| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows wurde aus Sicherheitsgründen gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2012, 17:06
| #1 |
| |  Windows wurde aus Sicherheitsgründen gesperrt Hallo, ich habe auch das Problem das ich den Virus/Trojaner habe, durch den der schwarze Bildschirm erscheint mit der Aufforderung Geld zu zahlen. Ich habe Combofix schon durchlaufen lassen und kann das infizierte Windows 7 nun auch wieder benutzen. Aber Malwarebytes sowie Antivir lassen sich nicht updaten. Error 732 (0,0). Habe die Firewall ausgestellt und die Lan Einstellungen überprüft (Automatische Suche der Einstellungen), es geht trotzdem nicht. Hier der Combofix Log Code:
ATTFilter ComboFix 12-03-27.03 - Speed-PC 28.03.2012 17:39:50.3.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2532 [GMT 2:00]
ausgeführt von:: e:\users\Speed-PC\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 15:44 . 2012-03-28 15:44 -------- d-----w- e:\users\Default\AppData\Local\temp
2012-03-28 15:33 . 2012-03-28 15:33 -------- d-----w- e:\program files\CCleaner
2012-03-27 23:18 . 2012-03-14 03:27 8669240 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE734C0-4642-4045-BD07-D30281991C34}\mpengine.dll
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:54 38224 ----a-w- e:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\programdata\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:53 22104 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-26 17:16 . 2012-03-26 17:16 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-19 18:29 . 2012-03-19 18:29 592824 ----a-w- e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29 44472 ----a-w- e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30 5504880 ----a-w- e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25 3957616 ----a-w- e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25 3902320 ----a-w- e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27 1031680 ----a-w- e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44 826368 ----a-w- e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47 204800 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46 23552 ----a-w- e:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52 279656 ------w- e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26 86528 ----a-w- e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 63488 ----a-w- e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 367104 ----a-w- e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 1798656 ----a-w- e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 161792 ----a-w- e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 1127424 ----a-w- e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 110592 ----a-w- e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 89088 ----a-w- e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 420864 ----a-w- e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 35840 ----a-w- e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 23552 ----a-w- e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 222208 ----a-w- e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 173056 ----a-w- e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 152064 ----a-w- e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26 150528 ----a-w- e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 142848 ----a-w- e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 1427456 ----a-w- e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 1390080 ----a-w- e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 11776 ----a-w- e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 101888 ----a-w- e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 91648 ----a-w- e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 85504 ----a-w- e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 49664 ----a-w- e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 448512 ----a-w- e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 30720 ----a-w- e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 2308096 ----a-w- e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 1493504 ----a-w- e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 135168 ----a-w- e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 12288 ----a-w- e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 114176 ----a-w- e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 111616 ----a-w- e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 603648 ----a-w- e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 165888 ----a-w- e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 160256 ----a-w- e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04 67584 ----a-w- e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17 419840 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 413696 ----a-w- e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 133632 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17 110592 ----a-w- e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37 414368 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36 335288 ----a-w- e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13 509952 ----a-w- e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13 442880 ----a-w- e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13 515584 ----a-w- e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13 478208 ----a-w- e:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_23.07.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:47 . 2012-03-28 13:46 48886 e:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-28 13:46 32548 e:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-03 09:29 . 2012-03-28 13:46 14766 e:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3023865418-1405554827-2073565710-1001_UserData.bin
- 2010-03-02 17:32 . 2012-03-23 23:30 16384 e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33 16384 e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33 32768 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 17:32 . 2012-03-23 23:30 32768 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 15:33 16384 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-23 23:30 16384 e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-28 13:27 93624 e:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 616032 e:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48 616032 e:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48 654150 e:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 654150 e:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48 106412 e:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 106412 e:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 130022 e:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48 130022 e:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-27 23:05 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-28 15:45 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-11 23:38 . 2012-03-27 23:05 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-11 23:38 . 2012-03-28 13:42 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-03 14:42 . 2012-03-28 15:45 1659077 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
- 2011-11-03 14:42 . 2012-02-04 00:18 1659077 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
+ 2009-07-14 02:34 . 2012-03-28 14:30 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-26 17:16 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-12 01:11 . 2012-03-28 15:45 17088044 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 17:50:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-28 15:50
ComboFix2.txt 2012-03-28 13:53
ComboFix3.txt 2012-03-27 23:11
.
Vor Suchlauf: 18 Verzeichnis(se), 23.087.230.976 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.413.313.536 Bytes frei
.
