.01.04 20:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2010.12.26 00:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2010.10.06 17:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.09.25 22:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix [2010.07.05 21:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PferdeHof [2010.03.11 11:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\The Journal [2010.04.21 20:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2011.03.21 14:20:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.11.28 20:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.11 20:53:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.12.26 14:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Datenträgerbereinigung.job [2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.08 21:19:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.03.14 23:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.06.12 11:15:22 | 000,000,000 | ---D | M] -- C:\Eigene Dateien [2010.03.05 17:14:41 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.08.31 09:28:27 | 000,000,000 | ---D | M] -- C:\My Music [2011.03.10 20:46:33 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.03.08 21:18:19 | 000,000,000 | ---D | M] -- C:\Programme [2010.06.12 12:46:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.05.15 07:14:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.11 08:14:56 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2004.07.31 15:17:04 | 001,133,418 | ---- | M] () -- C:\Programme\abcaudio_setup.exe [2011.04.07 14:56:03 | 020,586,196 | ---- | M] () -- C:\Programme\vlc-1.1.8-win32.exe [2008.08.09 18:08:22 | 000,177,152 | ---- | M] () -- C:\Programme\WaveGain.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.03.29 06:45:36 | 000,073,600 | R--- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys < MD5 for: WINLOGON.EXE > [2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.03.03 20:43:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.03.03 20:43:31 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.03.03 20:43:31 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.03.14 23:19:21 | 000,786,432 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT [2012.03.14 23:20:22 | 000,397,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT.LOG [2012.03.14 23:02:13 | 000,000,020 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.12.31 15:03:39 | 001,855,104 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
15.03.2012, 08:50 | #2 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi,
__________________ist das OTL-Log vom verseuchten Konto? Fix für OTL:
Code:
ATTFilter :OTL O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. :Commands [emptytemp] [Reboot]
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
15.03.2012, 09:49 | #3 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Erstmal Vielen Dank für deine schnelle und kompetente Hilfe
__________________Ja, den OTL-Log habe ich über den abgesicherten Modus (den mit dem Netzwerk) von dem betroffenem Konto (das gleichzeitig Adminstrator ist) gemacht. Sonst gibt es nur noch ein weiteres Konto, was ich vor Jahren mal erstellt habe und seitdem nie wieder genutzt hab. Ich habe also deine erste Anweisung ausgeführt: Nachdem ich auf Run Fixes geklickt habe und es eine Zeit dauerte, hab ich mich vom PC entfernt. Als ich dann zurück kam sah ich die Meldung, dass OTL einen Neustart bräuchte, dem ich dann zugestimmt habe. Der Computer ist dann im Normalmodus ordentlich hochgefahren und nachdem ich meine Genehmigung für OTL mit 'Ausführen' gegeben habe, öffnete sich folgende txt Datei betitelt mit "03152012_0856212 . Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\ deleted successfully. C:\Programme\Internet Explorer\iexplore.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully. File C:\Programme\Internet Explorer\iexplore.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\ deleted successfully. File C:\Programme\Internet Explorer\iexplore.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe\ deleted successfully. File C:\Programme\Internet Explorer\iexplore.exe not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 413019 bytes User: Administrator.DACHGESCHOSS ->Temporary Internet Files folder emptied: 32768 bytes User: Administrator.DACHGESCHOSS.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 276283 bytes User: Administrator.DACHGESCHOSS.001 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57912 bytes User: All Users User: Bianca ->Temp folder emptied: 3215058772 bytes ->Temporary Internet Files folder emptied: 1542288127 bytes ->Java cache emptied: 53642820 bytes ->FireFox cache emptied: 315258845 bytes ->Flash cache emptied: 292974 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Gast User: Hilfeassistent User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 154200457 bytes User: SUPPORT_388945a0 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1335785 bytes %systemroot%\System32 .tmp files removed: 5558695 bytes %systemroot%\System32\dllcache .tmp files removed: 1180672 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53139073 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.095,00 mb OTL by OldTimer - Version 3.2.37.0 log created on 03152012_085621 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Ist das nun das gleiche wie das Ergebnisfenster, von dem du gesprochen hast? Wenn nicht, müsstest du mir vielleicht erklären, wie ich jetzt noch da rankommen kann, da sich bei mir sonst nichts geöffnet hat :/ Und Malwarebytes ist gerade fleißig am arbeiten - sobald er fertig ist, werde ich die Ergebnisse hier nachtragen. lg |
15.03.2012, 10:16 | #4 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, ist das richtige log... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.03.2012, 16:46 | #5 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hier wie versprochen der Log: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bianca :: DACHGESCHOSS [administrator] Protection: Enabled 15.03.2012 09:34:19 mbam-log-2012-03-15 (16-37-02).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 375867 Time elapsed: 2 hour(s), 7 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken. HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.RansomP.Gen) -> Data: C:\DOKUME~1\Bianca\LOKALE~1\Temp\mor.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\Dokumente und Einstellungen\file.exe (Heuristics.Shuriken) -> No action taken. C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken. C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken. C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\lyricsfetcher.exe (PUP.BundleOffer.Downloader.S) -> No action taken. C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken. G:\Sicherung\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken. G:\Sicherung\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken. G:\Sicherung\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken. G:\Sicherung 15.5.2011\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken. G:\Sicherung 15.5.2011\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken. (end) |
15.03.2012, 20:32 | #6 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, ooch, da waren noch ein paar andere dabei... Alles gefundene von MAM löschen lassen! Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
chris
__________________ --> Ukash Bundespolizeivirus paysafecard (auf Windows XP) |
15.03.2012, 21:25 | #7 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Gmer: Zunächst habe ich versucht im Normalmodus zu scannen. Hat nicht geklappt, ich habe sofort blauen Bildschirm gehabt, der mir sagte, dass er zum Schutz des Pcs runterfährt oder sowas. Beim 2. Versuch das gleiche. Dann hab ich es im abgesichterten Modus versucht. Hier schien der Scan auch zu starten und in der Liste links erschienen einige Einträge jedoch ging es dann plötzlich nicht mehr weiter. Die gerade gescannte Datei unten veränderte sich nicht mehr und egal wohin ich auf dem Bildschirm klickte, passierte nichts außer einem Windows-Pling-Ton und mir bliebt nichts anderes übrig, als abzuschalten Soll ich vielleicht nochmal scannen und die bis zum Festhängen aufgelisteten Dateien aufschreiben? Weiß ja nicht, ob das was hilft, ansonsten hast du ja vielleicht einen Rat, wie es doch noch klappt. MBR-Check Alles geklappt, hier der Log: Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 121): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7D63000 \WINDOWS\system32\KDCOM.DLL 0xF7C73000 \WINDOWS\system32\BOOTVID.dll 0xF7813000 ACPI.sys 0xF7D65000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7802000 pci.sys 0xF7863000 isapnp.sys 0xF7873000 ohci1394.sys 0xF7883000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF7E2B000 pciide.sys 0xF7AE3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7D67000 viaide.sys 0xF7893000 MountMgr.sys 0xF77E3000 ftdisk.sys 0xF7D69000 dmload.sys 0xF77BD000 dmio.sys 0xF7AEB000 PartMgr.sys 0xF78A3000 VolSnap.sys 0xF77A5000 atapi.sys 0xF7793000 viamraid.sys 0xF777B000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS 0xF78B3000 disk.sys 0xF78C3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF775B000 fltmgr.sys 0xF7749000 sr.sys 0xF78D3000 Lbd.sys 0xF78E3000 PxHelp20.sys 0xF7732000 KSecDD.sys 0xF76A5000 Ntfs.sys 0xF7678000 NDIS.sys 0xF7AF3000 viaagp1.sys 0xF765E000 Mup.sys 0xF6A86000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF5E92000 \SystemRoot\system32\DRIVERS\ati2mtaa.sys 0xF5E7E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF7C2B000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF5E5A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF7C33000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF6A76000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xF6A66000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF6A26000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF5E37000 \SystemRoot\System32\DRIVERS\ks.sys 0xF7C3B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF7C43000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF5E23000 \SystemRoot\System32\DRIVERS\parport.sys 0xF7CFB000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xF6A56000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF7C4B000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF6A46000 \SystemRoot\System32\DRIVERS\serial.sys 0xF7CFF000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF5D5C000 \SystemRoot\system32\drivers\cmuda.sys 0xF5D38000 \SystemRoot\system32\drivers\portcls.sys 0xF6A36000 \SystemRoot\system32\drivers\drmk.sys 0xF6A16000 \SystemRoot\System32\DRIVERS\fetnd5b.sys 