| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Musik im Hintergrund! Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2010, 09:46
| #1 |
 |  Musik im Hintergrund! Virus? Guten Morgen! Ich habe das Problem, dass bei mir, wenn ich ICQ/ Skype benutze, nach kurzer Zeit Musik beginnt, die sich wie bei einer Schlacht anhört. Ich habe hier im Forum schon gelese, dass das Problem bei mehreren aufgetreten ist. Ich habe nun die SUPERAntiSpyware benutzt und folgendes Ergebnis bekommen. Ich hoffe ihr könnt mir helfen! Lg SUPERAntiSpyware Scan Log h**p://w*w.superantispyware.com Generated 09/03/2010 at 10:33 AM Application Version : 4.42.1000 Core Rules Database Version : 5449 Trace Rules Database Version: 3261 Scan type : Complete Scan Total Scan Time : 01:42:54 Memory items scanned : 716 Memory threats detected : 0 Registry items scanned : 8319 Registry threats detected : 0 File items scanned : 133805 File threats detected : 38 Adware.Tracking Cookie C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.traffictrack[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt akamai.smartadserver.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] broadcast.piximedia.fr [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] ch.mediaplanet.streamingbolaget.se [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] ds.serving-sys.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] ec.atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] googleads.g.doubleclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] hottraffic.nl [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] ia.media-imdb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] m1.emea.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] macromedia.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] media.stage-entertainment.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] media.thewb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] memecounter.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] objects.tremormedia.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] s0.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] w*w.secmedia.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] w*w.unitymedia.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] w*w2.satzmedia-catalog.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] Ich hab nun auch den MBR-Check (hoffentlich richtig) durchgeführt. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer Inc. System Product Name: F5SR Logical Drives Mask: 0x000000fc Kernel Drivers (total 158): 0x81E43000 \SystemRoot\system32\ntkrnlpa.exe 0x81E10000 \SystemRoot\system32\hal.dll 0x8040F000 \SystemRoot\system32\kdcom.dll 0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80486000 \SystemRoot\system32\PSHED.dll 0x80497000 \SystemRoot\system32\BOOTVID.dll 0x8049F000 \SystemRoot\system32\CLFS.SYS 0x804E0000 \SystemRoot\system32\CI.dll 0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068B000 \SystemRoot\system32\drivers\acpi.sys 0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E2000 \SystemRoot\system32\drivers\pci.sys 0x80709000 \SystemRoot\System32\drivers\partmgr.sys 0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80725000 \SystemRoot\system32\drivers\volmgr.sys 0x80734000 \SystemRoot\System32\drivers\volmgrx.sys 0x8077E000 \SystemRoot\system32\drivers\pciide.sys 0x80785000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80793000 \SystemRoot\System32\drivers\mountmgr.sys 0x807A3000 \SystemRoot\system32\drivers\atapi.sys 0x807AB000 \SystemRoot\system32\drivers\ataport.SYS 0x807C9000 \SystemRoot\system32\drivers\fltmgr.sys 0x805C0000 \SystemRoot\system32\drivers\fileinfo.sys 0x805D0000 \SystemRoot\System32\Drivers\AsDsm.sys 0x805DA000 \SystemRoot\system32\DRIVERS\lullaby.sys 0x89E07000 \SystemRoot\System32\Drivers\ksecdd.sys 0x89E78000 \SystemRoot\system32\drivers\ndis.sys 0x89F83000 \SystemRoot\system32\drivers\msrpc.sys 0x89FAE000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A001000 \SystemRoot\System32\drivers\tcpip.sys 0x8A0EB000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A205000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A315000 \SystemRoot\system32\drivers\wd.sys 0x8A31D000 \SystemRoot\system32\drivers\volsnap.sys 0x8A356000 \SystemRoot\System32\Drivers\spldr.sys 0x8A35E000 \SystemRoot\System32\Drivers\mup.sys 0x8A36D000 \SystemRoot\System32\drivers\ecache.sys 0x8A394000 \SystemRoot\system32\drivers\disk.sys 0x8A3A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A3C6000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A3EF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A106000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8A10F000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0x8A117000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8E00B000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8E4D5000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E576000 \SystemRoot\System32\drivers\watchdog.sys 0x8E582000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8E595000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x8E59D000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8E5A8000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8E5D7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8E5D9000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E5E4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8A126000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8A130000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A16E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8A17D000 \SystemRoot\system32\DRIVERS\SiSGB6.sys 0x8E60D000 \SystemRoot\system32\DRIVERS\athr.sys 0x8E6F1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E77E000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8E782000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8E7A1000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8A18D000 \SystemRoot\system32\DRIVERS\storport.sys 0x8E7D0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E7DB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8E7F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A1CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8A1F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x89FE9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x805E2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8EA02000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8EA12000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8EA14000 \SystemRoot\system32\DRIVERS\ks.sys 