- - End Of File - - A9AF9F24F596276D2241C7F1DD4E97EA
Würde mich sehr über Hilfe freuen. |
|
28.03.2012, 17:30
| #2 |
| /// Malware-holic   | Windows wurde aus Sicherheitsgründen gesperrt hi,
__________________du hast schon gelesen was bei combofix dabei steht... nicht auf eigene faust einsetzen.. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.03.2012, 17:34
| #3 |
| | Windows wurde aus Sicherheitsgründen gesperrt OTL text.
__________________Code:
ATTFilter OTL logfile created on: 28.03.2012 18:18:17 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = E:\Users\Speed-PC\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,72% Memory free 8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 3,21 Gb Free Space | 3,29% Space Free | Partition Type: NTFS Drive D: | 833,85 Gb Total Space | 751,62 Gb Free Space | 90,14% Space Free | Partition Type: NTFS Drive E: | 117,74 Gb Total Space | 21,80 Gb Free Space | 18,52% Space Free | Partition Type: NTFS Drive F: | 580,90 Gb Total Space | 111,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS Drive I: | 19,53 Gb Total Space | 19,45 Gb Free Space | 99,55% Space Free | Partition Type: NTFS Drive J: | 16,22 Gb Total Space | 16,14 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive K: | 163,93 Gb Total Space | 83,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS Drive L: | 152,87 Gb Total Space | 1,98 Gb Free Space | 1,29% Space Free | Partition Type: NTFS Drive M: | 3,60 Gb Total Space | 2,37 Gb Free Space | 65,83% Space Free | Partition Type: FAT32 Computer Name: SPEED | User Name: Speed-PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.28 18:13:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Users\Speed-PC\AppData\Local\Akamai\netsession_win.exe PRC - [2011.10.02 14:48:14 | 000,075,136 | ---- | M] () -- E:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- E:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- E:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.26 04:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- E:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2010.01.23 08:12:18 | 000,673,792 | ---- | M] () [Auto | Running] -- E:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- E:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2012.03.28 00:42:56 | 003,417,376 | ---- | M] () [Auto | Running] -- e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2011.10.02 14:48:14 | 000,075,136 | ---- | M] () [Auto | Running] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- E:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.09 23:56:10 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- E:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.04 12:04:30 | 000,067,584 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) DRV:64bit: - [2012.02.03 23:36:28 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- E:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2011.11.02 22:14:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- E:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.11.02 14:57:12 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- E:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.10.26 05:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.10.26 05:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 03:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.12 11:45:50 | 000,018,432 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\HPub4DE3.sys -- (HPub4DE3) USB Mouse Low Filter Driver_4DE3 (WDF Version) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- E:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.09 10:44:44 | 000,025,088 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\HPMo4DE3.sys -- (HPMo4DE3) Mouse Suite Driver_4DE3 (WDF Version) DRV:64bit: - [2010.05.20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.03 23:47:15 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 19:46:08 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- E:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- E:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=drive IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E2 57 D7 36 DE CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=drive&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: E:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: E:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: E:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 20:29:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.03 23:36:29 | 000,000,000 | ---D | M] [2011.10.11 15:27:57 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Extensions [2012.02.24 20:50:22 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions [2012.02.16 12:54:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.24 20:50:22 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.03 23:42:24 | 000,000,000 | ---D | M] (Softonic Toolbar) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\ffxtlbra@softonic.com [2012.01.19 08:55:20 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\mozilla firefox\extensions [2010.12.22 19:06:23 | 000,000,000 | ---D | M] (Skype extension) -- E:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- E:\USERS\SPEED-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\691QCYZ4.