| |
| |||||||
Log-Analyse und Auswertung: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.08.2010, 12:13
| #1 |
| |  Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Wenn ich am mein PC den LAN steker anschließe und mit dem Internet verbunden bin, kommt die Meldung ''Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet'' Danach stürzt mein PC ab und startet neu, bis ich dann den Lan Stecker entferne danach arbeitet mein PC ganz normal. Antvir hat keine Viren oder sonst was gefunden. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:50:14, on 16.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Users\admin\Desktop\HiJackThis204.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{084DA353-8EB8-4C57-84EE-4A1C77CED7FB}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2452D7-3964-4912-A7A8-CEF63B7A6AF3}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{508CB5FA-6E3D-44D9-BDDB-8DB352443696}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{907135F0-13CF-4C04-87CB-840CE10F570A}: NameServer = 193.189.244.225 193.189.244.206 -- End of file - 4254 bytes |
|
16.08.2010, 12:19
| #2 |
| /// Malware-holic   | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet das ist doch niemals dein ganzes HijackThis log...
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs |
|
16.08.2010, 13:32
| #3 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Ich bin Grade nicht am PC, so in ca. 1 Stunde poste ich den log.
__________________Vielen Dank für die Hilfe. |
|
16.08.2010, 13:45
| #4 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet keine eile :-) |
|
16.08.2010, 16:06
| #5 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.08.2010 16:35:44 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 10,85 Gb Free Space | 37,04% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 65,54 Gb Free Space | 67,12% Space Free | Partition Type: NTFS Drive E: | 31,48 Gb Total Space | 31,39 Gb Free Space | 99,72% Space Free | Partition Type: NTFS Drive F: | 214,18 Gb Total Space | 130,95 Gb Free Space | 61,14% Space Free | Partition Type: NTFS Drive G: | 2,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 1,91 Gb Total Space | 0,29 Gb Free Space | 15,15% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: ADMIN-PC Current User Name: admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) ========== Driver Services (SafeList) ========== DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys () DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programme\4shared.com\tb4sha.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703 IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programme\4shared.com\tb4sha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "4shared Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "4shared Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13" FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 03:05:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 03:05:45 | 000,000,000 | ---D | M] [2010.06.29 00:07:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2010.08.13 03:07:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions [2010.08.13 03:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2010.07.22 21:33:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.29 00:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.29 00:27:17 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.06.29 00:11:20 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.06.29 00:11:37 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.08.02 01:07:53 | 000,000,897 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\FireFox\Profiles\4avz4ok2.default\searchplugins\conduit.xml [2010.07.22 21:30:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.22 21:30:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 03:07:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.07.22 21:29:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.29 03:05:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.29 03:05:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.29 03:05:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.29 03:05:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.29 03:05:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programme\4shared.com\tb4sha.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programme\4shared.com\tb4sha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Programme\4shared.com\tb4sha.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-64449324-1304800748-1401606225-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKU\S-1-5-21-64449324-1304800748-1401606225-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.222 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.14 13:08:11 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3047d445-852f-11df-8746-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{3047d445-852f-11df-8746-001e101f8ed0}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{36e9886f-76be-11df-93b6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{36e9886f-76be-11df-93b6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{38fe2a5c-8b42-11df-a902-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{38fe2a5c-8b42-11df-a902-001e101f1f81}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O33 - MountPoints2\{55f15954-97e2-11df-a7ec-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{55f15954-97e2-11df-a7ec-001e101f2c0e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{c87b92f8-82a8-11df-bf3f-000c6e52f9b1}\Shell - "" = AutoRun O33 - MountPoints2\{c87b92f8-82a8-11df-bf3f-000c6e52f9b1}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{c87b9309-82a8-11df-bf3f-000c6e52f9b1}\Shell - "" = AutoRun O33 - MountPoints2\{c87b9309-82a8-11df-bf3f-000c6e52f9b1}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{e0434b4d-8453-11df-bae4-000c6e52f9b1}\Shell - "" = AutoRun O33 - MountPoints2\{e0434b4d-8453-11df-bae4-000c6e52f9b1}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: 4shared Desktop - hkey= - key= - C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) MsConfig - StartUpReg: cwvtrryk - hkey= - key= - C:\Users\admin\AppData\Local\ycgmithvf\snsvgpttssd.exe File not found MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: {70B5C40F-698D-367E-D9A7-B499BD0AB281} - hkey= - key= - C:\Users\admin\AppData\Roaming\Ynsue\supoy.exe File not found MsConfig - State: "startup" - 1 MsConfig - State: "services" - 1 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - USP10 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 16:33:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe [2010.08.16 13:17:33 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups [2010.08.16 12:44:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe [2010.08.16 11:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira [2010.08.16 11:28:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.16 11:28:18 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.16 11:28:18 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.16 11:28:18 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.16 11:28:18 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.16 11:28:17 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.16 11:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.16 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2010.08.16 10:44:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.16 10:44:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.16 10:44:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 10:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.16 10:44:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam146-setup.exe [2010.08.10 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neuer Ordner [2010.08.10 11:27:01 | 000,000,000 | ---D | C] -- C:\Programme\Neuer Ordner [2010.08.10 11:17:44 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.08.10 11:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.08.07 03:27:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ycgmithvf [2010.08.05 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Tiop [2010.08.03 16:54:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.08.03 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple [2010.08.03 16:54:07 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.08.03 16:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.08.02 00:46:02 | 000,000,000 | ---D | C] -- C:\Programme\4shared.com [2010.08.02 00:46:00 | 000,000,000 | ---D | C] -- C:\Programme\4shared Desktop [2010.07.28 02:42:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.07.22 21:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.07.22 21:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.07.22 21:30:05 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.07.22 21:30:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.22 21:30:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.22 21:30:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.22 21:29:52 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.06.14 19:24:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\admin\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2010.08.16 16:37:10 | 000,783,360 | ---- | M] () -- C:\Windows\System32\drivers\fvzvwde.sys [2010.08.16 16:34:40 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.16 16:34:40 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.16 16:34:40 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.16 16:34:40 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.16 16:34:40 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.16 16:30:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.16 16:30:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.16 16:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.16 16:29:54 | 1609,670,656 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 16:28:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe [2010.08.16 13:37:26 | 000,018,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 13:37:26 | 000,018,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 13:29:16 | 001,572,864 | -HS- | M] () -- C:\Users\admin\ntuser.dat [2010.08.16 13:26:32 | 001,518,724 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db [2010.08.16 12:51:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.16 12:39:44 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.08.16 12:39:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2010.08.16 11:28:31 