0xF7F4D000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF6A06000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF7D03000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF5D21000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7A43000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7A53000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7C53000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF5D10000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7A63000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF7C5B000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7C63000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF5CE0000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xF7A73000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7C6B000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF7DA9000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF5C17000 \SystemRoot\System32\DRIVERS\update.sys 0xF6420000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF7A93000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF5F12000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF7DAF000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF7BD3000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF7DED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7F3D000 \SystemRoot\System32\Drivers\Null.SYS 0xF7DEF000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7C13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7C0B000 \SystemRoot\System32\drivers\vga.sys 0xF7DF1000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7DF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7BAB000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7BB3000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7616000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xF04A0000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xF0447000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xF041F000 \SystemRoot\System32\DRIVERS\netbt.sys 0xF03FD000 \SystemRoot\System32\drivers\afd.sys 0xF79F3000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF03D2000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xF033A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF247F000 \SystemRoot\System32\Drivers\Fips.SYS 0xF0314000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF246F000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF245F000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xF7F6E000 \??\C:\Programme\ewido anti-spyware 4.0\guard.sys 0xF7D17000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF243F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF15FA000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xB3493000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB3765000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0xB25BA000 \SystemRoot\System32\Drivers\dump_viamraid.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xB363E000 \SystemRoot\System32\drivers\Dxapi.sys 0xB3585000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7E37000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvaa.dll 0xBF06F000 \SystemRoot\System32\ATMFD.DLL 0xF7626000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xEE264000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB2555000 \SystemRoot\system32\drivers\wdmaud.sys 0xED8E0000 \SystemRoot\system32\drivers\sysaudio.sys 0xB22F8000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF7D9F000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB2160000 \SystemRoot\System32\DRIVERS\srv.sys 0xB1C47000 \SystemRoot\System32\Drivers\HTTP.sys 0xB1E70000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 55): 0 System Idle Process 4 System 664 C:\WINDOWS\system32\smss.exe 724 csrss.exe 748 C:\WINDOWS\system32\winlogon.exe 792 C:\WINDOWS\system32\services.exe 804 C:\WINDOWS\system32\lsass.exe 960 C:\WINDOWS\system32\svchost.exe 1080 svchost.exe 1176 C:\WINDOWS\system32\svchost.exe 1236 svchost.exe 1364 svchost.exe 1576 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 1648 C:\WINDOWS\explorer.exe 1728 C:\WINDOWS\system32\spoolsv.exe 1968 C:\WINDOWS\system32\rundll32.exe 1980 C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe 1988 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe 1996 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2004 C:\Programme\DivX\DivX Update\DivXUpdate.exe 2012 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe 180 C:\Programme\iTunes\iTunesHelper.exe 196 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe 216 C:\WINDOWS\system32\ctfmon.exe 288 D:\Programme\QuickDCF2.exe 296 C:\Programme\Mozilla Thunderbird\thunderbird.exe 308 C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe 324 D:\Programme\Feed Notifier\notifier.exe 1012 svchost.exe 1132 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1204 C:\Programme\Bonjour\mDNSResponder.exe 1476 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE 1544 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE 1768 C:\Programme\ewido anti-spyware 4.0\guard.exe 1592 C:\Programme\Java\jre6\bin\jqs.exe 652 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 1252 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE 500 C:\WINDOWS\system32\svchost.exe 2296 C:\WINDOWS\system32\wuauclt.exe 2512 C:\Programme\iPod\bin\iPodService.exe 2548 unsecapp.exe 3112 wmiprvse.exe 3156 C:\WINDOWS\system32\wscntfy.exe 3392 alg.exe 3576 D:\Programme\SRWare Iron\iron.exe 2992 C:\WINDOWS\system32\wbem\wmiapsrv.exe 1860 D:\Programme\SRWare Iron\iron.exe 3408 D:\Programme\SRWare Iron\iron.exe 3492 D:\Programme\SRWare Iron\iron.exe 3508 D:\Programme\SRWare Iron\iron.exe 3512 D:\Programme\SRWare Iron\iron.exe 3708 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 3028 D:\Programme\SRWare Iron\iron.exe 2388 D:\Programme\SRWare Iron\iron.exe 4072 C:\Dokumente und Einstellungen\Bianca\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`f94d2200 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002b`f299c600 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3250318AS, Rev: CC38 PhysicalDrive1 Model Number: ST3160021AS, Rev: 3.05 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 149 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