0x8EA3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8EA48000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8EA55000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8EA8A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EC00000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8EA9B000 \SystemRoot\system32\drivers\portcls.sys 0x8EAC8000 \SystemRoot\system32\drivers\drmk.sys 0x8EE04000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8EF2A000 \SystemRoot\system32\drivers\modem.sys 0x8EF37000 \SystemRoot\system32\drivers\MODEMCSA.sys 0x8EF41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8EF4A000 \SystemRoot\System32\Drivers\Null.SYS 0x8EF51000 \SystemRoot\System32\Drivers\Beep.SYS 0x8EF58000 \SystemRoot\System32\drivers\vga.sys 0x8EF64000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8EF85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8EF8D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8EF95000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8EFA0000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8EFAE000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8EFB7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8EFCD000 \SystemRoot\system32\DRIVERS\smb.sys 0x8EAED000 \SystemRoot\system32\drivers\afd.sys 0x8EB35000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8EFE1000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8EDF2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8EB67000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8EFF7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8EB7A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x8EB9C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8EBA2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8EBDE000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8EBE8000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F006000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F022000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F024000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F031000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F03C000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8F044000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x8E600000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x8F1F5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x8A3CF000 \SystemRoot\system32\DRIVERS\ewusbdev.sys 0x94C01000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x95CC0000 \SystemRoot\System32\win32k.sys 0x94C13000 \SystemRoot\System32\drivers\Dxapi.sys 0x94C1D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x95EE0000 \SystemRoot\System32\TSDDD.dll 0x95F00000 \SystemRoot\System32\cdd.dll 0x94C2C000 \SystemRoot\system32\drivers\luafv.sys 0x94C47000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x94C72000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys 0x94CC0000 \SystemRoot\system32\drivers\spsys.sys 0x94D70000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x94D80000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x94DAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x94DB4000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x94DC7000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys 0x9D40B000 \SystemRoot\system32\drivers\HTTP.sys 0x9D478000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D495000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D4AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D4C3000 \SystemRoot\system32\drivers\mrxdav.sys 0x9D4E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9D503000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9D53C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D554000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D57B000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D5C9000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA0E0D000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xA0E9D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 0xA0EA0000 \SystemRoot\system32\drivers\peauth.sys 0xA0F7E000 \SystemRoot\System32\Drivers\fastfat.SYS 0xA0FA6000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA0FB0000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA0FBC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA0FD1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA0FE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9D5DF000 \SystemRoot\system32\DRIVERS\ewusbnet.sys 0x94DCE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x77C00000 \Windows\System32\ntdll.dll Processes (total 83): 0 System Idle Process 4 System 464 C:\Windows\System32\smss.exe 612 csrss.exe 676 C:\Windows\System32\wininit.exe 688 csrss.exe 720 C:\Windows\System32\services.exe 736 C:\Windows\System32\lsass.exe 744 C:\Windows\System32\lsm.exe 768 C:\Windows\System32\winlogon.exe 932 C:\Windows\System32\svchost.exe 1012 C:\Windows\System32\svchost.exe 1048 C:\Windows\System32\svchost.exe 1136 C:\Windows\System32\Ati2evxx.exe 1240 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\svchost.exe 1360 C:\Windows\System32\audiodg.exe 1400 C:\Windows\System32\SLsvc.exe 1496 C:\Windows\System32\svchost.exe 1576 C:\Windows\System32\Ati2evxx.exe 1616 C:\Program Files\ASUS\SmartLogon\smartlogon.exe 1696 C:\Windows\System32\svchost.exe 1880 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1900 C:\Windows\System32\dwm.exe 1928 C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1952 C:\Windows\explorer.exe 1960 C:\Program Files\ATKGFNEX\GFNEXSrv.exe 2008 C:\Windows\System32\wlanext.exe 300 C:\Windows\System32\taskeng.exe 304 C:\Windows\System32\spoolsv.exe 548 C:\Program Files\Avira\AntiVir Desktop\sched.exe 564 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\taskeng.exe 1716 C:\Program Files\ASUS\ASUS Live Update\ALU.exe 1920 C:\Windows\System32\taskeng.exe 2104 C:\Program Files\Windows Defender\MSASCui.exe 2112 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 2140 C:\Windows\RtHDVCpl.exe 2152 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2184 C:\Program Files\ASUS\ATK Media\DMedia.exe 2200 C:\Windows\System32\ASUSTPE.exe 2208 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2220 C:\Program Files\ATK Hotkey\HControl.exe 2252 C:\Windows\ASScrPro.exe 2260 C:\Program Files\ATKOSD2\ATKOSD2.exe 2272 C:\Program Files\Wireless Console 2\wcourier.exe 2280 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe 2292 C:\Program Files\P4G\BatteryLife.exe 2376 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe 2384 C:\Program Files\QuickTime\QTTask.exe 2400 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2440 C:\Windows\System32\agrsmsvc.exe 2448 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2460 C:\Program Files\iTunes\iTunesHelper.exe 2508 C:\Program