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.16 10:44:26 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.16 10:41:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam146-setup.exe [2010.08.16 10:31:42 | 044,151,368 | ---- | M] () -- C:\Users\admin\Desktop\avira_antivir_personal_de1000567.exe [2010.08.16 10:26:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HiJackThis204.exe [2010.08.13 14:05:28 | 132,250,539 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.12 19:23:08 | 000,604,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 17:11:05 | 000,524,288 | -HS- | M] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TMContainer00000000000000000002.regtrans-ms [2010.08.12 17:11:05 | 000,524,288 | -HS- | M] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TMContainer00000000000000000001.regtrans-ms [2010.08.12 17:11:05 | 000,065,536 | -HS- | M] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TM.blf [2010.08.10 16:40:32 | 001,911,568 | ---- | M] () -- C:\Users\admin\Desktop\VTS_01_1.mpg.sfk0 [2010.08.10 16:40:04 | 593,905,664 | ---- | M] () -- C:\Users\admin\Desktop\VTS_01_1.mpg [2010.08.07 03:28:30 | 000,783,360 | ---- | M] () -- C:\Windows\System32\drivers\1394ohci.sys [2010.07.29 03:33:04 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TMContainer00000000000000000002.regtrans-ms [2010.07.29 03:33:04 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TMContainer00000000000000000001.regtrans-ms [2010.07.29 03:33:04 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TM.blf [2010.07.22 21:29:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.07.22 21:29:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.22 21:29:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.22 21:29:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files Created - No Company Name ========== [2010.08.16 12:37:29 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.08.16 12:37:29 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2010.08.16 11:28:31 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.16 11:27:12 | 044,151,368 | ---- | C] () -- C:\Users\admin\Desktop\avira_antivir_personal_de1000567.exe [2010.08.16 10:44:26 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.12 20:01:07 | 132,250,539 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.08.12 17:09:39 | 000,524,288 | -HS- | C] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TMContainer00000000000000000002.regtrans-ms [2010.08.12 17:09:39 | 000,524,288 | -HS- | C] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TMContainer00000000000000000001.regtrans-ms [2010.08.12 17:09:39 | 000,065,536 | -HS- | C] () -- C:\Users\admin\ntuser.dat{8ef25dbf-a623-11df-8bf1-000c6e52f9b1}.TM.blf [2010.08.10 16:40:32 | 001,911,568 | ---- | C] () -- C:\Users\admin\Desktop\VTS_01_1.mpg.sfk0 [2010.08.10 16:26:35 | 593,905,664 | ---- | C] () -- C:\Users\admin\Desktop\VTS_01_1.mpg [2010.08.07 03:28:35 | 000,783,360 | ---- | C] () -- C:\Windows\System32\drivers\fvzvwde.sys [2010.07.28 13:22:47 | 000,524,288 | -HS- | C] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TMContainer00000000000000000002.regtrans-ms [2010.07.28 13:22:47 | 000,524,288 | -HS- | C] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TMContainer00000000000000000001.regtrans-ms [2010.07.28 13:22:47 | 000,065,536 | -HS- | C] () -- C:\Users\admin\NTUSER.DAT{67324012-9a3a-11df-b711-000c6e52f9b1}.TM.blf [2010.06.14 19:24:00 | 000,081,920 | ---- | C] () -- C:\Users\admin\AppData\Roaming\ezpinst.exe [2010.06.14 19:24:00 | 000,007,176 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.cat [2010.06.14 19:24:00 | 000,001,144 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.inf [2010.06.14 19:24:00 | 000,000,034 | ---- | C] () -- C:\Users\admin\AppData\Roaming\pcouffin.log [2009.07.14 01:52:00 | 000,783,360 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.06.29 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.05 19:15:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers [2010.06.14 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony [2010.06.14 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer [2010.08.12 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Tiop [2010.06.14 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vso [2010.08.12 21:04:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ynsue [2009.07.14 06:53:46 | 000,027,340 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.03 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe [2010.08.16 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avira [2010.08.02 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\dvdcss [2010.06.29 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.29 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Google [2010.06.13 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities [2010.06.29 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia [2010.08.16 10:44:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2009.07.14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs [2010.06.21 15:58:21 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft [2010.06.29 00:07:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla [2010.08.05 19:15:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Publish Providers [2010.06.14 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sony [2010.06.14 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer [2010.08.12 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Tiop [2010.08.13 03:07:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\vlc [2010.06.14 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vso [2010.08.12 21:04:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ynsue < %APPDATA%\*.exe /s > [2010.06.14 19:24:01 | 000,081,920 | ---- | M] () -- C:\Users\admin\AppData\Roaming\ezpinst.exe [2010.07.03 22:58:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.16 16:42:34 | 000,783,360 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\fvzvwde.