15.03.2012, 21:44 | #8 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, dann schauen wir mal per OSAM bzw. TDSS-Killer nach: OSAM OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein: Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.03.2012, 22:08 | #9 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Na das hat jetzt aber Beides auf Anhieb geklappt! OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:57:47 on 15.03.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: SRWare SRWare Iron 10.0.650.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE "Ad-Aware Update (Weekly).job" - "Lavasoft " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ewido anti-spyware 4.0 driver" (ewido anti-spyware 4.0 driver) - ? - C:\Programme\ewido anti-spyware 4.0\guard.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "NTSIM" (NTSIM) - "VIA Networking Technologies, Inc. " - C:\WINDOWS\System32\ntsim.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} "EzTools Wow2 Memory Map Asyncronous Pluggable Protocol Class" - "EzTools Software" - C:\WINDOWS\system32\WowCtl2.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {57B86673-276A-48B2-BAE7-C6DBB3020EB8} "CShellExecuteHookImpl Object" - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} "facemoods Toolbar" - "facemoods.com" - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {64182481-4F71-486b-A045-B233BD0DA8FC} "CescrtHlpr Object" - "facemoods.com BHO" - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "ExifLauncher2.lnk" - "FUJIFILM Corporation" - D:\Programme\QuickDCF2.exe (Shortcut exists | File exists) "Mozilla Thunderbird (2).lnk" - "Mozilla Messaging" - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Shortcut exists | File exists) "Multimedia office keyboard.lnk" - ? - C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Bianca\Startmenü\Programme\Autostart\desktop.ini "Feed Notifier.lnk" - ? - D:\Programme\Feed Notifier\notifier.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe "facemoods" - "facemoods.com" - "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I "FUFAXSTM" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe" "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\enppmon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "ewido anti-spyware 4.0 guard" (ewido anti-spyware 4.0 guard) - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\guard.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter 22:03:02.0437 2900 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 22:03:02.0609 2900 ============================================================ 22:03:02.0609 2900 Current date / time: 2012/03/15 22:03:02.0609 22:03:02.0609 2900 SystemInfo: 22:03:02.0609 2900 22:03:02.0609 2900 OS Version: 5.1.2600 ServicePack: 3.0 22:03:02.0609 2900 Product type: Workstation 22:03:02.0609 2900 ComputerName: DACHGESCHOSS 22:03:02.0609 2900 UserName: Bianca 22:03:02.0609 2900 Windows directory: C:\WINDOWS 22:03:02.0609 2900 System windows directory: C:\WINDOWS 22:03:02.0609 2900 Processor architecture: Intel x86 22:03:02.0609 2900 Number of processors: 1 22:03:02.0609 2900 Page size: 0x1000 22:03:02.0609 2900 Boot type: Normal boot 22:03:02.0609 2900 ============================================================ 22:03:03.0500 2900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058 22:03:03.0515 2900 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058 22:03:03.0515 2900 \Device\Harddisk0\DR0: 22:03:03.0515 2900 MBR used 22:03:03.0515 2900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFCA613 22:03:03.0531 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFCA691, BlocksNum 0xAFCA613 22:03:03.0546 2900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15F94CE3, BlocksNum 0x722B9DD 22:03:03.0546 2900 \Device\Harddisk1\DR1: 22:03:03.0546 2900 MBR used 22:03:03.0546 2900 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 22:03:03.0656 2900 Initialize success 22:03:03.0656 2900 ============================================================ 22:03:47.0718 3420 ============================================================ 22:03:47.0718 3420 Scan started 22:03:47.0718 3420 Mode: Manual; SigCheck; TDLFS; 22:03:47.0718 3420 ============================================================ 22:03:47.0906 3420 Abiosdsk - ok 22:03:47.0953 3420 abp480n5 - ok 22:03:48.0000 3420 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:03:48.0296 3420 ACPI - ok 22:03:48.0375 3420 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:03:48.0531 3420 ACPIEC - ok 22:03:48.0578 3420 adpu160m - ok 22:03:48.0625 3420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:03:48.0796 3420 aec - ok 22:03:48.0875 3420 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 