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI [2012.03.19 20:29:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.03 23:42:19 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.03 23:42:19 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.03 23:42:19 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.28 14:04:48 | 000,002,048 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchdrive.xml [2012.02.03 23:42:19 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.03 23:42:19 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.03 23:42:19 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.28 17:46:52 | 000,000,027 | ---- | M]) - E:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - E:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - E:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - E:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LifeCam] E:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] E:\Users\Speed-PC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - E:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2BDCE44-340C-45F5-B1D5-D60CEF90790F}: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E52F0E1D-F63B-4BD7-B333-520AB3EA1311}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) - E:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) - E:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.08 12:25:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.11.09 23:58:53 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ] O32 - AutoRun File - [2009.11.09 23:56:34 | 000,000,000 | ---D | M] - D:\autodesk inventor -- [ NTFS ] O32 - AutoRun File - [2009.11.17 20:01:09 | 000,000,000 | ---D | M] - D:\autodesk mechanikel -- [ NTFS ] O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3632E75D-5A43-2F8C-C58C-A06A93A0FE1D} - Browser Customizations ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {56340C08-7C03-D387-415C-74987CFF5C1D} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {5DAA5708-0450-D925-47AB-C74C7DE14946} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {7E708BFC-558E-59AD-CC82-167744122775} - Internet Explorer ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\Windows\system32\Rundll32.exe E:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E414996F-0FE9-2F05-128E-C13F9B0A8D2F} - DirectX ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {F6728ED5-C77B-6922-8AAA-325ADDD91046} - Themes Setup ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\Windows\SysWOW64\Rundll32.exe E:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\Windows\SysWOW64\rundll32.exe" "E:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - E:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: E:^Users^Speed-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk - E:\PROGRA~2\FREEMU~1\FMZilla.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: EADM - hkey= - key= - D:\Programme Win7\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - E:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: VX1000 - hkey= - key= - E:\Windows\vVX1000.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - E:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.28 18:13:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe [2012.03.28 17:50:53 | 000,000,000 | ---D | C] -- E:\Windows\temp [2012.03.28 17:46:56 | 000,000,000 | ---D | C] -- E:\$RECYCLE.BIN [2012.03.28 17:38:52 | 000,000,000 | ---D | C] -- E:\cofi.exe [2012.03.28 17:33:32 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.28 17:33:32 | 000,000,000 | ---D | C] -- E:\Program Files\CCleaner [2012.03.28 17:32:04 | 004,448,391 | R--- | C] (Swearware) -- E:\Users\Speed-PC\Desktop\cofi.exe.exe [2012.03.28 01:12:30 | 000,000,000 | ---D | C] -- E:\Users\Speed-PC\AppData\Roaming\Malwarebytes [2012.03.28 01:12:28 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.28 01:12:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\SysWow64\drivers\mbamswissarmy.sys [2012.03.28 01:12:24 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\SysNative\drivers\mbam.sys [2012.03.28 01:12:24 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.28 01:12:24 | 000,000,000 | ---D | C] -- E:\ProgramData\Malwarebytes [2012.03.28 00:56:22 | 000,518,144 | ---- | C] (SteelWerX) -- E:\Windows\SWREG.exe [2012.03.28 00:56:22 | 000,406,528 | ---- | C] (SteelWerX) -- E:\Windows\SWSC.exe [2012.03.28 00:56:22 | 000,060,416 | ---- | C] (NirSoft) -- E:\Windows\NIRCMD.exe [2012.03.28 00:56:19 | 000,000,000 | ---D | C] -- E:\Windows\ERDNT [2012.03.28 00:56:16 | 000,000,000 | ---D | C] -- E:\Qoobox [2012.03.26 19:16:10 | 000,000,000 | ---D | C] -- E:\Users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on ========== Files - Modified Within 30 Days ========== [2012.03.28 18:13:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe [2012.03.28 17:54:27 | 000,013,264 | -H-- | M] () -- E:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 17:54:27 | 000,013,264 | -H-- | M] () -- E:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 17:51:19 | 001,498,742 | ---- | M] () -- E:\Windows\SysNative\PerfStringBackup.INI [2012.03.28 17:51:19 | 000,654,150 | ---- | M] () -- E:\Windows\SysNative\perfh007.dat [2012.03.28 17:51:19 | 000,616,032 | ---- | M] () -- E:\Windows\SysNative\perfh009.dat [2012.03.28 17:51:19 | 000,130,022 | ---- | M] () -- E:\Windows\SysNative\perfc007.dat [2012.03.28 17:51:19 | 000,106,412 | ---- | M] () -- E:\Windows\SysNative\perfc009.dat [2012.03.28 17:46:52 | 000,000,027 | ---- | M] () -- E:\Windows\SysNative\drivers\etc\hosts [2012.03.28 17:46:37 | 000,000,500 | ---- | M] () -- E:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.03.28 17:46:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat [2012.03.28 17:46:07 | 3220,475,904 | -HS- | M] () -- E:\hiberfil.sys [2012.03.28 17:33:32 | 000,000,827 | ---- | M] () -- E:\Users\Public\Desktop\CCleaner.lnk [2012.03.28 01:12:28 | 000,001,018 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012.03.28 00:52:56 | 004,448,391 | R--- | M] (Swearware) -- E:\Users\Speed-PC\Desktop\cofi.exe.exe [2012.03.15 12:53:51 | 000,403,208 | ---- | M] () -- E:\Windows\SysNative\FNTCACHE.DAT [2012.02.29 14:18:04 | 000,001,171 | ---- | M] () -- E:\Users\Speed-PC\Documents\esti.m3u ========== Files Created - No Company Name ========== [2012.03.28 17:33:32 | 000,000,827 | ---- | C] () -- E:\Users\Public\Desktop\CCleaner.lnk [2012.03.28 01:12:28 | 000,001,018 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012.03.28 00:56:22 | 000,256,000 | ---- | C] () -- E:\Windows\PEV.exe [2012.03.28 00:56:22 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe [2012.03.28 00:56:22 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe [2012.03.28 00:56:22 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe [2012.03.28 00:56:22 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe [2012.02.29 14:18:04 | 000,001,171 | ---- | C] () -- E:\Users\Speed-PC\Documents\esti.m3u [2012.02.19 00:23:50 | 000,000,056 | -H-- | C] () -- E:\ProgramData\ezsidmv.dat [2011.11.23 13:37:43 | 000,000,337 | ---- | C] () -- E:\Users\Speed-PC\AppData\Local\Perfmon.PerfmonCfg [2011.10.26 03:38:38 | 000,204,952 | ---- | C] () -- E:\Windows\SysWow64\ativvsvl.dat [2011.10.26 03:38:38 | 000,157,144 | ---- | C] () -- E:\Windows\SysWow64\ativvsva.dat [2011.09.14 12:47:40 | 000,053,760 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat [2010.06.15 17:46:07 | 000,019,456 | ---- | C] () -- E:\Users\Speed-PC\AppData\Local\WebpageIcons.db ========== LOP Check ========== [2010.08.27 19:30:22 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\algomahe.de [2010.12.31 18:43:19 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Amazon [2011.01.04 16:04:08 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Autodesk [2011.11.18 15:58:28 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\benibela [2012.03.28 17:35:38 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DAEMON Tools Lite [2012.03.28 17:35:38 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DAEMON Tools Pro [2012.02.24 20:45:44 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoft [2012.02.24 20:45:39 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.28 14:30:16 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\FMZilla [2012.03.26 19:16:12 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on [2011.01.05 23:11:40 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\kikin [2010.08.23 00:36:03 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\LolClient [2011.10.02 14:29:10 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Origin [2012.02.03 23:43:14 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\SplitMediaLabs [2010.06.07 22:42:29 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Teeworlds [2012.03.28 17:46:37 | 000,000,500 | ---- | M] () -- E:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.01.15 07:20:08 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.28 17:46:56 | 000,000,000 | ---D | M] -- E:\$RECYCLE.BIN [2009.11.16 18:30:00 | 000,000,000 | ---D | M] -- E:\ATI [2012.03.28 17:50:54 | 000,000,000 | ---D | M] -- E:\cofi.exe [2011.11.02 15:57:24 | 000,000,000 | ---D | M] -- E:\Documents [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings [2009.01.05 21:20:29 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen [2010.05.30 14:08:14 | 000,000,000 | ---D | M] -- E:\found.000 [2009.01.05 21:34:38 | 000,000,000 | ---D | M] -- E:\Intel [2010.05.08 12:50:02 | 000,000,000 | ---D | M] -- E:\MITSI 2011 Temporary Files [2010.11.30 22:54:45 | 000,000,000 | R--D | M] -- E:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs [2012.03.28 17:33:32 | 000,000,000 | R--D | M] -- E:\Program Files [2012.03.28 01:12:24 | 000,000,000 | R--D | M] -- E:\Program Files (x86) [2012.03.28 01:12:24 | 000,000,000 | ---D | M] -- E:\ProgramData [2009.01.05 21:20:29 | 000,000,000 | -HSD | M] -- E:\Programme [2009.06.08 16:58:13 | 000,000,000 | ---D | M] -- E:\Programs [2012.03.28 17:50:54 | 000,000,000 | ---D | M] -- E:\Qoobox [2010.03.02 19:36:40 | 000,000,000 | ---D | M] -- E:\Recovery [2012.03.28 18:19:27 | 000,000,000 | -HSD | M] -- E:\System Volume Information [2012.03.24 20:32:28 | 000,000,000 | ---D | M] -- E:\temp [2010.03.02 19:36:49 | 000,000,000 | R--D | M] -- E:\Users [2012.03.28 17:50:53 | 000,000,000 | ---D | M] -- E:\Windows [2012.02.04 12:02:46 | 000,000,000 | ---D | M] -- E:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\ERDNT\cache86\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Users\Speed-PC\Desktop\Downloads\IMSM_V8901023\IMSM_V8901023\Driver\Disk\f6flpy64\IaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Users\Speed-PC\Desktop\Downloads\IMSM_V8901023\IMSM_V8901023\Driver\Disk\f6flpy32\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\ERDNT\cache64\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\ERDNT\cache86\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\ERDNT\cache86\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\ERDNT\cache64\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\ERDNT\cache64\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\ERDNT\cache86\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\ERDNT\cache86\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\ERDNT\cache64\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\ERDNT\cache64\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.11.18 16:02:40 | 000,000,600 