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.08.2010 16:35:44 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 10,85 Gb Free Space | 37,04% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 65,54 Gb Free Space | 67,12% Space Free | Partition Type: NTFS
Drive E: | 31,48 Gb Total Space | 31,39 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
Drive F: | 214,18 Gb Total Space | 130,95 Gb Free Space | 61,14% Space Free | Partition Type: NTFS
Drive G: | 2,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 1,91 Gb Total Space | 0,29 Gb Free Space | 15,15% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-64449324-1304800748-1401606225-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C58B373-A9A2-11D4-B9E9-00A0247A7D91}" = Borna IPT 5
"{655CD886-3B90-4E4D-B314-92BDA9B08C86}" = Vegas Movie Studio HD 9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98B6724-0F00-4884-BCA0-F2E61146EA33}" = LeoMoon Persian TTT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"4shared Desktop" = 4shared Desktop
"4shared.com Toolbar" = 4shared.com Toolbar
"4Videosoft Video Converter Platinum_is1" = 4Videosoft Video Converter Platinum
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"RealVNC_is1" = VNC Free Edition 4.1.3
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Convert Premier_is1" = Video Convert Premier Trial Version (English) 8.0.5.20
"VLC media player" = VLC media player 1.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2010 06:25:17 | Computer Name = admin-PC | Source = Avira AntiVir | ID = 4111
Description = Beim Aufruf der Service Control Managers des Betriebssystems trat
ein Fehler auf. Der Grund hierfür könnte zu wenig Hauptspeicher oder ein anderer
Systemfehler sein. Fehlercode:
Error - 16.08.2010 06:25:15 | Computer Name = admin-PC | Source = Microsoft-Windows-EFS | ID = 4376
Description = Der EFS-Dienst konnte nicht gestartet werden. Fehlercode: 0x800706be.
Error - 16.08.2010 06:28:03 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b9ff41 ID des fehlerhaften
Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01cb3d2d96af7076 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: f30edba6-a920-11df-93e4-000c6e52f9b1
Error - 16.08.2010 06:30:50 | Computer Name = admin-PC | Source = Avira AntiVir | ID = 4111
Description = Beim Aufruf der Service Control Managers des Betriebssystems trat
ein Fehler auf. Der Grund hierfür könnte zu wenig Hauptspeicher oder ein anderer
Systemfehler sein. Fehlercode: 0x6be
Error - 16.08.2010 06:30:50 | Computer Name = admin-PC | Source = Avira AntiVir | ID = 4111
Description = Beim Aufruf der Service Control Managers des Betriebssystems trat
ein Fehler auf. Der Grund hierfür könnte zu wenig Hauptspeicher oder ein anderer
Systemfehler sein. Fehlercode: 0x6ba
Error - 16.08.2010 06:30:50 | Computer Name = admin-PC | Source = AntiVirService | ID = 0
Description =
Error - 16.08.2010 06:30:50 | Computer Name = admin-PC | Source = Avira AntiVir | ID = 4111
Description = Beim Aufruf der Service Control Managers des Betriebssystems trat
ein Fehler auf. Der Grund hierfür könnte zu wenig Hauptspeicher oder ein anderer
Systemfehler sein. Fehlercode:
Error - 16.08.2010 06:30:50 | Computer Name = admin-PC | Source = Microsoft-Windows-EFS | ID = 4376
Description = Der EFS-Dienst konnte nicht gestartet werden. Fehlercode: 0x800706be.
Error - 16.08.2010 06:41:44 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00e7ff41 ID des fehlerhaften
Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01cb3d2ebd944c56 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: dc8a98c7-a922-11df-aa84-000c6e52f9b1
Error - 16.08.2010 07:28:12 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0100ff41 ID des fehlerhaften
Prozesses: 0x1e8 Startzeit der fehlerhaften Anwendung: 0x01cb3d3600fe24d8 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 59ea5eed-a929-11df-a495-000c6e52f9b1
[ Media Center Events ]
Error - 07.08.2010 10:42:48 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 16:42:48 - Fehler beim Herstellen der Internetverbindung. 16:42:48
- Serververbindung konnte nicht hergestellt werden..
Error - 07.08.2010 10:42:55 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 16:42:53 - Fehler beim Herstellen der Internetverbindung. 16:42:53
- Serververbindung konnte nicht hergestellt werden..
Error - 10.08.2010 04:56:46 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 10:56:46 - Fehler beim Herstellen der Internetverbindung. 10:56:46
- Serververbindung konnte nicht hergestellt werden..
