|
Log-Analyse und Auswertung: Virencheck nach VirenbefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.04.2012, 23:32 | #1 |
| Virencheck nach Virenbefall Hallo liebes Trojaner- Board Team, erstmal tut mir leid wegen dem Titel, aber mir ist leider nichts besseres eingefallen... Jetzt worum es geht: Meine Freundinn hatte mir ihren Laptop gebracht, weil er mit dem Bundeskriminalamt-virus befallen war. ("Dieser Computer wurde gesperrt, weil Kinderpornografischen Material heruntergeladen wurde. Senden sie 100€ an blablabla" so oder so ähnlich hoffe ihr wisst welchen ich meine.) Ich dachte erst nicht, dass es so schlimm ist, weil ich den Virus via msconfig deaktivieren konnte(Dateiname:"ch8l0.exe"). Jetzt zum Fehler meinerseits: Ich habe einen Virenscanner nach dem anderen Installiert und wieder deinstalliert (Spybot, AVG, Norton, Avira, Spyware Terminator). Nachdem er die Viren/Trojaner gefunden hatte. Waren mit Sicherheit 5-10 Trojaner und eben der eine Virus. Den Virus hatte dann AVG gefunden. Ich glaube ich habe jetzt alle. Glauben ist nicht wissen, deshalb bin ich hier . (Nebenbei bemerkt habe ich meinen PC auch noch mithilfe des USB-Sticks infiziert, weil ich dem Laptop das Internet gesperrt hatte und die Virenscanner von meinem PC auf den Laptop via USB Stick gespielt hatte und die Logfiles wieder rüber. Leider musste ich feststellen, dass Microsoft Security Essentials keinen Wechseldatenträgerscann hat aber was solls den kann ich formatieren. Der wurde gefunden "Exploit:Java/CVE-2010-0840.AA ") Naja ich hoffe ihr könnt was mit den Logfiles anfangen... Würde mir es ja aneignen aber zurzeit werden ja leider keine Bewerber gesucht DDS.txt: Code:
ATTFilter . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by ***** at 20:27:42 on 2012-04-07 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1919.1283 [GMT 2:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\ASUSTPE.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.de/ uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.asus.com uURLSearchHooks: H - No File BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0929A8F0-E873-4A54-BC86-664E29B50CCE} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{3D359373-3EF0-4168-B286-158FF24806A7} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\****\appdata\roaming\mozilla\firefox\profiles\9x5xnoar.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/# FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npirsviewer.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2010-7-8 99840] R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-6-18 373568] R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-5-30 201696] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-26 21504] R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [2004-5-17 17280] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-17 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [2010-5-31 14342] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600] S3 B-Service;B-Service;c:\users\bauer\downloads\B-Service.exe [2011-5-20 185640] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2010-7-8 1527900] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-8-8 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-8-8 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-8-8 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-8-8 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-8-8 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-8-8 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-8-8 115752] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-8 90536] . =============== Created Last 30 ================ . 2012-04-07 12:52:58 -------- d-----w- c:\users\*****\appdata\roaming\Malwarebytes 2012-04-07 12:52:49 -------- d-----w- c:\programdata\Malwarebytes 2012-04-07 09:37:49 -------- d-----w- c:\programdata\Norton 2012-04-07 09:37:30 -------- d-----w- c:\programdata\NortonInstaller 2012-04-06 21:42:30 -------- d-----w- c:\users\bauer\appdata\roaming\AVG2012 2012-04-06 21:40:40 -------- d--h--w- c:\programdata\Common Files 2012-04-06 21:37:42 -------- d-----w- c:\programdata\AVG2012 2012-04-06 21:35:29 -------- d-----w- c:\program files\AVG 2012-04-06 21:31:14 -------- d-----w- c:\programdata\MFAData 2012-04-06 20:10:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-06 20:10:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-04-06 16:45:50 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2012-04-06 16:12:53 14664 ----a-w- c:\windows\stinger.sys 2012-04-06 16:11:13 -------- d-----w- c:\program files\stinger 2012-04-05 15:36:32 -------- d-----w- c:\windows\pss 2012-04-04 08:06:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-16 18:30:14 19384 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-03-16 18:30:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-03-16 18:30:13 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-03-16 18:30:13 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-03-16 18:30:13 125880 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-03-16 18:30:12 924600 ----a-w- c:\program files\mozilla firefox\firefox.exe 2012-03-16 18:30:12 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-16 18:30:12 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-16 18:30:12 269240 ----a-w- c:\program files\mozilla firefox\freebl3.dll . ==================== Find3M ==================== . 