22:03:48.0906 3420 AFD - ok 22:03:48.0953 3420 Aha154x - ok 22:03:49.0000 3420 aic78u2 - ok 22:03:49.0046 3420 aic78xx - ok 22:03:49.0109 3420 AliIde - ok 22:03:49.0140 3420 amsint - ok 22:03:49.0218 3420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:03:49.0390 3420 Arp1394 - ok 22:03:49.0421 3420 asc - ok 22:03:49.0468 3420 asc3350p - ok 22:03:49.0515 3420 asc3550 - ok 22:03:49.0609 3420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:03:49.0765 3420 AsyncMac - ok 22:03:49.0812 3420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:03:49.0984 3420 atapi - ok 22:03:50.0015 3420 Atdisk - ok 22:03:50.0093 3420 ati2mtaa (effa0596bb3097f5dcb80096d0355b01) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 22:03:50.0281 3420 ati2mtaa - ok 22:03:50.0359 3420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:03:50.0531 3420 Atmarpc - ok 22:03:50.0609 3420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:03:50.0781 3420 audstub - ok 22:03:50.0828 3420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:03:50.0984 3420 Beep - ok 22:03:51.0046 3420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:03:51.0218 3420 cbidf2k - ok 22:03:51.0281 3420 cd20xrnt - ok 22:03:51.0328 3420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:03:51.0515 3420 Cdaudio - ok 22:03:51.0546 3420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:03:51.0765 3420 Cdfs - ok 22:03:51.0843 3420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:03:52.0031 3420 Cdrom - ok 22:03:52.0062 3420 Changer - ok 22:03:52.0125 3420 CmdIde - ok 22:03:52.0218 3420 cmuda (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys 22:03:52.0281 3420 cmuda - ok 22:03:52.0390 3420 Cpqarray - ok 22:03:52.0437 3420 dac2w2k - ok 22:03:52.0468 3420 dac960nt - ok 22:03:52.0546 3420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:03:52.0734 3420 Disk - ok 22:03:52.0828 3420 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 22:03:53.0046 3420 dmboot - ok 22:03:53.0109 3420 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 22:03:53.0296 3420 dmio - ok 22:03:53.0343 3420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:03:53.0515 3420 dmload - ok 22:03:53.0562 3420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:03:53.0765 3420 DMusic - ok 22:03:53.0812 3420 dpti2o - ok 22:03:53.0859 3420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:03:54.0046 3420 drmkaud - ok 22:03:54.0156 3420 ewido anti-spyware 4.0 driver (9b6b54865bd0ec9ed2532dad89554969) C:\Programme\ewido anti-spyware 4.0\guard.sys 22:03:54.0171 3420 ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - warning 22:03:54.0171 3420 ewido anti-spyware 4.0 driver - detected UnsignedFile.Multi.Generic (1) 22:03:54.0265 3420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:03:54.0453 3420 Fastfat - ok 22:03:54.0531 3420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:03:54.0703 3420 Fdc - ok 22:03:54.0750 3420 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 22:03:54.0921 3420 FETNDIS - ok 22:03:55.0000 3420 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys 22:03:55.0031 3420 FETNDISB - ok 22:03:55.0093 3420 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 22:03:55.0265 3420 Fips - ok 22:03:55.0296 3420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:03:55.0484 3420 Flpydisk - ok 22:03:55.0546 3420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:03:55.0718 3420 FltMgr - ok 22:03:55.0765 3420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:03:55.0937 3420 Fs_Rec - ok 22:03:55.0968 3420 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:03:56.0156 3420 Ftdisk - ok 22:03:56.0234 3420 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 22:03:56.0406 3420 gameenum - ok 22:03:56.0437 3420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:03:56.0453 3420 GEARAspiWDM - ok 22:03:56.0468 3420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:03:56.0640 3420 Gpc - ok 22:03:56.0718 3420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:03:56.0875 3420 HidUsb - ok 22:03:56.0906 3420 hpn - ok 22:03:56.0968 3420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:03:56.0984 3420 HTTP - ok 22:03:57.0031 3420 i2omgmt - ok 22:03:57.0062 3420 i2omp - ok 22:03:57.0109 3420 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:03:57.0296 3420 i8042prt - ok 22:03:57.0359 3420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:03:57.0515 3420 Imapi - ok 22:03:57.0546 3420 ini910u - ok 22:03:57.0593 3420 IntelIde - ok 22:03:57.0640 3420 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:03:57.0796 3420 intelppm - ok 22:03:57.0859 3420 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:03:58.0015 3420 ip6fw - ok 22:03:58.0093 3420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:03:58.0265 3420 IpFilterDriver - ok 22:03:58.0312 3420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:03:58.0468 3420 IpInIp - ok 22:03:58.0515 3420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:03:58.0687 3420 IpNat - ok 22:03:58.0765 3420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:03:58.0921 3420 IPSec - ok 22:03:59.0000 3420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:03:59.0093 3420 IRENUM - ok 22:03:59.0156 3420 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:03:59.0328 3420 isapnp - ok 22:03:59.0390 3420 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:03:59.0562 3420 Kbdclass - ok 22:03:59.0593 3420 