|
Log-Analyse und Auswertung: Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2010, 22:13 | #1 | |||
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Ich hatte vor zwei Tagen urplötzlich den Antimalware Doctor auf dem PC, nach einem halben Nervenzusammenbruch hab ich dann dieses Forum entdeckt und die Anleitung zum Entfernen dieses vermaledeiten Virus' befolgt. Seitdem hab ich Avira und Malwarebyte's AM dutzendmal laufen lassen, die letzten Male haben sie nichts mehr gefunden. Vom ersten Eindruck her ist mein Pc wieder ok, ich krieg keine nervigen Meldungen mehr, Geschwindigkeit ist normal, das Windows-Sicherheitssystem-Symbol ist weg und das Programmicon ebenfalls. Aber ist mein System jetzt wirklich sauber? CCleaner hab ich durchgeführt, der HijackLog ist allerdings von davor (hab es danach gelesen, dass es anders rum durchgeführt werden soll). Hier der HijackLog: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2010-08-23 21:53:07 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 217 GB (71%) free of 305 GB Total RAM: 2010 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:53:46, on 23.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conime.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\explorer.exe C:\Users\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EPSON Stylus SX600FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "C:\Windows\TEMP\E_SBFC5.tmp" /EF "HKCU" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\STacSV.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 6880 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-06-02 3563520] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-11 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-11 170520] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-11 145944] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] ""= [] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2010-01-18 274432] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-11-07 495708] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-02 202256] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] "vspdfprsrv.exe"=C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe [2006-05-04 998912] "EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "EPSON Stylus SX600FW(Netzwerk)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE [2008-03-06 188928] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [2008-12-13 882176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-05-21 208896] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-08-23 21:53:08 ----D---- C:\Program Files\trend micro 2010-08-23 21:53:07 ----D---- C:\rsit 2010-08-20 22:59:02 ----D---- C:\Users\user\AppData\Roaming\Malwarebytes 2010-08-20 22:58:35 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-20 22:58:30 ----D---- C:\ProgramData\Malwarebytes 2010-08-20 22:58:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-20 22:58:29 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-20 21:09:06 ----SHD---- C:\Users\user\AppData\Roaming\lowsec 2010-08-20 21:08:53 ----D---- C:\Users\user\AppData\Roaming\7D1A8EFA7CDC8B78B4D54FEF40E74FC3 2010-08-12 13:19:32 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-12 13:19:31 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-12 13:19:27 ----A---- C:\Windows\system32\iccvid.dll 2010-08-12 13:19:22 ----A---- C:\Windows\system32\mshtml.dll 2010-08-12 13:19:20 ----A---- C:\Windows\system32\wininet.dll 2010-08-12 13:19:20 ----A---- C:\Windows\system32\urlmon.dll 2010-08-12 13:19:20 ----A---- C:\Windows\system32\mshtmled.dll 2010-08-12 13:19:20 ----A---- C:\Windows\system32\iepeers.dll 2010-08-12 13:19:20 ----A---- C:\Windows\system32\ieframe.dll 2010-08-12 13:19:19 ----A---- C:\Windows\system32\ieencode.dll 2010-08-12 13:19:19 ----A---- C:\Windows\system32\ieapfltr.dll 2010-08-12 13:19:13 ----A---- C:\Windows\system32\schannel.dll 2010-08-12 13:18:52 ----A---- C:\Windows\system32\win32k.sys 2010-08-12 13:18:48 ----A---- C:\Windows\system32\rtutils.dll 2010-08-12 13:18:12 ----A---- C:\Windows\system32\msxml3.dll 2010-08-12 13:18:07 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-12 13:18:07 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-12 13:17:58 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-03 19:29:59 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-23 21:53:20 ----D---- C:\Windows\Prefetch 2010-08-23 21:53:16 ----D---- C:\Windows\Temp 2010-08-23 21:53:08 ----RD---- C:\Program Files 2010-08-23 18:04:25 ----SHD---- C:\System Volume Information 2010-08-22 22:49:59 ----D---- C:\Windows\system32\drivers 2010-08-22 22:49:59 ----D---- C:\Windows\PCHEALTH 2010-08-21 08:57:56 ----D---- C:\Windows\inf 2010-08-21 00:18:24 ----D---- C:\Windows\Minidump 2010-08-21 00:18:18 ----D---- C:\Windows 2010-08-20 22:58:30 ----HD---- C:\ProgramData 2010-08-20 22:14:46 ----D---- C:\Windows\Logs 2010-08-19 18:53:29 ----D---- C:\Windows\system32\catroot2 2010-08-14 19:27:47 ----D---- C:\Windows\Debug 2010-08-13 15:57:03 ----D---- C:\Windows\Microsoft.NET 2010-08-13 15:56:20 ----RSD---- C:\Windows\assembly 2010-08-13 13:40:50 ----D---- C:\Users\user\AppData\Roaming\Winamp 2010-08-12 22:04:55 ----D---- C:\Windows\winsxs 2010-08-12 21:51:40 ----D---- C:\Windows\System32 2010-08-12 21:51:38 ----D---- C:\Program Files\Movie Maker 2010-08-12 16:24:30 ----SHD---- C:\Windows\Installer 2010-08-12 16:24:29 ----HD---- C:\Config.Msi 2010-08-12 16:24:29 ----D---- C:\ProgramData\Microsoft Help 2010-08-12 16:19:53 ----D---- C:\Windows\system32\catroot 2010-08-12 16:19:44 ----D---- C:\Program Files\Windows Mail 2010-08-11 17:58:57 ----D---- C:\Program Files\Common Files\Adobe 2010-08-11 17:58:29 ----D---- C:\ProgramData\Adobe 2010-08-10 10:19:44 ----SD---- C:\ProgramData\Microsoft 2010-08-10 10:15:52 ----SD---- C:\Users\user\AppData\Roaming\Microsoft 2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-12-26 237104] R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-06-02 18424] R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-05-21 2369536] R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-07-17 69664] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-11-07 420864] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-07-24 304128] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S3 WSDScan;WSD-Scanunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\aestsrv.exe [2009-03-03 81920] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2006-12-19 94208] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\STacSV.exe [2009-11-07 229458] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-06-02 24064] R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-11 654848] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- Hier der Log von Malwarebyte's AM beim letzten Fund: Zitat:
Seitdem hab ich AMA zweimal laufen lassen, nichts gefunden, hier der letzte Log: Zitat:
Hier der Log von der erfolgreichen - da nichts gefunden - Avira-Suche heute: Zitat:
Braucht ihr noch irgendeinen Log? Ich kenne mich damit leider noch nicht so gut aus. Vielen Dank schonmal! |
24.08.2010, 19:57 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
25.08.2010, 09:29 | #3 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Nr. 1:
__________________OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.08.2010 09:50:34 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\user\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 212,92 Gb Free Space | 71,43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E450BC-AF06-4434-B9FC-86EEE884F88F}" = rport=137 | protocol=17 | dir=out | app=system | "{0566FD5A-12A8-4133-BAB8-AF733F12F63A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2EA30F13-00C8-46EE-A1EF-4B11CDD87354}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{33737B45-4A8D-47AE-A4AD-B6A447579314}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3CE12A70-3CB9-4285-A42B-B31C99160BED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{508542B5-6133-4BE8-B401-FF096FA903FE}" = rport=139 | protocol=6 | dir=out | app=system | "{5D2161FE-C3C8-47A2-AF1A-FC7D2B41794F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{77FA7217-5884-4FFE-AB85-5A9C3D37E943}" = rport=445 | protocol=6 | dir=out | app=system | "{8357A397-95BB-45BD-8CA6-9581022F22E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{83867335-9101-454A-BE0E-C704FF6A0886}" = lport=445 | protocol=6 | dir=in | app=system | "{888FFCB4-95A1-4E13-B324-F12D420764D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9D71DC4E-C12E-467F-9574-2E762AE5323E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A8DF43FE-E30D-411B-A883-F35F9EDDFF6A}" = rport=138 | protocol=17 | dir=out | app=system | "{AE7EB33B-C41E-4780-8C1B-57EA09538368}" = lport=138 | protocol=17 | dir=in | app=system | "{C38ED0FB-EC62-4360-A1BC-B5C252C682DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C9F74219-3EB1-40E8-8017-52C748086C06}" = lport=139 | protocol=6 | dir=in | app=system | "{D4C665FB-C320-4E5C-A87D-680FEE8013CB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F339EE31-67A1-4F79-80EF-83F35044CD8D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{FE34F3A1-E974-4FAC-9E42-395870E5D0DE}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07BADCAD-F802-45E0-9BDE-7D1709708E71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1CC6F2A0-E18F-4501-9B8A-8F4CF2F2E516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F3E7DB3-F671-4A93-B677-47C7AF643BEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9E6477A1-9786-4735-8D5A-5D2C8DED494D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E0CAD10F-DA42-46F1-9E16-6A135ECACDC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E94DA2C1-B592-45C0-B93C-CBD2EC30C911}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{49F0F7EA-98A5-482C-ACEE-4B262E12331C}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe | "TCP Query User{5A9D5003-7587-4ED6-BB9A-7FE0976F62E7}C:\program files\meerkat\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\meerkat\slvoice.exe | "TCP Query User{826670E0-9E71-4A54-9BCC-06B6863C9265}C:\program files\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\emerald viewer\slvoice.exe | "TCP Query User{900393A0-4275-4A20-951E-54EAEE1BE708}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A17139D7-F0C0-419C-A066-DCB8A8CB2F67}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{A9D9162B-D6D6-48D9-A6AB-50BA86F44988}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe | "TCP Query User{CE0D2BCE-2EDC-42A4-A51D-9CDAB7A06E07}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{E6C1CC06-E749-4743-B79B-5F70AD3BEEA5}C:\program files\hippo_opensim_viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\hippo_opensim_viewer\slvoice.exe | "TCP Query User{FC550CC7-F708-4B19-8701-F779A7459D1B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{0B63DED7-ABC3-42EB-8046-02A7C7FDFB5A}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe | "UDP Query User{24598051-6D55-45E4-BF20-6571B1951EDB}C:\program files\hippo_opensim_viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\hippo_opensim_viewer\slvoice.exe | "UDP Query User{55420495-83BB-4D90-A37A-859B1FA3D572}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe | "UDP Query User{A81D7B3A-D84A-4171-99DA-221E47FCB69E}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{CBEE9C3D-52FE-4370-B2B9-F9699E682D6C}C:\program files\meerkat\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\meerkat\slvoice.exe | "UDP Query User{DCA9B389-3747-4C83-881C-23538915C72B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{DCEA57AE-FE10-4168-A676-DD5F801B949B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{ED68320A-88E0-4437-A36B-3695FA3129B1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{EDCE1558-A7F4-4D53-82EB-DE435AFBF68F}C:\program files\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\emerald viewer\slvoice.