2012-04-04 08:06:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 20:28:55,15 =============== Code:
ATTFilter NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 13.09.2007 06:41:15 System Uptime: 07.04.2012 20:04:05 (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | F5N Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | CPU 1 | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 10,197 GiB free. D: is FIXED (NTFS) - 49 GiB total, 26,211 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader 8.3.1 - Deutsch ASUS Touch Pad Extra Asus_Camera_ScreenSaver Atheros Driver Installation Program ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 Canon MP520 series D-Route 2008/2009 Definition update for Microsoft Office 2010 (KB982726) devolo dLAN-Konfigurationsassistent devolo EasyClean devolo EasyShare devolo Informer Firebird SQL Server - MAGIX Edition (D) Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater LightScribe 1.4.142.1 MAGIX Foto Clinic 5.0 (D) MAGIX Foto Manager 2006 (D) MAGIX Music Manager 2006 (D) MAGIX Online Druck Service (D) MAGIX Video deluxe 2006 2007 PLUS (D) Microsoft .NET Framework 3.5 SP1 Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Outlook Social Connector (KB2289116) ªº§ó·s Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XML Parser Mozilla Firefox 11.0 (x86 de) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Essentials NVIDIA Drivers NVIDIA PhysX PIXMA Extended Survey Program Power4Gear eXtreme ProtectDisc Helper Driver Realtek USB 2.0 Card Reader Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) Siggi Blitz Vorschule 1 Siggi Blitz Vorschule 2 Synaptics Pointing Device Driver TAPPS 1.20 DE Update für Microsoft Outlook Social Connector (KB2289116) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft OneNote 2010 (KB2433299) WinFlash Wireless Console 2 . ==== End Of File =========================== Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-04-07 22:56:30 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHW2120BH rev.00000012 Running: her7ci38.exe; Driver: C:\Users\****\AppData\Local\Temp\uwldqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .reloc C:\Windows\system32\drivers\acehlp09.sys section is executable [0x8777D780, 0x28F7A, 0xE0000060] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BE0A340, 0x3EE1D7, 0xE8000020] .text C:\Windows\system32\drivers\ACEDRV06.sys section is writeable [0x8CD80000, 0x319AA, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV06.sys entry point in ".pklstb" section [0x8CDC3000] .relo2 C:\Windows\system32\drivers\ACEDRV06.sys unknown last section [0x8CDDE000, 0x8E, 0x42000040] .reloc C:\Windows\system32\drivers\acedrv09.sys section is executable [0x9BEE1000, 0x4E05A, 0xE0000060] ? C:\Users\Bauer\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device InCDFs.sys (InCD File System Driver/Nero AG) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986001fd2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986001fd2@001ee2469711 0x38 0xD0 0xB3 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001986001fd2@0024ef7f4734 0xDA 0x33 0xCB 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001986001fd2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001986001fd2@001ee2469711 0x38 0xD0 0xB3 0x9C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001986001fd2@0024ef7f4734 0xDA 0x33 0xCB 0x6B ... ---- EOF - GMER 1.0.15 ---- |
08.04.2012, 17:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Hast du die Logs der Scanner noch? Wäre schön wenn man wüsste was da genau gefunden wurde sonst wird es fischen im Trüben
__________________Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
08.04.2012, 17:54 | #3 |
| Virencheck nach Virenbefall Leider nicht, da ich ja dummerweise alle Virenscanner im nachhinein wieder deinstalliert hab -.- weiß leider auch nicht was mich da geritten hat oder sind die trotz Deinstallation immernoch da? Wäre zu schön um wahr zu sein. Bemerkt hab ich bis jetzt nichts mehr vom Virus aber über die Trojaner mache ich mir noch ein wenig Gedanken...