Files\Windows Sidebar\sidebar.exe 2516 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 2524 C:\Windows\ehome\ehtray.exe 2536 C:\Program Files\ICQ7.2\ICQ.exe 2652 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2736 C:\Program Files\Bonjour\mDNSResponder.exe 2804 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2824 C:\Windows\ehome\ehmsas.exe 2968 C:\Program Files\ATK Hotkey\ATKOSD.exe 3024 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3120 C:\Windows\System32\svchost.exe 3152 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 3180 C:\Windows\System32\svchost.exe 3276 C:\Windows\System32\svchost.exe 3324 C:\Windows\System32\SearchIndexer.exe 3532 C:\Program Files\ATK Hotkey\KBFiltr.exe 3656 WUDFHost.exe 1820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2728 C:\Program Files\iPod\bin\iPodService.exe 4512 C:\Program Files\Mobile Partner\Mobile Partner.exe 4924 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1380 C:\Program Files\Mozilla Firefox\firefox.exe 5816 C:\Program Files\Mozilla Firefox\plugin-container.exe 5824 C:\Windows\System32\conime.exe 4380 C:\Windows\System32\SearchProtocolHost.exe 1556 C:\Windows\System32\SearchFilterHost.exe 2504 C:\Users\***\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`8d1db400 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 16FACB29D75458833E397367B1DA17929157C2B3 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1 |
|
06.09.2010, 13:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Musik im Hintergrund! Virus? Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
07.09.2010, 09:02
| #3 |
| | Musik im Hintergrund! Virus? Viiielen Dank für die Antwort!!
__________________Hab nun die beiden Scans durchgeführt. Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4558 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 07.09.2010 09:49:53 mbam-log-2010-09-07 (09-49-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 262487 Laufzeit: 1 Stunde(n), 46 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden)OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2010 09:53:37 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,66 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 29,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0498CFC5-29E4-4869-A74E-1FC660E8F6F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35432A52-75AB-429D-824E-A322D91C40DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60F7ACF0-7A1C-4AF7-B96D-62D4F170B65A}" = lport=138 | protocol=17 | dir=in | app=system |
"{72D42E46-F58D-4E37-9E6E-3B82B13B6CF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{80E87222-5153-4800-AE55-A336B043F264}" = rport=139 | protocol=6 | dir=out | app=system |
"{89C10D09-C5E0-472D-8F24-6918BBD6F433}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8BF96F11-8351-4AD6-B43A-4D78C22541E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{92CDE1D0-ABF4-4D37-9BE7-FDBE222683B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE5B970D-FD3E-4614-BEB0-FF556F4E506D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D12F72AA-D150-4C67-B9E3-F900F758A132}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5122FD5-1572-45AF-AAAA-5591E81A779F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E3DBD2C7-A7EE-477E-A7CD-14EC1B76E8B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E6719A7D-B86C-4CC2-B1FA-B5BC398F6B35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E701FB5E-8399-4BD8-ACCE-85B2A14EF838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9EB4C76-7C37-49F3-BCEB-E3BB4BB20159}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0883051-6818-4C60-9176-E8A212A5651F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F28639BF-AF21-42DC-AE34-C946145CB4DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F6D4FE6C-DAE6-46F5-8C4F-6FB389D744FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FC286C-7D9F-47AF-990A-8E83FEBA1CA0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{09099352-246A-4024-97AF-EC0DC208D804}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B0762BE-9FFD-45A2-992D-316AD62CA8FC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{11D6AF53-E422-4F23-BF43-AFBE3E571361}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{16D4BE85-372A-4541-9326-44B54CF5F6A3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{19C4D9E1-C6EE-44D0-A4D5-358C9560669C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31FE4E2F-D29A-42AB-93BA-20A3864DCEB0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{492E6544-8659-4AE6-B0D2-80CA068FA3F6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5A732FC0-A5B2-4164-BE39-9BFB4B1CC3B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B569B1C-1F8A-4FB9-BE2F-1C6917A2C154}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{87D4A2B4-4CBD-4650-82FF-C5E43D0D8552}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9D9C8259-DCE1-40A5-9D7F-D82BDAFE2006}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF9E5C4B-2C55-4ED0-9A32-746586E816E9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D0737C6C-799E-40AB-8ACA-57FA255EEE5B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E40D479D-89B8-45D9-8D59-A31B9C7CE05E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{EA07BB01-877A-4735-B984-17E45B3692B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED856ED1-8559-4F39-8201-8E5116D7DB5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F09F5273-3072-41FE-B015-15198030A71D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F74C2842-84F2-4218-B5F7-D174EAC9E407}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7749232-A452-477A-98BD-D1278D3B65E4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{646C96D5-75A9-4BAC-8506-AC57B87A6D00}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{6C296C16-07E4-4792-A5CF-7FD19542774B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FB8A6B8A-67B6-413D-932C-E387495FF686}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4218F62E-367A-4B19-8237-E21E7273725F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4CF2398E-AD4B-4D2F-9463-4CF377CB9073}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{C666CE96-F938-4A4A-B34C-E5235CBBED63}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Works2005Setup" = Setup-Start von Microsoft Works 2005