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:03:59.0750 3420 kbdhid - ok 22:03:59.0796 3420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:03:59.0968 3420 kmixer - ok 22:04:00.0015 3420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:04:00.0046 3420 KSecDD - ok 22:04:00.0156 3420 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 22:04:00.0671 3420 Lbd - ok 22:04:00.0703 3420 lbrtfdc - ok 22:04:00.0796 3420 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 22:04:00.0812 3420 MBAMProtector - ok 22:04:00.0875 3420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:04:01.0046 3420 mnmdd - ok 22:04:01.0093 3420 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 22:04:01.0234 3420 Modem - ok 22:04:01.0265 3420 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:04:01.0421 3420 Mouclass - ok 22:04:01.0484 3420 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:04:01.0625 3420 mouhid - ok 22:04:01.0671 3420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:04:01.0843 3420 MountMgr - ok 22:04:01.0890 3420 mraid35x - ok 22:04:01.0906 3420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:04:02.0062 3420 MRxDAV - ok 22:04:02.0125 3420 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:04:02.0171 3420 MRxSmb - ok 22:04:02.0250 3420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:04:02.0406 3420 Msfs - ok 22:04:02.0437 3420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:04:02.0593 3420 MSKSSRV - ok 22:04:02.0656 3420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:04:02.0796 3420 MSPCLOCK - ok 22:04:02.0828 3420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:04:02.0968 3420 MSPQM - ok 22:04:03.0031 3420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:04:03.0187 3420 mssmbios - ok 22:04:03.0218 3420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 22:04:03.0343 3420 Mup - ok 22:04:03.0390 3420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:04:03.0546 3420 NDIS - ok 22:04:03.0609 3420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:04:03.0765 3420 NdisTapi - ok 22:04:03.0796 3420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:04:03.0968 3420 Ndisuio - ok 22:04:04.0031 3420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:04:04.0187 3420 NdisWan - ok 22:04:04.0234 3420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:04:04.0265 3420 NDProxy - ok 22:04:04.0328 3420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:04:04.0484 3420 NetBIOS - ok 22:04:04.0562 3420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:04:04.0718 3420 NetBT - ok 22:04:04.0828 3420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:04:04.0984 3420 NIC1394 - ok 22:04:05.0031 3420 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 22:04:05.0156 3420 nm - ok 22:04:05.0203 3420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:04:05.0359 3420 Npfs - ok 22:04:05.0437 3420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:04:05.0593 3420 Ntfs - ok 22:04:05.0671 3420 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\System32\ntsim.sys 22:04:05.0703 3420 NTSIM ( UnsignedFile.Multi.Generic ) - warning 22:04:05.0703 3420 NTSIM - detected UnsignedFile.Multi.Generic (1) 22:04:05.0781 3420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:04:05.0921 3420 Null - ok 22:04:06.0000 3420 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:04:06.0218 3420 nv - ok 22:04:06.0296 3420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:04:06.0437 3420 NwlnkFlt - ok 22:04:06.0484 3420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:04:06.0625 3420 NwlnkFwd - ok 22:04:06.0671 3420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:04:06.0812 3420 ohci1394 - ok 22:04:06.0859 3420 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 22:04:07.0000 3420 Parport - ok 22:04:07.0046 3420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:04:07.0187 3420 PartMgr - ok 22:04:07.0250 3420 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 22:04:07.0406 3420 ParVdm - ok 22:04:07.0453 3420 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 22:04:07.0593 3420 PCI - ok 22:04:07.0625 3420 PCIDump - ok 22:04:07.0687 3420 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:04:07.0828 3420 PCIIde - ok 22:04:07.0890 3420 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:04:08.0015 3420 Pcmcia - ok 22:04:08.0062 3420 PDCOMP - ok 22:04:08.0093 3420 PDFRAME - ok 22:04:08.0140 3420 PDRELI - ok 22:04:08.0187 3420 PDRFRAME - ok 22:04:08.0218 3420 perc2 - ok 22:04:08.0250 3420 perc2hib - ok 22:04:08.0375 3420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:04:08.0500 3420 PptpMiniport - ok 22:04:08.0562 3420 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 22:04:08.0703 3420 Processor - ok 22:04:08.0750 3420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:04:08.0875 3420 PSched - ok 22:04:08.0937 3420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:04:09.0078 3420 Ptilink - ok 22:04:09.0125 3420 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:04:09.0125 3420 PxHelp20 - ok 22:04:09.0156 3420 ql1080 - ok 22:04:09.0187 3420 Ql10wnt - ok 22:04:09.0218 3420 ql12160 - ok 22:04:09.0265 3420 ql1240 - ok 22:04:09.0312 3420 ql1280 - ok 22:04:09.0343 3420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:04:09.0500 3420 RasAcd - ok 22:04:09.0546 3420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:04:09.0671 3420 Rasl2tp - ok 