Error - 10.08.2010 04:56:57 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 10:56:51 - Fehler beim Herstellen der Internetverbindung. 10:56:51
- Serververbindung konnte nicht hergestellt werden..
Error - 10.08.2010 05:57:11 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 11:57:11 - Fehler beim Herstellen der Internetverbindung. 11:57:11
- Serververbindung konnte nicht hergestellt werden..
Error - 10.08.2010 05:57:25 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 11:57:16 - Fehler beim Herstellen der Internetverbindung. 11:57:16
- Serververbindung konnte nicht hergestellt werden..
Error - 16.08.2010 04:07:32 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 10:07:32 - Fehler beim Herstellen der Internetverbindung. 10:07:32
- Serververbindung konnte nicht hergestellt werden..
Error - 16.08.2010 04:07:45 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 10:07:38 - Fehler beim Herstellen der Internetverbindung. 10:07:38
- Serververbindung konnte nicht hergestellt werden..
Error - 16.08.2010 05:07:53 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 11:07:53 - Fehler beim Herstellen der Internetverbindung. 11:07:53
- Serververbindung konnte nicht hergestellt werden..
Error - 16.08.2010 05:08:02 | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 11:07:59 - Fehler beim Herstellen der Internetverbindung. 11:07:59
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.08.2010 06:43:50 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?08.?2010 um 12:41:15 unerwartet heruntergefahren.
Error - 16.08.2010 06:43:29 | Computer Name = admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 16.08.2010 06:50:25 | Computer Name = admin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 16.08.2010 06:50:32 | Computer Name = admin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 16.08.2010 07:27:19 | Computer Name = admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 16.08.2010 07:28:19 | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description =
Error - 16.08.2010 07:30:12 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?08.?2010 um 13:27:29 unerwartet heruntergefahren.
Error - 16.08.2010 07:30:02 | Computer Name = admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 16.08.2010 10:30:00 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?08.?2010 um 13:38:02 unerwartet heruntergefahren.
Error - 16.08.2010 10:29:51 | Computer Name = admin-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
|
|
16.08.2010, 16:07
| #6 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
16.08.2010, 16:34
| #7 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Combofix Logfile: Code:
ATTFilter ComboFix 10-08-15.04 - admin 16.08.2010 17:19:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2047.1495 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-16 bis 2010-08-16 ))))))))))))))))))))))))))))))
.
2010-08-16 15:25 . 2010-08-16 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 09:29 . 2010-08-16 09:29 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2010-08-16 09:28 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-16 09:28 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-16 09:28 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-16 09:28 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-16 09:28 . 2010-08-16 09:28 -------- d-----w- c:\programdata\Avira
2010-08-16 09:28 . 2010-08-16 09:28 -------- d-----w- c:\program files\Avira
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-08-16 08:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 08:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 09:27 . 2010-08-10 09:27 -------- d-----w- c:\program files\Neuer Ordner
2010-08-10 09:17 . 2010-08-12 14:45 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-10 09:17 . 2010-08-10 09:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-07 01:27 . 2010-08-12 19:03 -------- d-----w- c:\users\admin\AppData\Local\ycgmithvf
2010-08-04 22:56 . 2010-08-12 15:12 -------- d-----w- c:\users\admin\AppData\Roaming\Tiop
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\users\admin\AppData\Local\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\programdata\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Apple Software Update
2010-08-01 22:46 . 2010-08-13 01:07 -------- d-----w- c:\program files\4shared.com
2010-08-01 22:46 . 2010-04-21 09:06 52224 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
2010-08-01 22:46 . 2010-04-21 09:06 101376 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll
2010-08-01 22:46 . 2010-08-13 01:07 -------- d-----w- c:\program files\4shared Desktop
2010-07-22 19:34 . 2010-07-22 19:34 -------- d-----w- c:\program files\Common Files\Java
2010-07-22 19:30 . 2010-07-22 19:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 19:29 . 2010-07-22 19:29 -------- d-----w- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 14:34 . 2009-08-06 21:59 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-08-16 14:34 . 2009-08-06 21:59 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-08-13 01:07 . 2010-06-14 17:35 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2010-08-12 19:04 . 2010-07-01 16:42 -------- d-----w- c:\users\admin\AppData\Roaming\Ynsue