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.07.2010 08:49:42 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 08.07.2010 12:50:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.07.2010 15:43:00 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.07.2010 01:58:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.07.2010 06:39:10 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.07.2010 17:02:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2010 03:42:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2010 03:50:21 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 10.07.2010 11:17:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2010 11:32:28 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 06.09.2010 05:49:26 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.66.120 für die Netzwerkkarte mit der Netzwerkadresse
001E101FA1F5 wurde durch den DHCP-Server 151.83.188.209 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 06:06:54 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.83.188.212 für die Netzwerkkarte mit der Netzwerkadresse
001E101FA1F5 wurde durch den DHCP-Server 151.81.88.129 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 06:13:38 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.88.131 für die Netzwerkkarte mit der Netzwerkadresse
001E101FA1F5 wurde durch den DHCP-Server 151.81.170.118 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 06:21:41 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.170.117 für die Netzwerkkarte mit der Netzwerkadresse
001E101FA1F5 wurde durch den DHCP-Server 151.82.83.97 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 06:24:52 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.82.83.98 für die Netzwerkkarte mit der Netzwerkadresse
001E101FA1F5 wurde durch den DHCP-Server 151.82.61.193 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 08:42:03 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 06.09.2010 12:06:54 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 06.09.2010 12:25:37 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.82.19.170 für die Netzwerkkarte mit der Netzwerkadresse
001E101FE70E wurde durch den DHCP-Server 151.82.178.197 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.09.2010 19:18:31 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 07.09.2010 02:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2010 09:53:37 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 42,66 Gb Free Space | 36,64% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 106,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 29,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\ASScrPro.exe () PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Windows\System32\ASUSTPE.exe (ASUS) PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://w*w.web.de/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 16:23:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 08:58:37 | 000,000,000 | ---D | M] [2008.12.25 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.07 09:00:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions [2010.09.02 17:27:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.11 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions\moveplayer@movenetworks.com [2010.08.17 18:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.04.21 08:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 18:59:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.06.28 12:38:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.28 12:38:00 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.06.28 12:38:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.28 12:38:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.28 12:38:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SymLnch] C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.70.152.25 193.70.192.25 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.03.07 02:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{026605ca-0cd6-11de-9938-0023548889e6}\Shell\AutoRun\command - "" = wbj.exe O33 - MountPoints2\{026605ca-0cd6-11de-9938-0023548889e6}\Shell\open\Command - "" = wbj.exe O33 - MountPoints2\{3d53c77f-b466-11df-b1bd-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{3d53c77f-b466-11df-b1bd-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{52740197-b794-11df-bedc-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{52740197-b794-11df-bedc-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{636a6f51-b51f-11df-ab56-0023548889e6}\Shell - "" = AutoRun O33 - MountPoints2\{636a6f51-b51f-11df-ab56-0023548889e6}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{688967d6-b591-11df-9fa8-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{688967d6-b591-11df-9fa8-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.06 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.06 18:32:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.06 18:32:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.06 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.06 18:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.03 08:40:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2010.09.03 08:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.09.03 08:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.09.01 07:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010.08.31 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\***\Office Genuine Advantage [2010.08.31 18:50:21 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2010.08.31 18:50:21 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2010.08.31 18:50:21 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys [2010.08.31 18:50:21 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2010.08.31 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner [2010.08.31 15:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bologna [2010.08.30 20:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vodafone [2010.08.30 20:53:16 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\zteusbvoice.sys [2010.08.30 20:53:14 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2010.08.30 20:53:13 | 000,110,592 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys [2010.08.30 20:53:10 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2010.08.30 20:53:08 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2010.08.30 20:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2010.08.30 20:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.08.30 20:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B} [2010.08.27 08:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010.08.26 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Picture It! Premium 10 [2010.08.26 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2005 [2010.08.20 19:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\RUB [2010.08.19 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.08.19 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.08.18 15:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2010.08.18 