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.aux [2011.11.18 16:02:40 | 000,050,338 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.log [2011.11.18 16:02:40 | 000,000,000 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.nlo [2011.11.18 16:02:40 | 000,000,000 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.out [2011.11.18 16:01:55 | 000,007,991 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.tex [2010.08.27 19:10:20 | 000,036,280 | ---- | M] () -- E:\Users\Speed-PC\GamingC.mac [2012.03.28 18:19:15 | 003,932,160 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT [2012.03.28 18:19:15 | 000,262,144 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.dat.LOG1 [2010.03.02 19:36:51 | 000,000,000 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.dat.LOG2 [2010.03.03 02:19:45 | 000,065,536 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.03 02:19:45 | 000,524,288 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.03 02:19:45 | 000,524,288 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.02 19:36:52 | 000,000,020 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.ini [2010.11.30 22:34:04 | 000,013,312 | ---- | M] () -- E:\Users\Speed-PC\s1.xls [2010.11.30 22:31:19 | 000,186,546 | ---- | M] () -- E:\Users\Speed-PC\Stückliste 1.xml [2010.11.30 22:31:32 | 000,186,546 | ---- | M] () -- E:\Users\Speed-PC\Stückliste 2.xml [2010.11.30 23:11:14 | 000,051,490 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.pdf [2010.11.30 22:55:00 | 000,024,576 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.xls [2010.11.30 23:11:06 | 000,013,677 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.xlsx [2010.08.27 19:26:56 | 000,005,546 | ---- | M] () -- E:\Users\Speed-PC\XMBCSettings.xml [2010.08.27 19:28:32 | 000,003,657 | ---- | M] () -- E:\Users\Speed-PC\XMouseButtonControl.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extras txt. Code:
ATTFilter OTL Extras logfile created on: 28.03.2012 18:18:17 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = E:\Users\Speed-PC\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,72% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 3,21 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 751,62 Gb Free Space | 90,14% Space Free | Partition Type: NTFS
Drive E: | 117,74 Gb Total Space | 21,80 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive F: | 580,90 Gb Total Space | 111,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive I: | 19,53 Gb Total Space | 19,45 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive J: | 16,22 Gb Total Space | 16,14 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive K: | 163,93 Gb Total Space | 83,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS
Drive L: | 152,87 Gb Total Space | 1,98 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive M: | 3,60 Gb Total Space | 2,37 Gb Free Space | 65,83% Space Free | Partition Type: FAT32
Computer Name: SPEED | User Name: Speed-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- E:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = E:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"E:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = E:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"AutoCAD Mechanical 2011 Version 2" = AutoCAD Mechanical 2011 Version 2
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"CCleaner" = CCleaner
"DWG TrueView 2011" = DWG TrueView 2011
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (NO23 Edition) 2.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ATITool" = ATITool Overclocking Utility
"Audiograbber" = Audiograbber 1.83 SE
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.0" = ESN Sonar
"EXCEL" = Microsoft Office Excel 2007
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Music Zilla_is1" = Free Music Zilla
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Hamachi" = Hamachi 1.0.1.5
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"League of Legends_is1" = League of Legends
"LEd_is1" = LEd Beta 0.53
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MausII" = MausII
"McAfee Security Scan" = McAfee Security Scan Plus
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MyMDb_0" = MyMDb 3.6
"Origin" = Origin
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"softonic" = Softonic toolbar on IE and Chrome
"StarCraft II" = StarCraft II
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"TexMakerX_is1" = TexMakerX 2.1
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.5
"WaveLabPro" = WaveLab 6
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
28.03.2012, 18:03
| #4 |
| /// Malware-holic | Windows wurde aus Sicherheitsgründen gesperrt wieso wurde combofix eig mehrfach ausgeführt und wo sind die anderen berichte?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.03.2012, 18:13
| #5 |
| | Windows wurde aus Sicherheitsgründen gesperrt Mein Fehler, habe vorschnell gehandelt  Laie...Habe es Gestern einmal direkt vom USB Stick ausgeführt und danach hat alles wieder funktioniert. Heute kam der schwarze Bildschirm mit dem Text wieder und ich habe es nochmal durchlaufen lassen und danach nochmal vom Desktop umbenannt als cofi.exe. Schön blöd aber leider nicht mehr zu ändern Finde leider die alte Log nicht mehr : Hoffe du kannst mir trotzdem helfen Geändert von Lenn-Art (28.03.2012 um 18:55 Uhr) |
|
28.03.2012, 19:14
| #6 |
| /// Malware-holic | Windows wurde aus Sicherheitsgründen gesperrt schau mal, die logs müssten alle auf c: oder im ordner qoobox liegen. eig alle unter dem buchstaben c, wie combofix(nummer).txt oder log(nummer).txt sicher will ich dir helfen, aber ich brauch auch infos die mich dazu befähigen meine arbeit vernünftig zu machen ich würd mich auch mit der ComboFix-quarantined-files.txt zufrieden geben :-)
