| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rundll32.exe und andere seltsame Prozesse, IE startet immer wieder mit leerer SeiteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.08.2012, 20:43
| #1 |
| |  rundll32.exe und andere seltsame Prozesse, IE startet immer wieder mit leerer Seite Hallo ihr (hoffentlich meine Helden in Spe), zunächste sage ich gleich vorweg: Ich bin ein totaler Depp was sowas hier angeht und versuche wirklich mein Bestes, wenn es darum geht alles möglichst exakt zu beschreiben. Nehmt mir bitte komische Umschreibungen nicht übel, wenn ich einen "Fachbegriff" nicht kenne. Ich fang mal ganz von vorne an, Mitte Juli hatte ich den BND Trojaner, habe den mithilfe eines Freundes entfernt und danach Malwarebytes drüber laufen lassen, es schien alles sauber zu sein, ich hatte weder seltsame Prozesse im Task Manager noch irgendwelche anderen Probleme. Vor ein paar Tagen fing mein Anti-Werbung Addon plötzlich an Werbeseiten nicht mehr zu blocken, wollte mich am Wochenende darum kümmern, doch gestern Nacht machte sich eine Werbeseite auf und Antivir schlug an, habe die Datei erst in Quarantäne verschoben, dann gelöscht. Dann habe ich nochmal Malewarebytes durchlaufen lassen, der fand vier verdächtige Dateien, die er als wenig gefährlich einstufte, die ich dann ebenfalls gelöscht habe. Habe noch nen Scan durchgeführt, es gab keine Funde. Dann habe ich sicherheitshalber nochmal Antivir scannen lassen (ich habe immer nur einen Scanner laufen lassen und das jeweils andere Programm dann beendet) und der piepte plötzlich wie verrückt los und fand einige Dateien, die ich wieder gelöscht habe, dann musst ich ins Bett. Als ich heute Abend den Rechner angemacht habe, öffnete sich der Internet Explorer immer mit einer leeren Seite (ich benutze auf dem Rechner schon immer standardmäßig Firefox). Habe angefangen zu googeln und alles was ich in Foren fand klang nach Malware. Ich muss dazu sagen, dass ich momentan total unter Stress stehe, ich muss für eine unglaublich wichtige Prüfung lernen und brauche den Rechner mitsamt Internet. Ich hab dann Antivir nochmal scannen lassen, während ich weiter Foren durchforstet habe. Habe dann im Task Manager nach verdächtigen Prozessen geguckt und fand auch z.B. rundll32.exe , die Prozesse lassen sich nicht beenden. Antivir lief dann schon 2 Stunden und hat sich immer wieder aufgehängt, dann hab ich auf Anraten eines Bekannten Adaware installiert und scannen lassen, der zeigte 4 verdächtige Funde und scannte auch 2 Stunden und kein Ende war in Sicht. Nun habe ich mich an die Anleitung hier im Forum gehalten und hänge die Log Dateien an. Ich hoffe, dass war jetzt nicht zu viel oder zu wenig Info und, dass ihr mir helfen könnt, es ist wirklich sau dringend, habe keinen anderen Rechner und auch niemanden wo ich mich grad hinterklemmen könnte. Vielen Dank schonmal für eure Hilfe! Liebe Grüße OTL logfile created on: 09.08.2012 20:25:51 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Leonie Herzog\Desktop\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 41,89% Memory free 6,20 Gb Paging File | 4,59 Gb Available in Paging File | 74,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 172,99 Gb Total Space | 26,20 Gb Free Space | 15,14% Space Free | Partition Type: NTFS Drive D: | 115,33 Gb Total Space | 51,76 Gb Free Space | 44,88% Space Free | Partition Type: NTFS Drive F: | 3,69 Gb Total Space | 2,75 Gb Free Space | 74,60% Space Free | Partition Type: FAT32 Computer Name: L***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.09 20:24:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Leonie Herzog\Desktop\Desktop\OTL.exe PRC - [2012.08.09 01:02:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.02 19:31:34 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe PRC - [2012.07.19 02:36:35 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.05.09 17:34:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 17:34:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 17:34:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.10.09 04:38:58 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.20 17:26:08 | 002,705,976 | ---- | M] (ASUSTek.) -- C:\Program Files\ASUS\Direct Console\Direct Console.exe PRC - [2008.08.12 10:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.15 12:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008.07.09 18:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.23 21:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.06.19 13:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.03 18:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.04.10 12:32:18 | 001,796,648 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2008.04.10 12:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.03.24 22:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files\ASUS\Direct Console\DCHelper.exe PRC - [2008.01.25 19:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe PRC - [2008.01.23 11:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.01.21 04:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe PRC - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 12:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.05 17:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 03:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.04.23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe PRC - [2007.04.11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE PRC - [2007.01.09 10:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe PRC - [2005.11.25 11:53:40 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe PRC - [2005.07.06 16:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.08.02 19:31:34 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012.07.19 02:36:35 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008.05.28 22:40:38 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\OLED.dll MOD - [2008.05.28 22:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\SysInfo.dll MOD - [2008.02.18 23:32:46 | 000,012,288 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\OvrClk.dll MOD - [2008.01.25 19:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe MOD - [2007.12.27 17:04:42 | 000,032,768 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\LED.dll MOD - [2007.12.11 17:07:28 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\OUTLOOK.dll MOD - [2007.12.07 16:32:02 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Direct Console\MSN.dll MOD - [2007.11.30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.06.15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll MOD - [2007.03.09 17:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll MOD - [2005.11.25 11:53:40 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe MOD - [2005.08.17 14:23:16 | 000,151,552 | ---- | M] () -- C:\Program Files\Razer\Copperhead\download.