15:14:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2010.08.18 15:14:00 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2010.08.18 15:14:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2010.08.18 15:13:30 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2010.08.18 15:13:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2010.08.18 15:13:27 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2010.08.18 15:13:27 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2010.08.18 15:13:27 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2010.08.18 15:13:27 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2010.08.18 15:13:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2010.08.18 15:13:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2010.08.18 15:13:27 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.18 15:13:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2010.08.18 15:13:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2010.08.18 15:13:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2010.08.18 15:13:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2010.08.18 15:13:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2010.08.18 15:13:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2010.08.18 15:13:26 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2010.08.18 15:13:26 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2010.08.18 15:13:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2010.08.18 15:13:26 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2010.08.18 15:13:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2010.08.18 15:13:26 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2010.08.18 15:13:26 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2010.08.18 15:13:26 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2010.08.18 15:13:26 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2010.08.18 15:13:26 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2010.08.18 15:12:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2010.08.18 15:12:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2010.08.18 15:12:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2010.08.18 15:12:45 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2010.08.18 15:12:45 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2010.08.18 15:12:45 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2010.08.18 15:12:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2010.08.18 15:12:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2010.08.18 15:12:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2010.08.18 15:11:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2010.08.18 15:11:32 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2010.08.18 09:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010.08.18 09:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010.08.18 09:35:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010.08.17 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\phase6_17_Daten [2010.08.17 20:44:17 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\SecuROM [2010.08.17 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bologna [2010.08.17 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010.08.17 20:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2010.08.17 20:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems [2010.08.17 19:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2010.08.17 19:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.08.17 19:58:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.08.17 19:56:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.08.17 19:56:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2010.08.17 19:55:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010.08.17 19:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.08.17 19:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.08.17 19:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.08.17 19:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.17 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.08.17 19:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.08.17 19:52:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.08.17 19:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.08.17 19:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.08.17 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.08.17 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010.08.17 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.08.17 19:01:09 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\HA Berufliche Bildung [2010.08.17 18:59:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.17 18:59:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.17 18:59:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.17 18:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Uni [2010.08.17 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sonstiges [2010.08.17 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rezepte [2010.08.17 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher [2010.08.17 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nachhilfe [2010.08.17 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Scans [2010.08.17 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\lustigrs [2010.08.17 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2010.08.17 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ [2010.08.17 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL [2010.08.17 18:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2 [2010.08.17 16:51:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ASUS [2010.08.11 11:06:09 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 11:06:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.11 11:06:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 11:06:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.11 11:05:51 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 11:05:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 11:05:46 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 11:05:46 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2010.09.07 09:54:42 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.07 09:42:41 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$Virus.docx [2010.09.07 09:42:40 | 000,010,042 | ---- | M] () -- C:\Users\***\Desktop\Virus.docx [2010.09.07 08:39:27 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$emails.docx [2010.09.07 07:59:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 07:59:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 