22:04:09.0703 3420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:04:09.0843 3420 RasPppoe - ok 22:04:09.0875 3420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:04:10.0031 3420 Raspti - ok 22:04:10.0078 3420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:04:10.0218 3420 Rdbss - ok 22:04:10.0281 3420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:04:10.0421 3420 RDPCDD - ok 22:04:10.0484 3420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:04:10.0625 3420 rdpdr - ok 22:04:10.0703 3420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 22:04:10.0843 3420 RDPWD - ok 22:04:10.0921 3420 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:04:11.0078 3420 redbook - ok 22:04:11.0187 3420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:04:11.0281 3420 Secdrv - ok 22:04:11.0375 3420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:04:11.0515 3420 serenum - ok 22:04:11.0546 3420 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 22:04:11.0671 3420 Serial - ok 22:04:11.0750 3420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:04:11.0906 3420 Sfloppy - ok 22:04:11.0953 3420 Simbad - ok 22:04:12.0000 3420 Sparrow - ok 22:04:12.0062 3420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:04:12.0187 3420 splitter - ok 22:04:12.0250 3420 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 22:04:12.0312 3420 sr - ok 22:04:12.0359 3420 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 22:04:12.0375 3420 Srv - ok 22:04:12.0406 3420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:04:12.0593 3420 swenum - ok 22:04:12.0640 3420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:04:12.0765 3420 swmidi - ok 22:04:12.0796 3420 symc810 - ok 22:04:12.0828 3420 symc8xx - ok 22:04:12.0859 3420 sym_hi - ok 22:04:12.0875 3420 sym_u3 - ok 22:04:12.0921 3420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:04:13.0046 3420 sysaudio - ok 22:04:13.0125 3420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:04:13.0156 3420 Tcpip - ok 22:04:13.0218 3420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:04:13.0359 3420 TDPIPE - ok 22:04:13.0390 3420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:04:13.0515 3420 TDTCP - ok 22:04:13.0546 3420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:04:13.0687 3420 TermDD - ok 22:04:13.0734 3420 TosIde - ok 22:04:13.0812 3420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:04:13.0937 3420 Udfs - ok 22:04:13.0953 3420 ultra - ok 22:04:14.0031 3420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:04:14.0187 3420 Update - ok 22:04:14.0265 3420 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:04:14.0281 3420 USBAAPL - ok 22:04:14.0328 3420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:04:14.0453 3420 usbccgp - ok 22:04:14.0500 3420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:04:14.0640 3420 usbehci - ok 22:04:14.0687 3420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:04:14.0812 3420 usbhub - ok 22:04:14.0859 3420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:04:14.0984 3420 usbscan - ok 22:04:15.0031 3420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:04:15.0171 3420 USBSTOR - ok 22:04:15.0234 3420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:04:15.0359 3420 usbuhci - ok 22:04:15.0375 3420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:04:15.0515 3420 VgaSave - ok 22:04:15.0562 3420 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 22:04:15.0562 3420 viaagp1 - ok 22:04:15.0609 3420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:04:15.0734 3420 ViaIde - ok 22:04:15.0812 3420 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys 22:04:15.0828 3420 viamraid - ok 22:04:15.0875 3420 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 22:04:16.0015 3420 VolSnap - ok 22:04:16.0062 3420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:04:16.0203 3420 Wanarp - ok 22:04:16.0218 3420 WDICA - ok 22:04:16.0265 3420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:04:16.0406 3420 wdmaud - ok 22:04:16.0546 3420 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 22:04:16.0562 3420 WpdUsb - ok 22:04:16.0718 3420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:04:16.0734 3420 WudfPf - ok 22:04:16.0921 3420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:04:16.0937 3420 WudfRd - ok 22:04:17.0000 3420 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 22:04:17.0421 3420 \Device\Harddisk0\DR0 - ok 22:04:17.0453 3420 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1 22:04:17.0828 3420 \Device\Harddisk1\DR1 ( TDSS File System ) - warning 22:04:17.0828 3420 \Device\Harddisk1\DR1 - detected TDSS File System (1) 22:04:17.0843 3420 Boot (0x1200) (ac914bb143ad6195b31bb51f6b8a4c5d) \Device\Harddisk0\DR0\Partition0 22:04:17.0843 3420 \Device\Harddisk0\DR0\Partition0 - ok 22:04:17.0875 3420 Boot (0x1200) (1f13dbf02700bbd348a65aef6cccd0a3) \Device\Harddisk0\DR0\Partition1 22:04:17.0875 3420 \Device\Harddisk0\DR0\Partition1 - ok 22:04:17.0906 3420 Boot (0x1200) (f83c9920f2930d51cd81779d588e4a4b) \Device\Harddisk0\DR0\Partition2 22:04:17.0906 3420 \Device\Harddisk0\DR0\Partition2 - ok 22:04:17.0953 3420 Boot (0x1200) (36d824b6768512f27198b260dcc71354) \Device\Harddisk1\DR1\Partition0 22:04:17.0953 3420 \Device\Harddisk1\DR1\Partition0 - ok 22:04:17.0953 3420 ============================================================ 22:04:17.0953 3420 Scan finished 22:04:17.0953 3420 ============================================================ 22:04:18.0093 1832 Detected object count: 3 22:04:18.0093 1832 Actual detected object count: 3 22:04:44.0890 1832 ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - skipped by user 22:04:44.0890 1832 ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:04:44.0890 1832 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user 22:04:44.0890 1832 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:04:44.0906 1832 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user 22:04:44.0906 1832 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip |
15.03.2012, 22:25 | #10 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, hmm.... Wieviele Partitionen habt Ihr auf Festplatte 1 bzw. 2? Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.03.2012, 22:49 | #11 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Bin mir nicht ganz sicher, ob ich verstanden habe, was du mit der Partionierung gemeint hast. Also ich habe 3 Festplatten (C,D,E) und zusätzlich noch eine (G mit Sicherheitskopien). Alle 4 Sind jedoch nicht noch weiter irgendwie unterteilt, wenn ich das richtig sehe. Das mit Combofix werde ich dann Morgen in Ruhe machen und vorher wohl nochmal mein Zeugs sichern, wenn ich von dem Risiko bei der Sache lese. Werde mich dann wieder melden |
15.03.2012, 22:59 | #12 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, was mich etwas stutzig macht sind die beiden aktiven MBRs.... und die Meldung vom Killer bezüglich des TDSS-Filesysstems... Habt Ihr Umleitungen in Google? Das wäre typisch für TDSS... Normalerweise passiert nichts bei CF, allerdings hatte ich bisher einen Fall wo sich CF und die Malware so in die Haare bekommen haben, dass Windows zerschossen wurde... Alternativ: (Weniger gefährlich, läuft allerdings ca. 5-7h, daher jetzt installieren und über Nacht laufen lassen): Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
16.03.2012, 09:06 | #13 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Wenn du mit Umleitungen meinst, dass ich, wenn ich auf einen Sucheintrag klicke ganz woanders rauskomme, dann nein. Benutze die Suche nicht so oft, daher habe ich es jetzt nur schnell mal mit einigen Suchbegriffen getestet. Läuft ganz genauso wie sonst auch immer. EDIT: Oder könnten diese Umleitungen Browserabhängig sein? Benutze den SRWare Iron (Chromium). Ansonsten hätte ich noch FF und IE wenn sich solche Umleitungen da eher zeigen. Gut also wenn du meinst, dass CureIT genauso effektiv arbeitet, dann würde ich das zuerst ausprobieren wollen (auch wenn ich die Nacht zum laufen lassen jetzt verschlafen hab ). Wenn dabei nichts rauskommt, dann kann ich doch sicher immer noch Combofix machen. Geändert von Regression (16.03.2012 um 09:18 Uhr) |
16.03.2012, 12:09 | #14 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) Hi, TDDS fängt den gesamten Internetverkehr ab, daher ist es egal welcher Browser... Lass CureIT los, CF ggf. dann später... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
16.03.2012, 21:14 | #15 |
| Ukash Bundespolizeivirus paysafecard (auf Windows XP) So hier nun das Ergebnis: Code:
ATTFilter facemoodssrv.exe;c:\programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.3;Verschoben.; DriverScanner.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Program.Uniblue.7;; SoftonicDownloader_for_last-fm-scrobbler.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Adware.Downware.21;Verschoben.; WebInstaller.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.; uninstall.exe;C:\Programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.2;Verschoben.; A0136753.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;BackDoor.Bebloh.2;Gelöscht.; A0149628.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.3;Verschoben.; A0149629.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.2;Verschoben.; DriverScanner.exe;G:\Sicherung 16.2.2012\Downloads;Program.Uniblue.7;; SoftonicDownloader_for_last-fm-scrobbler.exe;G:\Sicherung 16.2.2012\Downloads;Adware.Downware.21;Verschoben.; WebInstaller.exe;G:\Sicherung 16.2.2012\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.; A0136754.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.; A0136755.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.; A0136756.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.; A0136757.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.; A0136758.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.; A0143065.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;; A0143137.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.; A0143473.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;; A0143550.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.; A0143580.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.; A0149630.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.; A0149631.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.; |
Themen zu Ukash Bundespolizeivirus paysafecard (auf Windows XP) |
0x00000001, ad-aware, bho, browser, codes, converter, email, error, firefox, flash player, format, google, google earth, iexplore.exe, jdownloader, logfile, mozilla, mozilla thunderbird, mp3, object, paysafecard, plug-in, registry, required, rundll, scan, searchscopes, security, security scan, server, software, spotify, super, ukash virus, version=1.0, virus, win32k.sys, windows, windows internet, windows xp, wma |