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = Emerald Viewer 1.23.5.1634 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Ares" = Ares 2.1.1 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Blender" = Blender (remove only) "Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte "CCleaner" = CCleaner (remove only) "ClearProg" = ClearProg 1.5.0 Final "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch "EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HDMI" = Intel(R) Graphics Media Accelerator Driver "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "Picasa 3" = Picasa 3 "Pixillion" = Pixillion Image Converter "PROPLUSR" = Microsoft Office Professional Plus 2007 "RealPlayer 12.0" = RealPlayer "SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only) "Tejina 1.3 DE" = Tejina 1.3 DE "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 24.08.2010 12:23:21 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 24.08.2010 12:24:28 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 15:01:50 | Computer Name = user-PC | Source = EventSystem | ID = 4622 Description = Error - 24.08.2010 18:16:28 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 24.08.2010 18:16:28 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 24.08.2010 18:17:35 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 24.08.2010 18:23:05 | Computer Name = user-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.10.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 12d4 Anfangszeit: 01cb43da589a7272 Zeitpunkt der Beendigung: 0 Error - 25.08.2010 03:50:08 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 25.08.2010 03:50:08 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 25.08.2010 03:51:05 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = [ Broadcom Wireless LAN Events ] Error - 16.06.2010 05:36:48 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 11:36:48, Wed, Jun 16, 10 Error - User "" does not have administrative privileges on this system Error - 23.06.2010 18:36:31 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 00:36:31, Thu, Jun 24, 10 Error - User "" does not have administrative privileges on this system Error - 23.06.2010 18:36:31 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 00:36:31, Thu, Jun 24, 10 Error - User "" does not have administrative privileges on this system Error - 28.06.2010 18:14:18 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 00:14:18, Tue, Jun 29, 10 Error - User "" does not have administrative privileges on this system Error - 02.07.2010 12:42:56 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 18:42:56, Fri, Jul 02, 10 Error - User "" does not have administrative privileges on this system Error - 23.07.2010 17:51:09 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 23:51:09, Fri, Jul 23, 10 Error - User "" does not have administrative privileges on this system Error - 24.07.2010 19:22:03 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 01:22:03, Sun, Jul 25, 10 Error - User "" does not have administrative privileges on this system Error - 03.08.2010 18:02:00 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 00:02:00, Wed, Aug 04, 10 Error - User "" does not have administrative privileges on this system Error - 07.08.2010 08:27:32 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 14:27:27, Sat, Aug 07, 10 Error - Unable to gain access to user store Error - 14.08.2010 18:46:31 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0 Description = 00:46:31, Sun, Aug 15, 10 Error - User "" does not have administrative privileges on this system [ System Events ] Error - 23.08.2010 03:28:07 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.08.2010 12:23:42 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 24.08.2010 12:24:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.08.2010 12:24:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.08.2010 18:17:35 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.08.2010 18:17:35 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.08.2010 18:18:10 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 25.08.2010 03:51:02 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 25.08.2010 03:51:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 25.08.2010 03:51:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Nr. 2: hOTL Logfile: Code:
ATTFilter OTL logfile created on: 25.08.2010 09:50:34 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\user\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 212,92 Gb Free Space | 71,43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\stacsv.exe (IDT, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\AEstSrv.exe (Andrea Electronics Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de" FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 12:35:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 17:59:19 | 000,000,000 | ---D | M] [2009.10.11 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.08.23 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions [2010.07.30 21:14:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.03.28 11:56:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2010.07.27 08:44:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.07.30 21:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\staged-xpis [2010.07.27 08:44:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.01.22 13:54:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus SX600FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4043ff45-3b29-11df-84a8-0023ae217cd3}\Shell - "" = AutoRun O33 - MountPoints2\{4043ff45-3b29-11df-84a8-0023ae217cd3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.25 00:18:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2010.08.23 21:53:08 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.23 21:53:07 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.20 22:59:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2010.08.20 22:58:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.20 22:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.20 22:58:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.20 22:58:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.20 