__________________ |
08.04.2012, 17:54 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2012, 18:08 | #5 |
| Virencheck nach Virenbefall Ah tut mir leid ich habe grade noch ein Logfile von Malwarebytes gefunden das auch einen Trojaner gekillt hat. War allerdings nur ein Quick Scan. Beim vollständigen Scann, wo wähle ich alle Laufwerke aus? Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.07.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***** :: NOTEBOOK [Administrator] 07.04.2012 19:17:44 mbam-log-2012-04-07 (19-17-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 177684 Laufzeit: 6 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\Schmidt-Pro (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) |
08.04.2012, 18:24 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Das siehst du schon wo die die Laufwerke auswählst wenn du den Vollscan startest. Alle Laufwerke wählen außer CD/DVD
__________________ --> Virencheck nach Virenbefall |
09.04.2012, 00:42 | #7 |
| Virencheck nach Virenbefall Hier die Logs die du wolltest: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.08.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ******:: NOTEBOOK [Administrator] 08.04.2012 19:30:44 mbam-log-2012-04-08 (19-30-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345934 Laufzeit: 2 Stunde(n), 59 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1ae17b3421706a4b8931869a7b413b2b # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-08 11:37:56 # local_time=2012-04-09 01:37:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 169350 169350 0 0 # compatibility_mode=1797 16774142 0 73 81557 70452942 0 0 # compatibility_mode=5892 16776638 100 100 10290975 171450207 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=148160 # found=0 # cleaned=0 # scan_time=10797 |
09.04.2012, 16:25 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2012, 17:28 | #9 |
| Virencheck nach Virenbefall Ja ich kann im normalen Modus alles machen und fehlen tut auch nichts |
09.04.2012, 17:41 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2012, 19:02 | #11 |
| Virencheck nach Virenbefall Ehm immer wenn OTL die Firefox Einstellungen scannt kommt vom Programm "Keine Rückmeldung" Geändert von Blackduster (09.04.2012 um 19:11 Uhr) |
09.04.2012, 19:11 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Probier es bitte im abgesicherten Modus aus
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2012, 19:45 | #13 |
| Virencheck nach Virenbefall Im abgesicherten Modus ist er abgestürzt |
09.04.2012, 19:46 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virencheck nach Virenbefall Dann mach ein normales OTL-Log Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
09.04.2012, 21:05 | #15 |
| Virencheck nach Virenbefall Sry Strom war nur leer -.- Code:
ATTFilter OTL logfile created on: 09.04.2012 21:21:46 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bauer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 80,07% Memory free 3,98 Gb Paging File | 3,75 Gb Available in Paging File | 94,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 9,88 Gb Free Space | 17,68% Space Free | Partition Type: NTFS Drive D: | 49,06 Gb Total Space | 26,21 Gb Free Space | 53,43% Space Free | Partition Type: NTFS Drive G: | 1,88 Gb Total Space | 1,88 Gb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: NOTEBOOK | User Name: ***** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (B-Service) -- C:\Users\Bauer\Downloads\B-Service.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\avgidsehx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH) DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH) DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG) DRV - (InCDrec) -- C:\Windows\System32\drivers\InCDrec.sys (Nero AG) DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (A_USBETHMP) -- C:\Windows\System32\drivers\usbethmp.sys (Intellon Corporation) DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/#" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.04.08 15:53:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.08 15:52:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.16 20:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.09 01:46:36 | 000,000,000 | ---D | M] [2008.09.05 22:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bauer\AppData\Roaming\mozilla\Extensions [2012.01.25 17:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bauer\AppData\Roaming\mozilla\Firefox\Profiles\9x5xnoar.default\extensions [2011.04.30 18:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bauer\AppData\Roaming\mozilla\Firefox\Profiles\9x5xnoar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.25 17:34:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bauer\AppData\Roaming\mozilla\Firefox\Profiles\9x5xnoar.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.04.07 14:53:09 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-1.xml [2009.08.05 10:45:39 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-10.xml [2009.09.11 22:35:57 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-11.xml [2009.10.29 07:17:15 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-12.xml [2009.12.20 11:45:26 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-13.xml [2010.01.08 12:10:00 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-14.xml [2008.12.17 13:26:08 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-2.xml [2009.02.07 15:09:50 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-3.xml [2009.03.06 07:14:33 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-4.xml [2009.03.29 14:55:31 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-5.xml [2009.04.24 06:26:10 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-6.xml [2009.04.28 19:57:15 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-7.xml [2009.06.12 12:47:56 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-8.xml [2009.07.23 19:47:47 | 000,000,950 