__________________ --> Windows wurde aus Sicherheitsgründen gesperrt |
|
28.03.2012, 19:50
| #7 |
| | Windows wurde aus Sicherheitsgründen gesperrt Alles klar  Habe sie im qoobox ordner gefunden Combofix 3 txt. Code:
ATTFilter ComboFix 12-03-27.03 - Speed-PC 28.03.2012 0:58.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2401 [GMT 2:00]
ausgeführt von:: M:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files (x86)\facemoods.com
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
e:\users\Speed-PC\AppData\Local\Skype\SkypePM.exe
e:\windows\Downloaded Program Files\IDropPTB.dll
F:\resycled
f:\resycled\boot.com
K:\resycled
L:\resycled
l:\resycled\boot.com
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 23:04 . 2012-03-27 23:04 -------- d-----w- e:\users\Default\AppData\Local\temp
2012-03-26 17:16 . 2012-03-26 17:16 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-23 19:51 . 2012-03-14 03:27 8669240 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{4524C219-C6CA-4476-829A-13C114D519E1}\mpengine.dll
2012-03-19 18:29 . 2012-03-19 18:29 592824 ----a-w- e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29 44472 ----a-w- e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30 5504880 ----a-w- e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25 3957616 ----a-w- e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25 3902320 ----a-w- e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27 1031680 ----a-w- e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44 826368 ----a-w- e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47 204800 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46 23552 ----a-w- e:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52 279656 ------w- e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26 86528 ----a-w- e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 63488 ----a-w- e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 367104 ----a-w- e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 1798656 ----a-w- e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 161792 ----a-w- e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 1127424 ----a-w- e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 110592 ----a-w- e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 89088 ----a-w- e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 420864 ----a-w- e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 35840 ----a-w- e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 23552 ----a-w- e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 222208 ----a-w- e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 173056 ----a-w- e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 152064 ----a-w- e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26 150528 ----a-w- e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 142848 ----a-w- e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 1427456 ----a-w- e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 1390080 ----a-w- e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 11776 ----a-w- e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 101888 ----a-w- e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 91648 ----a-w- e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 85504 ----a-w- e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 49664 ----a-w- e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 448512 ----a-w- e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 30720 ----a-w- e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 2308096 ----a-w- e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 1493504 ----a-w- e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 135168 ----a-w- e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 12288 ----a-w- e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 114176 ----a-w- e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 111616 ----a-w- e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 603648 ----a-w- e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 165888 ----a-w- e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 160256 ----a-w- e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04 67584 ----a-w- e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17 419840 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 413696 ----a-w- e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 133632 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17 110592 ----a-w- e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37 414368 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36 335288 ----a-w- e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13 509952 ----a-w- e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13 442880 ----a-w- e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13 515584 ----a-w- e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13 478208 ----a-w- e:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="e:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-SkypePM - e:\users\Speed-PC\AppData\Local\Skype\SkypePM.exe
AddRemove-facemoods - e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 01:11:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-27 23:11
.
Vor Suchlauf: 13 Verzeichnis(se), 19.952.971.776 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 22.571.253.760 Bytes frei
.