07:59:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.07 07:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.07 07:59:07 | 3218,382,848 | -HS- | M] () -- C:\hiberfil.sys [2010.09.07 01:37:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4e99e680-6d62-11de-bb46-0023548889e6}.TMContainer00000000000000000002.regtrans-ms [2010.09.07 01:37:12 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4e99e680-6d62-11de-bb46-0023548889e6}.TM.blf [2010.09.07 01:37:04 | 002,573,102 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.06 18:32:18 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.06 12:34:21 | 000,040,960 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit.doc [2010.09.06 12:22:42 | 000,013,911 | ---- | M] () -- C:\Users\***\Desktop\emails.docx [2010.09.06 10:33:53 | 000,011,817 | ---- | M] () -- C:\Users\***\Desktop\B.docx [2010.09.05 18:22:33 | 000,011,330 | ---- | M] () -- C:\Users\***\Desktop\Ausgaben.xlsx [2010.09.04 07:15:17 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.04 07:15:17 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.04 07:15:17 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.04 07:15:17 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.04 07:15:17 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.03 08:40:17 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.31 18:50:25 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2010.08.27 08:07:33 | 000,108,224 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.27 08:06:18 | 000,392,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.26 12:10:47 | 000,009,216 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.23 08:58:37 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.20 19:14:42 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\RUBICon.lnk [2010.08.18 15:44:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.08.17 20:04:30 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2010.08.17 20:03:09 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2010.08.17 19:58:16 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.08.17 19:56:19 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.17 18:22:05 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk ========== Files Created - No Company Name ========== [2010.09.07 09:42:41 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$Virus.docx [2010.09.07 09:42:39 | 000,010,042 | ---- | C] () -- C:\Users\***\Desktop\Virus.docx [2010.09.07 08:39:27 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$emails.docx [2010.09.06 18:32:18 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.06 10:44:42 | 000,040,960 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit.doc [2010.09.06 10:33:52 | 000,011,817 | ---- | C] () -- C:\Users\***\Desktop\B.docx [2010.09.05 18:22:03 | 000,011,330 | ---- | C] () -- C:\Users\***\Desktop\Ausgaben.xlsx [2010.09.03 08:40:17 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.01 14:41:33 | 000,013,911 | ---- | C] () -- C:\Users\***\Desktop\emails.docx [2010.08.31 18:50:25 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2010.08.20 19:14:42 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\RUBICon.lnk [2010.08.19 12:32:55 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.18 15:44:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.08.17 20:03:09 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2010.08.17 20:02:49 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2010.08.17 19:58:16 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.08.17 19:56:19 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.17 18:22:05 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2009.12.20 17:15:04 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.10.19 08:05:58 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.08.30 17:38:11 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2009.08.30 17:38:11 | 000,000,000 | RHS- | C] () -- \IO.SYS [2009.08.06 10:26:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.03.14 05:32:25 | 000,000,021 | ---- | C] () -- \NIS2008.TXT [2009.02.07 19:54:53 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.12.26 09:37:05 | 3218,382,848 | -HS- | C] () -- [2008.12.26 09:37:01 | 3534,262,272 | -HS- | C] () -- [2008.11.14 23:22:05 | 000,018,825 | ---- | C] () -- \devlist.txt [2008.11.14 23:18:45 | 000,000,009 | ---- | C] () -- \Finish.log [2008.11.14 22:37:57 | 000,000,426 | ---- | C] () -- \RHDSetup.log [2008.11.14 22:04:07 | 000,000,481 | ---- | C] () -- \igoogle_log.txt [2008.11.14 21:37:51 | 000,000,021 | ---- | C] () -- \V552.txt [2008.11.14 21:29:14 | 000,000,166 | ---- | C] () -- \SumHidd.txt [2008.11.14 21:28:26 | 000,000,098 | ---- | C] () -- \SumOS.txt [2008.11.14 08:21:21 | 000,000,105 | ---- | C] () -- \Pass.txt [2008.11.14 08:21:01 | 000,000,005 | ---- | C] () -- \store.log [2008.10.01 07:09:42 | 000,000,021 | ---- | C] () -- \msapp2.LOG [2008.07.15 05:17:51 | 000,000,026 | ---- | C] () -- \RECOVERY.DAT [2008.07.15 05:17:37 | 000,000,025 | ---- | C] () -- \Driver.10 [2008.07.07 05:12:03 | 001,048,576 | ---- | C] () -- \F5SLAS.BIN [2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.23 05:01:42 | 000,000,030 | ---- | C] () -- \NERO.LOG [2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.04.29 15:49:01 | 000,000,020 | ---- | C] () -- \READER_A.TXT [2008.04.16 13:27:17 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2008.04.16 13:27:14 | 000,333,257 | RHS- | C] () -- \bootmgr [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.04.16 12:43:26 | 000,000,019 | ---- | C] () -- \CA21.txt [2008.03.21 04:56:21 | 000,002,666 | ---- | C] () -- \Patch.LOG [2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.06.12 20:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007.03.16 01:17:34 | 000,000,025 | ---- | C] () -- \OFFICE2007_A.TXT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.07.25 11:25:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IR41_QCX.dll < End of report > |
|
07.09.2010, 10:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.09.2010, 16:08
| #5 |
| | Musik im Hintergrund! Virus? Hallo! Ich habe das jetzt ausgeführt - allerdings kommt die Musik immer noch. Was kann ich noch tun? Danke!! |
|
07.09.2010, 16:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Musik im Hintergrund! Virus? |
|
07.09.2010, 17:57
| #7 |
| | Musik im Hintergrund! Virus? Alles ausgeführt! Hier das Ergebnis: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-06.04 - *** 07.09.2010 18:37:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2092 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\pi.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-07 bis 2010-09-07 ))))))))))))))))))))))))))))))