2010-08-07 01:43 . 2010-06-28 22:11 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-08-07 01:40 . 2010-06-28 22:11 -------- d-----w- c:\program files\softonic-de3
2010-08-07 01:28 . 2009-07-13 23:52 783360 ----a-w- c:\windows\system32\drivers\1394ohci.sys
2010-08-06 12:05 . 2010-07-04 11:06 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-08-06 11:17 . 2010-07-04 10:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-06 11:17 . 2010-07-06 11:11 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-05 17:15 . 2010-06-14 17:20 -------- d-----w- c:\users\admin\AppData\Roaming\Publish Providers
2010-08-02 13:32 . 2010-06-30 00:05 -------- d-----w- c:\users\admin\AppData\Roaming\dvdcss
2010-08-02 08:22 . 2010-07-06 11:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-08-02 08:22 . 2010-07-06 11:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-08-02 08:22 . 2010-07-04 10:55 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-07 00:46 . 2010-06-28 22:01 -------- d-----w- c:\program files\Google
2010-07-07 00:44 . 2010-07-07 00:44 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7792.tmp.exe
2010-07-03 20:59 . 2010-07-03 20:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-03 20:58 . 2010-07-03 20:59 53632 ----a-w- c:\users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-03 20:58 . 2010-07-03 20:59 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-28 22:23 . 2010-06-28 22:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 22:11 . 2010-06-28 22:11 52224 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-06-28 22:11 . 2010-06-28 22:11 101376 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\Conduit
2010-06-28 21:54 . 2010-06-28 21:49 -------- d-----w- c:\program files\Mobile Partner
2010-06-17 17:30 . 2010-06-13 14:05 236872 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 17:24 . 2010-06-14 17:24 81920 ----a-w- c:\users\admin\AppData\Roaming\ezpinst.exe
2010-06-14 17:24 . 2010-06-14 17:24 81920 ----a-w- c:\users\admin\AppData\Roaming\ezpinst.exe
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
2010-06-13 07:39 . 2010-06-13 07:39 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-06-13 07:39 . 2010-06-13 07:39 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-21 12:14 . 2010-06-14 15:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2010-05-20 13:35 2675296 ----a-w- c:\program files\4shared.com\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop]
2010-07-02 12:41 3544064 ----a-w- c:\program files\4shared Desktop\desktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 09:28 282792 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-28 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 135664]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - fvzvwde
.
Inhalt des "geplante Tasks" Ordners
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:46]
2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {084DA353-8EB8-4C57-84EE-4A1C77CED7FB} = 193.189.244.225 193.189.244.206
TCP: {0A2452D7-3964-4912-A7A8-CEF63B7A6AF3} = 193.189.244.225 193.189.244.206
TCP: {508CB5FA-6E3D-44D9-BDDB-8DB352443696} = 193.189.244.225 193.189.244.206
TCP: {907135F0-13CF-4C04-87CB-840CE10F570A} = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 4shared Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-cwvtrryk - c:\users\admin\AppData\Local\ycgmithvf\snsvgpttssd.exe
MSConfigStartUp-{70B5C40F-698D-367E-D9A7-B499BD0AB281} - c:\users\admin\AppData\Roaming\Ynsue\supoy.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvzvwde]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-16 17:28:34
ComboFix-quarantined-files.txt 2010-08-16 15:28
Vor Suchlauf: 5 Verzeichnis(se), 11.583.488.000 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 13.257.363.456 Bytes frei
- - End Of File - - 08B593810973F9D5DC0681C7EFB2C2C7
|
|
17.08.2010, 10:05
| #8 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Hier noch Screenshot von der Meldung.  Eine Idee was das sein könnte. |
|
17.08.2010, 10:17
| #9 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet start programme zubehör editor, kopiere rein: Killall:: Rootkit:: c:\windows\system32\drivers\fvzvwde.sys Driver:: fvzvwde Registry:: [-HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvzvwde] Datei speichern unter, typ alle dateien, name cfscript.txt speicherort, dort wo sich ombofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten. |
|
17.08.2010, 10:36
| #10 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Combofix Logfile: Code:
ATTFilter ComboFix 10-08-15.04 - admin 17.08.2010 11:24:20.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2047.1483 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\admin\Desktop\cfscript.txt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FVZVWDE
-------\Service_fvzvwde
((((((((((((((((((((((( Dateien erstellt von 2010-07-17 bis 2010-08-17 ))))))))))))))))))))))))))))))
.