- - End Of File - - 2DDDCAFF5E3ADAA3128E3FAC89913470
und hier ComboFix-quarantined-files Code:
ATTFilter 2012-03-28 13:13:17 . 2012-03-28 13:13:17 1,050 ----a-w- E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg413708.exe.lnk.vir
2012-03-28 13:13:15 . 2012-03-28 13:13:17 228,392 ----a-w- E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Temp\arg413708.exe.vir
2012-03-27 23:10:24 . 2012-03-27 23:10:24 632 ----a-w- E:\Qoobox\Quarantine\Registry_backups\AddRemove-facemoods.reg.dat
2012-03-27 23:10:04 . 2012-03-27 23:10:04 148 ----a-w- E:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-SkypePM.reg.dat
2012-03-27 23:07:09 . 2008-10-22 17:33:38 0 ----a-w- E:\Qoobox\Quarantine\L\resycled\boot.com.vir
2012-03-27 23:07:09 . 2008-10-22 17:33:38 0 ----a-w- E:\Qoobox\Quarantine\F\resycled\boot.com.vir
2012-03-27 23:02:38 . 2012-03-28 15:43:10 12,436 ----a-w- E:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-27 22:56:19 . 2012-03-28 15:38:53 153 ----a-w- E:\Qoobox\Quarantine\catchme.log
2011-11-02 12:14:57 . 2011-11-02 12:14:57 2,653 ----a-w- E:\Qoobox\Quarantine\E\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk.vir
2011-08-28 12:04:48 . 2011-08-28 12:04:48 138,074 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe.vir
2011-05-01 09:15:10 . 2011-05-01 09:15:10 32,790 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx.vir
2011-04-26 17:22:12 . 2011-02-26 06:23:14 82,592 ----a-w- E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Skype\SkypePM.exe.vir
2011-04-14 10:32:46 . 2011-04-14 10:32:46 368,344 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll.vir
2011-04-14 10:32:44 . 2011-04-14 10:32:44 220,888 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll.vir
2011-04-14 10:32:42 . 2011-04-14 10:32:42 329,432 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe.vir
2011-04-14 10:32:42 . 2011-04-14 10:32:42 265,944 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll.vir
2011-04-14 10:32:40 . 2011-04-14 10:32:40 462,552 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll.vir
2010-10-10 14:46:56 . 2010-10-10 14:46:56 2,664 ----a-w- E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png.vir
2007-02-12 10:40:02 . 2007-02-12 10:40:02 0 ----a-w- E:\Qoobox\Quarantine\E\Windows\Downloaded Program Files\IDropPTB.dll.vir
Code:
ATTFilter ComboFix 12-03-27.03 - Speed-PC 28.03.2012 15:32:56.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2560 [GMT 2:00]
ausgeführt von:: M:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\users\Speed-PC\AppData\Local\Temp\arg413708.exe
e:\users\Speed-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg413708.exe.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 13:42 . 2012-03-28 13:42 -------- d-----w- e:\users\Default\AppData\Local\temp
2012-03-27 23:18 . 2012-03-14 03:27 8669240 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE734C0-4642-4045-BD07-D30281991C34}\mpengine.dll
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:54 38224 ----a-w- e:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:12 . 2012-03-27 23:12 -------- d-----w- e:\programdata\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:53 22104 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-03-26 17:16 . 2012-03-26 17:16 -------- d-----w- e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-19 18:29 . 2012-03-19 18:29 592824 ----a-w- e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29 44472 ----a-w- e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30 5504880 ----a-w- e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25 3957616 ----a-w- e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25 3902320 ----a-w- e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27 1031680 ----a-w- e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44 826368 ----a-w- e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47 204800 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46 23552 ----a-w- e:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52 279656 ------w- e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26 86528 ----a-w- e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 63488 ----a-w- e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 367104 ----a-w- e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 1798656 ----a-w- e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 161792 ----a-w- e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 1127424 ----a-w- e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 110592 ----a-w- e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 74752 ----a-w- e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 89088 ----a-w- e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26 420864 ----a-w- e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 35840 ----a-w- e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 2382848 ----a-w- e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26 23552 ----a-w- e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 222208 ----a-w- e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26 173056 ----a-w- e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 152064 ----a-w- e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26 150528 ----a-w- e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 142848 ----a-w- e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26 1427456 ----a-w- e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 1390080 ----a-w- e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26 11776 ----a-w- e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 101888 ----a-w- e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 91648 ----a-w- e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26 85504 ----a-w- e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26 76800 ----a-w- e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26 49664 ----a-w- e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26 48640 ----a-w- e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26 448512 ----a-w- e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26 30720 ----a-w- e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26 2308096 ----a-w- e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26 1493504 ----a-w- e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26 135168 ----a-w- e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26 12288 ----a-w- e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26 114176 ----a-w- e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26 111616 ----a-w- e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26 603648 ----a-w- e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26 165888 ----a-w- e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26 160256 ----a-w- e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04 67584 ----a-w- e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17 419840 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 413696 ----a-w- e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17 133632 ----a-w- e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17 110592 ----a-w- e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37 414368 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36 335288 ----a-w- e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13 509952 ----a-w- e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13 442880 ----a-w- e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13 515584 ----a-w- e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13 478208 ----a-w- e:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_23.07.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:47 . 2012-03-28 13:30 48680 e:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-28 13:31 32524 e:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-03 09:29 . 2012-03-28 13:31 14750 e:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3023865418-1405554827-2073565710-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-03-28 13:27 93624 e:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-28 13:44 . 2012-03-28 13:44 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 23:06 . 2012-03-27 23:06 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-28 13:44 . 2012-03-28 13:44 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 616032 e:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 13:35 616032 e:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 654150 e:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-03-28 13:35 654150 e:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-28 13:35 106412 e:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 22:57 106412 e:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-03-28 13:35 130022 e:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-03-27 22:57 130022 e:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-27 23:05 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-28 13:42 325052 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-11 23:38 . 2012-03-28 13:42 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-11 23:38 . 2012-03-27 23:05 2351488 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-03-27 23:29 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-26 17:16 10485760 e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-12 01:11 . 2012-03-28 13:42 16746824 e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 15:53:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-28 13:53
ComboFix2.txt 2012-03-27 23:11
.