21:09:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\konetoyto [2010.08.20 21:09:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows [2010.08.20 21:09:06 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Roaming\lowsec [2010.08.20 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Server [2010.08.20 21:08:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\7D1A8EFA7CDC8B78B4D54FEF40E74FC3 [2010.08.14 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\HH [2010.08.12 13:19:32 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 13:19:31 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 13:19:27 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 13:19:20 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 13:19:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.12 13:19:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.12 13:18:52 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 13:18:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.10 10:59:41 | 000,000,000 | R--D | C] -- C:\Users\user\Documents [2010.08.08 16:35:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\verschiedenes [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.25 09:51:28 | 002,621,440 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2010.08.25 09:49:38 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 09:49:38 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 09:49:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.25 09:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.25 09:49:16 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys [2010.08.25 00:26:37 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.25 00:26:37 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.25 00:26:23 | 002,004,755 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2010.08.25 00:18:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2010.08.23 21:52:38 | 000,339,991 | ---- | M] () -- C:\Users\user\Desktop\RSIT.exe [2010.08.20 22:58:42 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.20 22:54:19 | 000,363,520 | ---- | M] () -- C:\Users\user\Desktop\rkill.com [2010.08.13 12:54:46 | 000,103,129 | ---- | M] () -- C:\Users\user\Desktop\ABHVWiSeX.pdf [2010.08.12 22:44:29 | 000,026,112 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.12 21:53:56 | 000,393,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.11 17:59:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.11 17:55:03 | 001,149,914 | ---- | M] () -- C:\Users\user\Desktop\nbb_fbl_3.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.23 21:52:27 | 000,339,991 | ---- | C] () -- C:\Users\user\Desktop\RSIT.exe [2010.08.20 22:58:42 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.20 22:54:12 | 000,363,520 | ---- | C] () -- C:\Users\user\Desktop\rkill.com [2010.08.13 12:54:28 | 000,103,129 | ---- | C] () -- C:\Users\user\Desktop\ABHVWiSeX.pdf [2010.08.11 17:59:19 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.11 17:55:03 | 001,149,914 | ---- | C] () -- C:\Users\user\Desktop\nbb_fbl_3.pdf [2010.07.13 13:35:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.05.04 11:25:45 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2009.10.26 14:31:20 | 000,001,484 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.20 22:04:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.19 23:20:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.11 17:49:11 | 000,026,112 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.01 15:45:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll [2009.10.01 15:38:38 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2009.10.01 15:17:32 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > |
25.08.2010, 11:28 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.08.2010, 10:25 | #5 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Hab das Programm gestern abend gestartet, dann nach ein paar Sekunden wieder abgebrochen, weil ich vergessen hatte, die Bedienungsanleitung durchzulesen, dann wieder gestartet. Ca. um halb acht hat der Pc gemeldet, dass er sich nun runterfährt, um Mitternacht war er immer noch beim Abmeldebildschirm. Ich hab den Pc über Nacht angelassen und als ich heute Morgen wieder raufgeguckt hab, war er immer noch beim Abmeldebildschirm, da hab ich die Geduld verloren und ihn manuell aus- und wieder eingeschaltet. Ich sehs als schlechtes Zeichen, dass er's nicht selber geschafft hat. Als der Computer dann hochgefahren und das Log erstellt war, hat mir das Windows-Sicherheitscenter gemeldet, dass mein Avira nicht an ist, obwohl es schon längst angeschaltet war (schon vom Start an). Außerdem hab ich jetzt das Icon vom Internet Explorer auf dem Desktop, den ich schon längst gelöscht glaubte (ich nutze nur Mozilla). Jedenfalls ist hier jetzt der Log: Code:
ATTFilter ComboFix 10-08-24.0C - user 25.08.2010 18:39:10.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2010.1194 [GMT 2:00] ausgeführt von:: c:\users\user\Desktop\cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\user\AppData\Local\Windows Server c:\users\user\AppData\Local\Windows Server\admin.txt c:\users\user\AppData\Local\Windows Server\flags.ini c:\users\user\AppData\Local\Windows Server\server.dat c:\users\user\AppData\Local\Windows Server\uses32.dat c:\users\user\AppData\Roaming\7D1A8EFA7CDC8B78B4D54FEF40E74FC3 c:\users\user\AppData\Roaming\7D1A8EFA7CDC8B78B4D54FEF40E74FC3\enemies-names.txt c:\users\user\AppData\Roaming\7D1A8EFA7CDC8B78B4D54FEF40E74FC3\local.ini c:\windows\system32\wininit.exe . . . ist infiziert!! . ((((((((((((((((((((((( Dateien erstellt von 2010-07-26 bis 2010-08-26 )))))))))))))))))))))))))))))) . 2010-08-25 16:48 . 2010-08-26 09:01 -------- d-----w- c:\users\user\AppData\Local\temp 2010-08-25 16:48 . 2010-08-25 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-23 19:53 . 2010-08-23 19:53 -------- d-----w- c:\program files\trend micro 2010-08-23 19:53 . 2010-08-23 19:53 -------- d-----w- C:\rsit 2010-08-20 20:59 . 2010-08-20 20:59 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2010-08-20 20:58 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-20 20:58 . 