2010-08-17 09:30 . 2010-08-17 09:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 09:30 . 2010-08-17 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 08:54 . 2010-08-17 08:54 -------- d-----w- c:\users\Konto
2010-08-16 09:29 . 2010-08-16 09:29 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2010-08-16 09:28 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-16 09:28 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-16 09:28 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-16 09:28 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-16 09:28 . 2010-08-16 09:28 -------- d-----w- c:\programdata\Avira
2010-08-16 09:28 . 2010-08-16 09:28 -------- d-----w- c:\program files\Avira
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-08-16 08:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 08:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 09:27 . 2010-08-10 09:27 -------- d-----w- c:\program files\Neuer Ordner
2010-08-10 09:17 . 2010-08-12 14:45 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-10 09:17 . 2010-08-10 09:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-07 01:28 . 2010-08-17 09:31 783360 ----a-w- c:\windows\system32\drivers\fvzvwde.sys
2010-08-07 01:27 . 2010-08-12 19:03 -------- d-----w- c:\users\admin\AppData\Local\ycgmithvf
2010-08-04 22:56 . 2010-08-12 15:12 -------- d-----w- c:\users\admin\AppData\Roaming\Tiop
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\users\admin\AppData\Local\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\programdata\Apple
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Apple Software Update
2010-08-01 22:46 . 2010-08-13 01:07 -------- d-----w- c:\program files\4shared.com
2010-08-01 22:46 . 2010-04-21 09:06 52224 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
2010-08-01 22:46 . 2010-04-21 09:06 101376 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll
2010-08-01 22:46 . 2010-08-13 01:07 -------- d-----w- c:\program files\4shared Desktop
2010-07-22 19:34 . 2010-07-22 19:34 -------- d-----w- c:\program files\Common Files\Java
2010-07-22 19:30 . 2010-07-22 19:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 19:29 . 2010-07-22 19:29 -------- d-----w- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 09:24 . 2009-08-06 21:59 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-08-17 09:24 . 2009-08-06 21:59 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-08-13 01:07 . 2010-06-14 17:35 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2010-08-12 19:04 . 2010-07-01 16:42 -------- d-----w- c:\users\admin\AppData\Roaming\Ynsue
2010-08-07 01:43 . 2010-06-28 22:11 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-08-07 01:40 . 2010-06-28 22:11 -------- d-----w- c:\program files\softonic-de3
2010-08-07 01:28 . 2009-07-13 23:52 783360 ----a-w- c:\windows\system32\drivers\1394ohci.sys
2010-08-06 12:05 . 2010-07-04 11:06 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-08-06 11:17 . 2010-07-04 10:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-06 11:17 . 2010-07-06 11:11 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-05 17:15 . 2010-06-14 17:20 -------- d-----w- c:\users\admin\AppData\Roaming\Publish Providers
2010-08-02 13:32 . 2010-06-30 00:05 -------- d-----w- c:\users\admin\AppData\Roaming\dvdcss
2010-08-02 08:22 . 2010-07-06 11:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-08-02 08:22 . 2010-07-06 11:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-08-02 08:22 . 2010-07-04 10:55 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-07 00:46 . 2010-06-28 22:01 -------- d-----w- c:\program files\Google
2010-07-07 00:44 . 2010-07-07 00:44 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7792.tmp.exe
2010-07-03 20:59 . 2010-07-03 20:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-03 20:58 . 2010-07-03 20:59 53632 ----a-w- c:\users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-03 20:58 . 2010-07-03 20:59 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-28 22:23 . 2010-06-28 22:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-28 22:11 . 2010-06-28 22:11 52224 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-06-28 22:11 . 2010-06-28 22:11 101376 ----a-w- c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-28 22:11 . 2010-06-28 22:11 -------- d-----w- c:\program files\Conduit