Vor Suchlauf: 18 Verzeichnis(se), 21.637.435.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.302.534.144 Bytes frei
.
- - End Of File - - 94E83DCAEAA8582311482351FCC464D3
|
|
29.03.2012, 12:06
| #8 |
| /// Malware-holic | Windows wurde aus Sicherheitsgründen gesperrt hattest du zum zeitpunkt des scans usb laufwerke angeschlossen? f: l: und k:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.03.2012, 12:58
| #9 |
| | Windows wurde aus Sicherheitsgründen gesperrt Hey, nur bei K: ist ein usb stick angeschlossen. f: und i: sind Partitionen. Oh ich sehe grade das mein Antivir sich seit heute wieder updaten kann bzw. gemacht hat. Nur bei Malwarbytes geht es weiterhin nicht. |
|
29.03.2012, 15:47
| #10 |
| /// Malware-holic | Windows wurde aus Sicherheitsgründen gesperrt deaktiviere mal die autorun funktion: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de deinstaliere Malwarebytes mal, starte neu, instaliere es neu (frisch runterladen) schaue obs update jetzt geht. schließe alle externen speichermedien, wie festplatten, sticks etc an, und mache mit malwarebytes, egal ob update möglich war, nen vollständigen scan, poste das log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.03.2012, 22:16
| #11 |
| | Windows wurde aus Sicherheitsgründen gesperrt Update hat geklappt Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.29.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Speed-PC :: SPEED [Administrator] Schutz: Aktiviert 29.03.2012 17:53:54 mbam-log-2012-03-29 (17-53-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1163052 Laufzeit: 4 Stunde(n), 28 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Program Files (x86)\PlayMP3z\PlayMP3.exe (Adware.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Temp\arg413708.exe.vir (Trojan.Zbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Daten\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Daten\NERO 7.0\Ahead.Nero.v7.0.Ultra.Edition.Incl.Keymaker-EMBRACE_www.9down.com\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. K:\externe fest platte\Video Codecs\DivX 5.02 Pro\DivXPro50XKeymaker.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. L:\spiele\Gothik 3\Gothic3.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
30.03.2012, 11:37
| #12 |
| /// Malware-holic | Windows wurde aus Sicherheitsgründen gesperrt F:\Daten\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Daten\NERO 7.0\Ahead.Nero.v7.0.Ultra.Edition.Incl.Keymaker-EMBRACE_www.9down.com\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. K:\externe fest platte\Video Codecs\DivX 5.02 Pro\DivXPro50XKeymaker.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. wer keygens nutzt, muss sich über malware nicht wundern, da deren verwendung illegal ist, ist der suport beendet. hilfe gibts beim formatieren, daten sichern, pc neu aufsetzen. und absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.03.2012, 12:15
| #13 |
| | Windows wurde aus Sicherheitsgründen gesperrt Entschuldigung habe da nicht mehr dran gedacht und wollte dich/euch damit nicht in verlegenheit bringen. Ich bedanke mich trotzdem vielmals!!  Antivir läuft wieder, Malwarebytes auch |
|
| Themen zu Windows wurde aus Sicherheitsgründen gesperrt |
| akamai, antivir, avgnt, avira, bildschirm, browser, combofix, converter, desktop, error, firefox, geld, helper, internet, internet explorer, mozilla, mp3, problem, scan, schwarze bildschirm, security, security scan, softonic, svchost.exe, system, updates, virus/trojaner, vista, win64, windows |
Linear-Darstellung