.
2010-09-07 16:08 . 2010-09-07 16:08 -------- d-----w- c:\program files\CCleaner
2010-09-07 13:07 . 2010-09-07 13:07 -------- d-----w- c:\users\Public\CyberLink
2010-09-07 13:07 . 2010-09-07 13:07 -------- d-----w- c:\users\***\AppData\Roaming\CyberLink
2010-09-07 13:07 . 2010-09-07 13:07 -------- d-----w- c:\progra~2\LightScribe
2010-09-06 16:32 . 2010-09-06 16:32 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-09-06 16:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 16:32 . 2010-09-07 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 16:32 . 2010-09-06 16:32 -------- d-----w- c:\progra~2\Malwarebytes
2010-09-06 16:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 06:41 . 2010-09-03 06:41 63488 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 06:41 . 2010-09-03 06:41 52224 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 06:41 . 2010-09-03 06:41 117760 ----a-w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 06:40 . 2010-09-03 06:40 -------- d-----w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-09-03 06:40 . 2010-09-03 06:40 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-09-03 06:40 . 2010-09-03 06:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-01 05:36 . 2010-09-01 05:36 -------- d-----w- c:\progra~2\Office Genuine Advantage
2010-08-31 17:08 . 2010-08-31 17:08 -------- d-----w- c:\users\***\Office Genuine Advantage
2010-08-31 16:50 . 2009-12-08 18:19 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-08-31 16:50 . 2009-12-07 17:53 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-31 16:50 . 2009-10-12 13:22 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-08-31 16:50 . 2007-08-09 02:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-08-31 16:49 . 2010-08-31 16:50 -------- d-----w- c:\program files\Mobile Partner
2010-08-30 18:53 . 2010-08-30 18:53 -------- d-----w- c:\users\***\AppData\Roaming\Vodafone
2010-08-30 18:53 . 2009-04-09 11:38 105344 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2010-08-30 18:53 . 2009-04-09 11:38 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-30 18:53 . 2009-04-09 11:38 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-08-30 18:53 . 2009-04-09 11:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-30 18:53 . 2009-04-09 11:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-30 18:52 . 2010-08-30 18:52 -------- d-----w- c:\progra~2\Vodafone
2010-08-30 18:52 . 2010-08-30 18:52 -------- d-----w- c:\progra~2\FLEXnet
2010-08-30 18:51 . 2010-08-30 18:51 -------- d-----w- c:\users\***\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
2010-08-27 06:30 . 2010-08-27 06:30 -------- d-----w- c:\program files\MSXML 4.0
2010-08-26 20:45 . 2010-08-26 20:50 -------- d-----w- c:\program files\Picture It! Premium 10
2010-08-26 20:32 . 2010-08-26 20:32 -------- d-----w- c:\program files\Microsoft Works Suite 2005
2010-08-20 17:14 . 2010-08-20 17:14 -------- d-----w- c:\program files\RUB
2010-08-19 10:32 . 2010-08-19 10:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-18 13:45 . 2010-08-18 13:45 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-18 13:14 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-08-18 13:14 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-08-18 13:14 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-08-18 13:12 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-18 13:12 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-08-18 13:12 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-08-18 13:12 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-18 13:12 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-08-18 13:12 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-18 13:12 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-08-18 13:12 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-08-18 13:12 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-18 13:12 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-08-18 13:12 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-08-18 13:12 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-18 13:11 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-18 13:11 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-18 13:11 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-18 07:35 . 2010-08-18 07:35 -------- d-----w- c:\windows\system32\ca-ES
2010-08-18 07:35 . 2010-08-18 07:35 -------- d-----w- c:\windows\system32\eu-ES
2010-08-18 07:35 . 2010-08-18 07:35 -------- d-----w- c:\windows\system32\vi-VN
2010-08-17 18:44 . 2010-08-17 18:44 -------- d--h--r- c:\users\***\AppData\Roaming\SecuROM
2010-08-17 18:03 . 2010-08-17 18:03 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2010-08-17 18:02 . 2010-08-17 18:02 -------- d-----w- c:\program files\Cisco Systems
2010-08-17 17:58 . 2010-09-07 15:04 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-08-17 17:58 . 2010-08-17 17:58 -------- d-----w- c:\program files\Common Files\Skype
2010-08-17 17:58 . 2010-08-17 17:58 -------- d-----r- c:\program files\Skype
2010-08-17 17:56 . 2010-08-26 15:12 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2010-08-17 17:56 . 2010-08-17 17:56 -------- d-----w- c:\users\***\AppData\Local\Apple Computer
2010-08-17 17:55 . 2010-08-17 17:55 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-17 17:55 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-17 17:55 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\program files\iPod
2010-08-17 17:54 . 2010-08-17 17:55 -------- d-----w- c:\program files\iTunes
2010-08-17 17:54 . 2010-08-17 17:55 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-17 17:52 . 2010-08-17 17:53 -------- d-----w- c:\program files\QuickTime
2010-08-17 17:52 . 2010-08-17 17:54 -------- d-----w- c:\progra~2\Apple Computer
2010-08-17 17:52 . 2010-08-17 17:52 -------- d-----w- c:\users\***\AppData\Local\Apple
2010-08-17 17:51 . 2010-08-17 17:51 -------- d-----w- c:\program files\Apple Software Update
2010-08-17 17:49 . 2010-08-17 17:49 -------- d-----w- c:\program files\Bonjour
2010-08-17 17:49 . 2010-08-17 17:54 -------- d-----w- c:\program files\Common Files\Apple
2010-08-17 17:49 . 2010-08-17 17:49 -------- d-----w- c:\progra~2\Apple
2010-08-17 17:01 . 2010-08-17 17:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-17 16:21 . 2010-09-07 16:21 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-08-17 16:21 . 2010-08-17 16:21 -------- d-----w- c:\users\***\AppData\Local\AOL
2010-08-17 16:21 . 2010-08-24 06:11 -------- d-----w- c:\program files\ICQ7.2
2010-08-17 14:51 . 2010-08-17 14:51 -------- d-----w- c:\users\***\AppData\Local\ASUS