2010-06-28 21:54 . 2010-06-28 21:49 -------- d-----w- c:\program files\Mobile Partner
2010-06-17 17:30 . 2010-06-13 14:05 236872 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-14 17:24 . 2010-06-14 17:24 81920 ----a-w- c:\users\admin\AppData\Roaming\ezpinst.exe
2010-06-14 17:24 . 2010-06-14 17:24 81920 ----a-w- c:\users\admin\AppData\Roaming\ezpinst.exe
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
2010-06-14 17:24 . 2010-06-14 17:24 47360 ----a-w- c:\users\admin\AppData\Roaming\pcouffin.sys
2010-06-13 07:39 . 2010-06-13 07:39 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-06-13 07:39 . 2010-06-13 07:39 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-21 12:14 . 2010-06-14 15:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2010-05-20 13:35 2675296 ----a-w- c:\program files\4shared.com\tb4sha.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-03-17 2355224]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2010-05-20 2675296]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop]
2010-07-02 12:41 3544064 ----a-w- c:\program files\4shared Desktop\desktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 09:28 282792 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-28 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
.
Inhalt des "geplante Tasks" Ordners
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:46]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {084DA353-8EB8-4C57-84EE-4A1C77CED7FB} = 193.189.244.225 193.189.244.206
TCP: {0A2452D7-3964-4912-A7A8-CEF63B7A6AF3} = 193.189.244.225 193.189.244.206
TCP: {508CB5FA-6E3D-44D9-BDDB-8DB352443696} = 193.189.244.225 193.189.244.206
TCP: {907135F0-13CF-4C04-87CB-840CE10F570A} = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 4shared Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4avz4ok2.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-17 11:36:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-17 09:36
ComboFix2.txt 2010-08-16 15:28
Vor Suchlauf: 8 Verzeichnis(se), 13.267.771.392 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 13.098.958.848 Bytes frei
- - End Of File - - 16173DC8B8DE7224F96F4A3973E70536
|
|
17.08.2010, 10:45
| #11 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet |
|
17.08.2010, 11:05
| #12 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-17 12:03:24
Windows 6.1.7600
Running: vnieh0vq.exe; Driver: C:\Users\admin\AppData\Local\Temp\aglcrpod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83006FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301F1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C398E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C593B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC04000, 0x227A14, 0xE8000020]
.text peauth.sys 8E740C9D 28 Bytes [04, D1, DF, B7, 2E, 5E, 52, ...]
.text peauth.sys 8E740CC1 28 Bytes [04, D1, DF, B7, 2E, 5E, 52, ...]
PAGE peauth.sys 8E746E20 101 Bytes [09, D0, 63, E5, C7, BC, 51, ...]
PAGE peauth.sys 8E74702C 102 Bytes JMP 43E389BD
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
17.08.2010, 11:17
| #13 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet stürtzt er noch ab? |
|
17.08.2010, 11:44
| #14 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet JA! Pc läuft wieder einwandfrei. 1000 Dank.  |
|
17.08.2010, 12:00
| #15 |
| /// Malware-holic | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet noch nicht fertig... poste eine neue otl.txt bitte |
|
| Themen zu Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet |
| acrobat, adobe, appdata, arbeitet, bho, desktop, download, explorer, fehler, free, google, hijack, hijackthis, internet, internet explorer, java, keine viren, lan, micro, microsoft, neu, plug-in, software, system, system32, viren, windows, windows wird in einer minute neu gestartet |
Linear-Darstellung