2010-08-20 20:58 -------- d-----w- c:\programdata\Malwarebytes 2010-08-20 20:58 . 2010-08-20 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-20 20:58 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-20 19:09 . 2010-08-20 22:43 -------- d-----w- c:\users\user\AppData\Local\konetoyto 2010-08-20 19:09 . 2010-08-22 20:48 -------- d-----w- c:\users\user\AppData\Local\Windows 2010-08-20 19:09 . 2010-08-20 19:09 -------- d-sh--w- c:\users\user\AppData\Roaming\lowsec 2010-08-12 11:19 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 11:19 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 11:19 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-12 11:19 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll 2010-08-12 11:19 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-08-12 11:19 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-12 11:18 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 11:18 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 11:18 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 11:18 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 11:18 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 11:17 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 16:18 . 2009-10-11 15:52 -------- d-----w- c:\program files\CCleaner 2010-08-24 17:06 . 2010-07-20 22:24 -------- d-----w- c:\users\user\AppData\Roaming\Winamp 2010-08-12 14:24 . 2009-10-11 17:06 -------- d-----w- c:\programdata\Microsoft Help 2010-08-12 14:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-11 15:58 . 2009-10-11 16:54 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-23 15:22 . 2010-07-30 19:14 1496064 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-07-23 15:22 . 2010-07-30 19:14 43008 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-07-23 15:22 . 2010-07-30 19:14 338944 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-07-23 15:22 . 2010-07-30 19:14 346112 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-07-21 22:37 . 2009-10-19 21:20 -------- d-----w- c:\users\user\AppData\Roaming\Skype 2010-07-20 22:29 . 2010-07-20 22:24 -------- d-----w- c:\program files\Winamp 2010-07-20 22:24 . 2010-07-20 22:24 -------- d-----w- c:\program files\Winamp Detect 2010-07-20 10:48 . 2010-07-20 10:48 -------- d-----w- c:\program files\Windows Media Components 2010-07-19 22:02 . 2009-10-19 21:20 -------- d-----w- c:\users\user\AppData\Roaming\skypePM 2010-07-19 17:46 . 2009-10-01 13:17 1356 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat 2010-07-16 10:55 . 2009-10-01 23:00 628742 ----a-w- c:\windows\system32\perfh007.dat 2010-07-16 10:55 . 2009-10-01 23:00 126454 ----a-w- c:\windows\system32\perfc007.dat 2010-07-13 19:06 . 2010-07-13 19:06 -------- d-----w- c:\program files\Common Files\EPSON 2010-07-13 19:06 . 2010-07-13 19:06 -------- d-----w- c:\program files\EpsonNet 2010-07-13 19:06 . 2009-10-01 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-13 19:03 . 2010-07-13 11:42 -------- d-----w- c:\programdata\UDL 2010-07-13 19:02 . 2010-07-13 11:38 -------- d-----w- c:\program files\Epson Software 2010-07-13 19:00 . 2010-07-13 11:32 -------- d-----w- c:\program files\epson 2010-07-13 19:00 . 2009-10-01 13:41 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-13 18:57 . 2010-07-13 11:33 -------- d-----w- c:\programdata\EPSON 2010-07-13 11:55 . 2010-07-13 11:55 -------- d-----w- c:\users\user\AppData\Roaming\Epson 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-06-02 18:05 . 2010-04-02 10:31 443912 ----a-w- c:\users\user\AppData\Roaming\Real\Update\setup3.11\setup.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 145944] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 274432] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-02 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2008-12-13 04:23 882176 ----a-w- c:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2008-05-07 13:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe] 2006-05-04 04:58 998912 ----a-w- c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):05,bc,d6,48,42,56,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\aestsrv.exe [2009-03-03 81920] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Zusätzlicher Suchlauf ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net Rootkit scan 2010-08-26 11:02 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\STacSV.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-08-26 11:13:07 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-08-26 09:13 Vor Suchlauf: 9 Verzeichnis(se), 227.649.994.752 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 229.459.021.824 Bytes frei - - End Of File - - 106488AAD7CBC34E5268F631742AFB7C |
26.08.2010, 13:48 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ --> Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? |
26.08.2010, 17:40 | #7 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? GMER ist tatsächlich zweimal abgestürzt, nach dem ersten Mal hatte ich einen Bluescreen und musste den Computer neu starten. Leider hatte ich zu wenig Zeit, um die Fehlermeldung abzuschreiben. Beim zweiten Mal war zum Glück alles normal. Hier der Log von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 h**p://www.online-solutions.ru/en/ Saved at 18:30:54 on 26.08.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxldapob" (kxldapob) - ? - C:\Users\user\AppData\Local\Temp\kxldapob.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\enppmon.dll "PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll "VSP1:" - ? - C:\Windows\system32\vsmon1.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru Und hier das Ergebnis von der remover.exe: Code:
ATTFilter Bootkit Remover (c) 2009 eSage Lab h**p://www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000 Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit... |