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.19 02:36:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.09 17:34:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 17:34:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2009.10.09 04:38:58 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 03:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.01 00:03:00 | 000,166,976 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.05.09 17:34:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 17:34:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips) DRV - [2011.12.16 17:53:28 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TVMonitor.sys -- (MonitorFunction) DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.06.16 11:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.06.07 12:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.08.27 06:32:18 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.08.27 06:32:18 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2010.08.27 06:32:18 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.08.27 06:32:18 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009.10.09 04:36:22 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.26 12:33:00 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm) DRV - [2009.08.26 12:33:00 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb) DRV - [2009.07.02 01:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.26 00:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.06.25 16:59:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.06.09 10:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.06.03 08:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 11:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.02.15 18:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.16 11:12:59 | 000,011,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Preload\Patch\AsProcOb.sys -- (ASUSProcObsrv) DRV - [2007.12.18 11:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.08.10 21:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.03 06:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 04:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 12:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.09 17:49:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.10 10:43:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.05 23:33:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.05.10 10:43:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.09 17:49:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.10 10:43:00 | 000,000,000 | ---D | M] [2010.12.08 17:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L***\AppData\Roaming\mozilla\Extensions [2010.12.08 17:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.09 18:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L***\AppData\Roaming\mozilla\Firefox\Profiles\boaymgwy.default\extensions [2010.12.10 01:17:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\L***\AppData\Roaming\mozilla\Firefox\Profiles\boaymgwy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.09 17:49:20 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\L***\AppData\Roaming\mozilla\Firefox\Profiles\boaymgwy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.08.09 17:49:22 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\L***\AppData\Roaming\mozilla\Firefox\Profiles\boaymgwy.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.01.18 01:33:47 | 000,000,933 | ---- | M] () -- C:\Users\L***\AppData\Roaming\Mozilla\Firefox\Profiles\boaymgwy.default\searchplugins\11-suche.xml [2012.01.18 01:33:47 | 000,002,419 | ---- | M] () -- C:\Users\L***\AppData\Roaming\Mozilla\Firefox\Profiles\boaymgwy.default\searchplugins\englische-ergebnisse.xml [2012.01.18 01:33:47 | 000,010,525 | ---- | M] () -- C:\Users\L***\AppData\Roaming\Mozilla\Firefox\Profiles\boaymgwy.default\searchplugins\gmx-suche.xml [2012.01.18 01:33:47 | 000,002,457 | ---- | M] () -- C:\Users\L***\AppData\Roaming\Mozilla\Firefox\Profiles\boaymgwy.default\searchplugins\lastminute.xml [2012.01.18 01:33:47 | 000,005,508 | ---- | M] () -- C:\Users\L***\AppData\Roaming\Mozilla\Firefox\Profiles\boaymgwy.default\searchplugins\webde-suche.xml [2012.03.18 15:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.02.28 15:26:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.19 02:36:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.03 09:37:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.18 15:17:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.18 15:17:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.18 15:17:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.18 15:17:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.18 15:17:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.18 15:17:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\L***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\L***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\L***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [DirectConsole2] C:\Program Files\ASUS\Direct Console\Direct Console.exe (ASUSTek.) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [LicenseValidator] C:\Users\L***\AppData\Roaming\Identities\{12F3D2F6-6A84-4891-92FB-D35158947B02}\LicenseValidator.exe (Saa@*Inc©) O4 - Startup: C:\Users\L**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54CA9F7E-3244-43ED-8BA2-3D9E50E9027A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73CB5447-FC6B-4ECF-A41D-873802F7EFA5}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.09 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\L***\Desktop\Desktop [2012.08.09 17:51:08 | 000,000,000 | ---D | C] -- C:\Users\L***\AppData\Local\adaware [2012.08.09 17:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.08.09 17:50:13 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys [2012.08.09 17:50:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD [2012.08.09 17:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.08.09 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.08.09 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\L***\AppData\Local\adawarebp [2012.08.09 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.08.09 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2012.08.09 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2012.08.09 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\L***\AppData\Roaming\Ad-Aware Antivirus [2012.08.09 01:48:28 | 000,000,000 | ---D | C] -- C:\Users\L***\AppData\Roaming\Help [2012.07.21 03:52:38 | 000,000,000 | ---D | C] -- C:\Users\L***\AppData\Roaming\Malwarebytes [2012.07.21 03:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.21 03:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.21 03:52:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.21 03:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.20 21:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\xjlpgcfohwiknmx ========== Files - Modified Within 30 Days ========== [2012.08.09 20:22:19 | 000,000,000 | ---- | M] () -- C:\Users\L***\defogger_reenable [2012.08.09 19:55:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.09 19:55:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.09 17:56:24 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.08.09 17:55:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.08.09 17:55:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.09 17:54:55 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2012.08.09 17:54:03 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.09 00:05:16 | 000,043,303 | ---- | M] () -- C:\Users\L***\Documents\Einwilligungserklaerung.pdf [2012.08.06 22:15:59 | 000,019,410 | ---- | M] () -- C:\Users\L***\Documents\nachteilsausgleich.odt [2012.08.06 22:15:59 | 000,000,143 | -H-- | M] () -- C:\Users\L***\Documents\.~lock.nachteilsausgleich.odt# [2012.08.02 19:46:31 | 000,023,470 | ---- | M] () -- C:\Users\L***\Documents\zahn%2030.07.%20unterhalt%20mahnung2.odt_0.odt [2012.08.02 19:14:14 | 353,098,932 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.01 18:25:34 | 000,023,447 | ---- | M] () -- C:\Users\L***\Documents\zahn 30.07. unterhalt mahnung2.odt [2012.08.01 18:25:29 | 000,000,143 | -H-- | M] () -- C:\Users\L***\Documents\.~lock.zahn 30.07. unterhalt mahnung2.odt# [2012.07.30 03:49:06 | 000,021,977 | ---- | M] () -- C:\Users\L***\Documents\zahn 30.07. unterhalt mahnung.odt [2012.07.21 04:28:44 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 21:50:46 | 000,000,051 | ---- | M] () -- C:\ProgramData\abhgvhdtzjrlmnf [2012.07.18 10:38:32 | 000,001,356 | ---- | M] () -- C:\Users\L***\AppData\Local\d3d9caps.dat [2012.07.17 03:28:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.17 03:28:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.17 03:28:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.17 03:28:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.13 06:40:15 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.09 20:22:19 | 000,000,000 | ---- | C] () -- C:\Users\L***\defogger_reenable [2012.08.09 17:51:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.08.09 06:07:54 | 000,023,470 | ---- | C] () -- C:\Users\L***\Documents\zahn%2030.07.%20unterhalt%20mahnung2.odt_0.odt [2012.08.09 00:05:16 | 000,043,303 | ---- | C] () -- C:\Users\L***\Documents\Einwilligungserklaerung.pdf [2012.08.06 19:26:02 | 000,000,143 | -H-- | C] () -- C:\Users\L***\Documents\.~lock.nachteilsausgleich.odt# [2012.08.06 19:26:01 | 000,019,410 | ---- | C] () -- C:\Users\L***\Documents\nachteilsausgleich.odt [2012.07.30 19:29:53 | 000,023,447 | ---- | C] () -- C:\Users\L***\Documents\zahn 30.07. unterhalt mahnung2.odt [2012.07.30 19:29:53 | 000,000,143 | -H-- | C] () -- C:\Users\L***\Documents\.~lock.zahn 30.07. unterhalt mahnung2.odt# [2012.07.30 03:31:54 | 000,021,977 | ---- | C] () -- C:\Users\L***\Documents\zahn 30.07. unterhalt mahnung.odt [2012.07.21 03:52:33 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 22:26:49 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys [2012.07.20 21:50:41 | 000,000,051 | ---- | C] () -- C:\ProgramData\abhgvhdtzjrlmnf [2011.06.07 12:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 12:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 12:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 12:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 12:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2010.12.27 21:52:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.27 21:52:27 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.25 09:32:22 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.23 23:08:45 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2010.12.23 22:16:46 | 000,000,466 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.12.23 22:16:46 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.12.09 22:51:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.09 22:51:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.12.06 09:24:57 | 000,040,960 | ---- | C] () -- C:\Users\L***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.16 12:59:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.11.09 06:00:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.11.09 04:15:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.11.09 04:06:33 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.11.09 04:06:33 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.11.09 03:30:57 | 000,001,356 | ---- | C] () -- C:\Users\L***\AppData\Local\d3d9caps.dat [2010.11.08 12:13:04 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2010.11.08 11:19:20 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.08.08 15:48:20 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== LOP Check ========== [2012.06.01 02:21:57 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\.minecraft [2012.08.09 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Ad-Aware Antivirus [2011.02.22 02:10:32 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Amazon [2012.06.01 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\GHISLER [2011.01.19 14:26:17 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\OpenOffice.org [2011.05.11 08:51:36 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Opera [2011.10.05 23:11:26 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Panda Security [2010.12.27 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\PC Suite [2011.12.31 04:30:16 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Samsung [2012.08.09 01:44:20 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\TeamViewer [2010.12.08 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\Thunderbird [2010.12.08 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\L***\AppData\Roaming\TS3Client [2012.08.09 17:54:03 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu rundll32.exe und andere seltsame Prozesse, IE startet immer wieder mit leerer Seite |
| ad-aware, antivir, antivirus, avira, bho, desktop, dringend, firefox, google, home, homepage, internet, internet explorer, logfile, mozilla, object, plug-in, programm, realtek, registry, scan, security, software, trojaner, vista |
Baum-Darstellung