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin-9.xml [2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Users\Bauer\AppData\Roaming\Mozilla\Firefox\Profiles\9x5xnoar.default\searchplugins\icqplugin.xml [2012.04.09 01:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.12.14 16:35:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.09 01:24:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.16 20:30:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.09 01:24:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2005.11.08 13:48:08 | 000,454,656 | ---- | M] (INNOVA-engineering GmbH Dresden) -- C:\Program Files\mozilla firefox\plugins\npirsviewer.dll [2012.03.16 20:30:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.02.10 20:42:31 | 000,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.03.16 20:30:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.16 20:30:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.16 20:30:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.16 20:30:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.16 20:30:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-1877079746-2264202069-1773246446-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0929A8F0-E873-4A54-BC86-664E29B50CCE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D359373-3EF0-4168-B286-158FF24806A7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1fd3a3ce-2b38-11de-b425-001d6007f610}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\remove.exe O33 - MountPoints2\{a10cf943-c4a2-11df-b504-001d6007f610}\Shell\AutoRun\command - "" = G:\installer.exe O33 - MountPoints2\{bcb7c604-0373-11de-8ee0-001d6007f610}\Shell\AutoRun\command - "" = H:\ImageTools.exe O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ImageTools.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Bauer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ch8l0.exe.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ALDI Foto Service - hkey= - key= - File not found MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe () MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe () MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - File not found MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - File not found MsConfig - StartUpReg: PowerForPhone - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RegistryBooster - hkey= - key= - File not found MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.04.09 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.04.09 01:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.04.08 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.04.08 17:15:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2012.04.08 15:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.04.08 15:51:44 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.04.08 15:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012.04.07 23:34:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.07 23:33:03 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.07 23:30:49 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.07 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.04.07 23:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.04.07 22:56:09 | 000,000,000 | ---D | C] -- C:\Users\Bauer\AppData\Local\CrashDumps [2012.04.07 14:52:58 | 000,000,000 | ---D | C] -- C:\Users\Bauer\AppData\Roaming\Malwarebytes [2012.04.07 14:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.07 14:25:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.04.07 11:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.04.07 11:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.04.06 23:42:30 | 000,000,000 | ---D | C] -- C:\Users\Bauer\AppData\Roaming\AVG2012 [2012.04.06 23:40:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.04.06 23:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.04.06 23:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.04.06 23:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.04.06 22:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.04.06 22:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.04.06 18:12:53 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.04.06 18:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.04.05 17:36:32 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.03.29 14:37:10 | 000,000,000 | ---D | C] -- C:\Users\Bauer\Desktop\Holzofen ========== Files - Modified Within 30 Days ========== [2012.04.09 21:18:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.09 21:16:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.04.09 21:15:54 | 000,048,175 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.04.09 21:15:34 | 000,048,175 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.04.09 21:15:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.09 21:15:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.09 21:15:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.09 21:15:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.09 19:28:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.09 18:31:42 | 094,259,061 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.04.08 18:14:20 | 000,416,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.08 18:09:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.04.08 18:07:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.04.08 17:25:39 | 000,025,651 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.04.08 15:53:42 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.04.06 18:12:53 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.04.04 10:09:18 | 000,687,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.04 10:09:18 | 000,127,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.04 10:09:18 | 000,121,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.04 10:09:18 | 000,015,394 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.03 13:00:01 | 001,025,272 | ---- | M] () -- C:\Users\Bauer\Desktop\Beihilfe.pdf [2012.04.02 19:23:14 | 000,000,924 | ---- | M] () -- C:\Users\Bauer\Desktop\Siggi Blitz Vorschule 2.lnk [2012.03.30 12:02:21 | 000,135,680 | ---- | M] () -- C:\Users\Bauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.15 14:26:11 | 000,014,206 | ---- | M] () -- C:\Users\Bauer\Documents\Ghfckghjcvl.dotx [2012.03.15 14:25:13 | 000,002,617 | ---- | M] () -- C:\Users\Bauer\Desktop\Microsoft Word 2010.lnk [2012.03.15 09:31:23 | 000,013,908 | ---- | M] () -- C:\Users\Bauer\Documents\Ljhjkghbewd.dotx [2012.03.15 09:29:21 | 000,012,684 | ---- | M] () -- C:\Users\Bauer\Documents\test.dotx [2012.03.15 09:26:44 | 000,012,682 | ---- | M] () -- C:\Users\Bauer\Desktop\aaaa.dotx ========== Files Created - No Company Name ========== [2012.04.09 21:15:18 | 000,003,839 | ---- | C] () -- C:\Windows\System32\drivers\GETPADD.sys [2012.04.09 18:31:42 | 094,259,061 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.04.08 18:09:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.04.08 18:07:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.04.08 17:25:39 | 000,025,651 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.04.08 17:07:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.04.08 17:07:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.04.08 17:07:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2012.04.08 15:53:42 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.04.06 18:45:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.04.04 10:06:06 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.02 19:23:14 | 000,000,924 | ---- | C] () -- C:\Users\Bauer\Desktop\Siggi Blitz Vorschule 2.lnk [2012.03.15 14:26:09 | 000,014,206 | ---- | C] () -- C:\Users\Bauer\Documents\Ghfckghjcvl.dotx [2012.03.15 09:31:22 | 000,013,908 | ---- | C] () -- C:\Users\Bauer\Documents\Ljhjkghbewd.dotx [2012.03.15 09:29:19 | 000,012,684 | ---- | C] () -- C:\Users\Bauer\Documents\test.dotx [2012.03.15 09:26:42 | 000,012,682 | ---- | C] () -- C:\Users\Bauer\Desktop\aaaa.dotx [2011.12.12 11:07:32 | 000,048,175 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.12.12 11:07:32 | 000,048,175 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.12.11 20:22:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.12.11 20:19:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.12.11 20:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2012.04.06 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\AVG2012 [2011.11.19 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Canon [2008.12.14 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ICQ [2010.06.28 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ifolor [2008.08.14 16:25:35 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\map&guide [2008.09.04 12:49:59 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ScanSoft [2011.09.08 18:45:34 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\SmartSurfer [2011.05.22 07:10:14 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Sony [2011.09.08 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\WEBDE [2012.04.09 21:16:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2007.12.29 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Adobe [2007.12.26 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\AdobeUM [2007.12.28 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Ahead [2010.09.19 14:23:01 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Apple Computer [2012.04.06 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\AVG2012 [2011.11.19 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Canon [2009.08.02 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Google [2008.12.14 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ICQ [2007.12.24 18:29:00 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Identities [2010.06.28 11:21:56 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ifolor [2007.12.26 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\InstallShield [2007.12.24 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Macromedia [2012.04.07 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Malwarebytes [2008.08.14 16:25:35 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\map&guide [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Media Center Programs [2011.10.31 11:05:16 | 000,000,000 | --SD | M] -- C:\Users\Bauer\AppData\Roaming\Microsoft [2008.02.21 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Microsoft Web Folders [2008.09.05 22:15:28 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Mozilla [2011.05.20 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\OpenOffice.org2 [2008.09.04 12:49:59 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\ScanSoft [2011.09.08 18:45:34 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\SmartSurfer [2011.05.22 07:10:14 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\Sony [2011.09.08 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Bauer\AppData\Roaming\WEBDE < %APPDATA%\*.exe /s > [2011.08.28 08:56:43 | 003,088,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Bauer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.08.18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\NVIDIA\nForceWinVista\15.23\IS\IDE\WinVista\sataraid\nvstor32.sys [2008.08.18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\NVIDIA\nForceWinVista\15.23\IS\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.09.13 07:16:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.09.13 07:16:20 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
Themen zu Virencheck nach Virenbefall |
avg, avira, canon, computer, cpu, defender, device driver, document, excel, fehler, firefox, flash player, fontcache, google earth, home, installation, internet, microsoft security, microsoft security essentials, mozilla, plug-in, registry, rundll, scan, security, senden, sicherheit, software, spyware, svchost.exe, system, usb 2.0, virenbefal, windows |