26.08.2010, 19:36 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2010, 14:49 | #9 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Hier der Log von SASW: Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll h**p://www.superantispyware.com Generiert 08/27/2010 bei 01:13 PM Version der Applikation : 4.42.1000 Version der Kern-Datenbank : 5410 Version der Spur-Datenbank : 3222 Scan Art : kompletter Scann Totale Scann-Zeit : 02:04:45 Gescannte Speicherelemente : 615 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 8497 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 156251 Erfasste Datei-Elemente : 0 Und hier der von MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4470 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.08.2010 15:14:22 mbam-log-2010-08-27 (15-14-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 283749 Laufzeit: 1 Stunde(n), 30 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\DVD Genie\dvdgenie.exe (Trojan.Agent) -> Quarantined and deleted successfully. Na toll, doch noch infiziert... und was ist eigentlich mit der infizierten Systemdatei, die Cofi gefunden hatte? |
27.08.2010, 19:00 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok?Zitat:
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2010, 19:26 | #11 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Ich glaub, das hatte ich mal vor ein paar Monaten runtergeladen, weil ich eine DVD mit einem Regional-Code gekauft hatte, der nicht in Europa abgespielt werden kann. Ich denke aber, dass ich das Programm letztenendes nicht benutzt habe und hatte mittlerweile schon komplett vergessen, dass ichs überhaupt noch drauf hab. Dass es jetzt auf einmal ein Trojaner ist, überrascht mich allerdings... Avira hatte nie was gesagt. Auch heute nicht, als ich den noch mal laufen ließ. Langsam trau ich dem nicht mehr, ich hatte es schon des öfteren, dass der was nicht angezeigt hat, obwohl's drauf war. Hier der Code von OTL: Code:
ATTFilter OTL logfile created on: 27.08.2010 20:05:33 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\user\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 212,01 Gb Free Space | 71,12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\stacsv.exe (IDT, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_22764d41\AEstSrv.exe (Andrea Electronics Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\cofi\catchme.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de" FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 12:35:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.11 17:59:19 | 000,000,000 | ---D | M] [2009.10.11 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.08.27 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions [2010.07.30 21:14:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.03.28 11:56:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2010.07.27 08:44:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.07.30 21:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\staged-xpis [2010.07.27 08:44:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iydkt47l.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.01.22 13:54:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.26 10:59:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group) MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) MsConfig - StartUpReg: vspdfprsrv.exe - hkey= - key= - C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe () MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.27 20:02:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2010.08.26 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2010.08.26 22:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.26 22:27:43 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.26 22:27:01 | 009,157,960 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\user\Desktop\SUPERAntiSpyware.exe [2010.08.26 11:13:10 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.08.26 11:00:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010.08.25 18:48:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2010.08.25 18:35:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.25 18:28:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.25 18:28:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.25 18:28:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.25 18:27:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.25 18:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.23 21:53:08 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.23 21:53:07 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.20 22:59:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2010.08.20 22:58:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.20 22:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.20 22:58:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.20 22:58:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.20 21:09:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\konetoyto [2010.08.20 21:09:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows [2010.08.20 21:09:06 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Roaming\lowsec [2010.08.14 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\HH [2010.08.10 10:59:41 | 000,000,000 | R--D | C] -- C:\Users\user\Documents [2010.08.08 16:35:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\verschiedenes [2010.07.21 00:24:44 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect [2010.07.21 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Winamp [2010.07.21 00:24:11 | 000,000,000 | ---D | C] -- C:\Programme\Winamp [2010.07.20 12:48:36 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp [2010.07.20 12:48:36 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2010.07.20 12:48:27 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Components [2010.07.15 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\BaföG-Antrag [2010.07.13 21:06:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\EPSON [2010.07.13 21:06:32 | 000,000,000 | ---D | C] -- C:\Programme\EpsonNet [2010.07.13 13:55:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Epson [2010.07.13 13:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2010.07.13 13:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Epson Software [2010.07.13 13:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010.07.13 13:32:33 | 000,000,000 | ---D | C] -- C:\Programme\epson [2010.07.06 18:09:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Second Life [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.27 20:05:51 | 002,621,440 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2010.08.27 20:02:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2010.08.27 19:16:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.27 19:16:29 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.27 15:16:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.27 15:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.27 15:15:54 | 2105,946,112 | -HS- | M] () -- C:\hiberfil.sys [2010.08.27 15:14:57 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.27 15:14:57 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.27 15:14:51 | 002,201,312 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2010.08.26 22:27:46 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.26 22:27:24 | 009,157,960 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\user\Desktop\SUPERAntiSpyware.exe [2010.08.26 18:17:59 | 201,210,699 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.26 11:00:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.08.26 10:59:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.25 18:18:11 | 000,000,804 | ---- | M] () -- C:\Users\user\Desktop\CCleaner.lnk [2010.08.20 22:58:42 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.20 22:54:19 | 000,363,520 | ---- | M] () -- C:\Users\user\Desktop\rkill.com [2010.08.13 12:54:46 | 000,103,129 | ---- | M] () -- C:\Users\user\Desktop\ABHVWiSeX.pdf [2010.08.12 22:44:29 | 000,026,112 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.12 21:53:56 | 000,393,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.11 17:59:19 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.11 17:55:03 | 001,149,914 | ---- | M] () -- C:\Users\user\Desktop\nbb_fbl_3.pdf [2010.07.21 00:26:30 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.07.19 19:46:44 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010.07.16 12:55:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.16 12:55:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.16 12:55:33 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.16 12:55:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.16 12:55:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.15 13:17:58 | 000,046,080 | ---- | M] () -- C:\Users\user\Desktop\Verfügbarkeitsliste August 2010 ***.xls [2010.07.13 21:03:08 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2010.07.13 20:58:52 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Stylus Handbuch.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.26 22:27:46 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.26 18:17:59 | 201,210,699 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.08.25 18:28:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.25 18:28:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.25 18:28:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.25 18:28:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.25 18:28:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.20 22:58:42 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.20 22:54:12 | 000,363,520 | ---- | C] () -- C:\Users\user\Desktop\rkill.com [2010.08.13 12:54:28 | 000,103,129 | ---- | C] () -- C:\Users\user\Desktop\ABHVWiSeX.pdf [2010.08.11 17:59:19 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.11 17:55:03 | 001,149,914 | ---- | C] () -- C:\Users\user\Desktop\nbb_fbl_3.pdf [2010.07.21 00:26:30 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.07.15 13:17:13 | 000,046,080 | ---- | C] () -- C:\Users\user\Desktop\Verfügbarkeitsliste August 2010 ***.xls [2010.07.13 21:06:46 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2010.07.13 21:03:08 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2010.07.13 20:58:52 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Stylus Handbuch.lnk [2010.07.13 13:35:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.07.13 13:35:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.07.13 13:35:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.07.13 13:35:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.07.13 13:35:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.07.13 13:35:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.07.13 13:35:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.07.13 13:35:36 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg [2010.07.13 13:35:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.07.13 13:35:36 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg [2010.07.13 13:35:36 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg [2010.07.13 13:35:36 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg [2010.07.13 13:35:36 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg [2010.07.13 13:35:36 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg [2010.07.13 13:35:36 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg [2010.07.13 13:35:36 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg [2010.07.13 13:35:36 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg [2010.07.13 13:35:36 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg [2010.07.13 13:35:36 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg [2010.07.13 13:35:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.07.13 13:35:36 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg [2010.07.13 13:35:36 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg [2010.07.13 13:35:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.07.13 13:35:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.07.13 13:35:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.07.13 13:35:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.07.13 13:35:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.07.13 13:35:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.07.13 13:35:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.07.13 13:35:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.07.13 13:35:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.07.13 13:35:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.05.04 11:25:45 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2009.10.26 14:31:20 | 000,001,484 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.20 22:04:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.19 23:20:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.11 17:49:11 | 000,026,112 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.01 15:45:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll [2009.10.01 15:38:38 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2009.10.01 15:17:32 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.10.25 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blender Foundation [2010.07.13 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson [2010.05.05 20:10:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eXPert PDF Editor [2009.12.30 17:03:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Haihaisoft [2009.12.30 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Haihaisoft Universal Player [2010.04.27 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hippo_OpenSim_Viewer [2010.08.20 21:09:28 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\lowsec [2010.01.09 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Meerkat [2009.11.03 14:46:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2009.11.04 21:04:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife [2009.11.17 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLiteChat [2009.10.01 15:41:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TMP [2010.03.11 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2010.08.27 15:16:05 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.19 01:25:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe [2010.03.07 23:30:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer [2009.10.25 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blender Foundation [2009.11.29 17:30:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DivX [2010.07.13 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson [2010.05.05 20:10:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eXPert PDF Editor [2009.12.30 17:03:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Haihaisoft [2009.12.30 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Haihaisoft Universal Player [2010.04.27 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hippo_OpenSim_Viewer [2009.12.21 21:10:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate [2009.10.01 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities [2009.10.01 15:35:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield [2010.08.20 21:09:28 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\lowsec [2009.10.11 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia [2010.08.20 22:59:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs [2010.01.09 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Meerkat [2010.08.10 10:15:52 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft [2009.10.11 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla [2009.11.03 14:46:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2010.04.02 12:31:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Real [2009.11.04 21:04:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife [2010.07.22 00:37:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype [2010.07.20 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\skypePM [2009.11.17 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLiteChat [2010.08.26 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2009.10.01 15:41:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TMP [2010.03.11 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent [2010.08.24 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Winamp [2009.12.27 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.29 19:15:09 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Roaming\Hippo_OpenSim_Viewer\logs\SecondLife.exec_marker [2009.10.01 15:30:36 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe [2009.10.01 15:30:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe [2010.06.02 20:05:10 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\setup3.11\setup.exe [2008.07.29 10:03:00 | 018,496,532 | ---- | M] (Marvell ) -- C:\Users\user\AppData\Roaming\TMP\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.06.02 11:44:06 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll [2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > Eine extra.txt gabs nicht. |
27.08.2010, 20:25 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2010, 20:27 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.08.2010, 11:51 | #14 |
| Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Fehlalarm hin oder her, ich hab DVDGenie gelöscht, da ich das Programm eh nicht brauche. Ich hab MBAM nochmal laufen lassen und er hat nichts gefunden, also wird mein Pc ja jetzt in Ordnung sein. Vielen Dank, jetzt kann ich ja wohl meinen Pc wieder ganz normal benutzen!!! |
28.08.2010, 12:51 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? Gut, dann bitte die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok? |
antivir, antivir guard, audiodg.exe, avgntflt.sys, avira, bho, browser, desktop, device driver, diagnostics, druck, entfernen, error, expert pdf, fontcache, google, hdaudio.sys, hijackthis, home, home premium, internet, internet explorer, karte, local\temp, logfile, netzwerk, nt.dll, object, plug-in, programdata, proxy, realtek, registry, rogue.antimalwaredoctor, software, svchost.exe, system, usb 2.0, versteckte objekte, verweise, virus, virus gefunden, warnung, winhelp.exe |