2010-08-11 09:06 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 09:06 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 09:06 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 09:05 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 09:05 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 09:05 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 09:05 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 09:05 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 09:05 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 09:05 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 09:05 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 09:05 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:36 . 2010-09-07 16:36 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-09-07 14:56 . 2009-02-13 13:06 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-09-07 13:07 . 2008-11-14 19:09 -------- d-----w- c:\progra~2\CyberLink
2010-09-04 05:15 . 2008-04-16 11:11 628742 ----a-w- c:\windows\system32\perfh007.dat
2010-09-04 05:15 . 2008-04-16 11:11 126454 ----a-w- c:\windows\system32\perfc007.dat
2010-08-27 13:33 . 2008-12-30 09:21 -------- d-----w- c:\program files\Microsoft Works
2010-08-27 06:07 . 2008-12-25 15:47 108224 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 13:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 13:44 . 2010-08-18 13:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-18 07:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-18 07:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-17 17:58 . 2009-02-13 13:01 -------- d-----w- c:\progra~2\Skype
2010-08-17 16:58 . 2010-04-21 06:07 -------- d-----w- c:\program files\Java
2010-08-17 16:37 . 2009-10-19 05:58 -------- d-----w- c:\program files\Catan
2010-08-17 16:37 . 2008-11-14 19:54 -------- d-----w- c:\program files\Google
2010-08-17 16:21 . 2008-11-14 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 14:51 . 2008-11-14 21:01 -------- d-----w- c:\progra~2\ASUS
2010-08-11 09:45 . 2008-11-14 18:53 -------- d-----w- c:\progra~2\Microsoft Help
2010-07-17 03:00 . 2010-04-21 06:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 09:30 . 2009-02-07 17:54 680 ----a-w- c:\users\***\AppData\Local\d3d9caps.dat
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-14 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-14 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-8-17 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b2,02,d8,ff,a8,3e,cb,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\
FF - prefs.js: browser.startup.homepage - hxxp://w*w.web.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://w*w.gmer.net
Rootkit scan 2010-09-07 18:48
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
C:\ADSM_PData_0150
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-07 18:53:25
ComboFix-quarantined-files.txt 2010-09-07 16:53
Vor Suchlauf: 7 Verzeichnis(se), 64.082.599.936 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 64.007.680.000 Bytes frei
- - End Of File - - 4B6E059E4F593888D4CBE75D40CB0082
|
|
07.09.2010, 19:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend auch nochmal zur Kontrolle MBRCheck ausführen und das neue Log davon posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2010, 21:25
| #9 |
| | Musik im Hintergrund! Virus? So hier die Ergebnisse der drei Programme. Ich hoffe, ich habe alles richtig gemacht!! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - h**p://w*w.gmer.net
Rootkit scan 2010-09-07 21:47:18
Windows 6.0.6002 Service Pack 2
Running: jweto7vq.exe; Driver: C:\Users\***\AppData\Local\Temp\awtyipod.sys
---- System - GMER 1.0.15 ----
SSDT 8C90BE9C ZwCreateThread
SSDT 8C90BE88 ZwOpenProcess
SSDT 8C90BE8D ZwOpenThread
SSDT 8C90BE97 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 81EF1984 4 Bytes [9C, BE, 90, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EF1B54 4 Bytes [88, BE, 90, 8C]
.text ntkrnlpa.exe!KeSetEvent + 40D 81EF1B70 4 Bytes [8D, BE, 90, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 81EF1D84 4 Bytes [97, BE, 90, 8C]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC04000, 0x1F875A, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
Report of OSAM: Autorun Manager v5.0.11926.0 h**p://w*w.online-solutions.ru/en/ Saved at 22:11:31 on 07.09.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Control Panel Objects HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "ASMMAP" (ASMMAP) C:\Program Files\ATKGFNEX\ASMMAP.sys File exists |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\Users\***\AppData\Local\Temp\catchme.sys File not found |||||| "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) "Cisco Systems, Inc." C:\Windows\system32\Drivers\CVPNDRVA.sys File exists |||||| "Data Security Manager Driver" (AsDsm) "Windows (R) Codename Longhorn DDK provider" C:\Windows\system32\drivers\AsDsm.sys File exists |||||| "ghaio" (ghaio) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys File found, but it contains no detailed information "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found |||||| "lullaby" (lullaby) "Windows (R) Codename Longhorn DDK provider" C:\Windows\System32\DRIVERS\lullaby.sys File exists |||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists |||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" "Hewlett-Packard Company" "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found |||||| {2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" "ASUS" C:\Windows\system32\TPESetting.dll File exists {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists Internet Explorer HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_21.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists |||| "ICQ7.2" "ICQ, LLC." C:\Program Files\ICQ7.2\ICQ.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists |||||| "desktop.ini" C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||||| "VPN Client.lnk" "Cisco Systems, Inc." C:\Program Files\Cisco Systems\VPN Client\vpngui.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "ICQ" "ICQ, LLC." "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File exists |||| "LightScribe Control Panel" "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||| "ASUS Camera ScreenSaver" C:\Windows\AsScrProlog.exe File found, but it contains no detailed information |||| "ASUS Screen Saver Protector" C:\Windows\ASScrPro.exe File exists |||| "ASUSTPE" "ASUS" C:\Windows\system32\ASUSTPE.exe File exists |||| "ATKMEDIA" "ASUS" C:\Program Files\ASUS\ATK Media\DMedia.exe File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "CLMLServer" "CyberLink" "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" File exists || "DXM6Patch_981116" "Microsoft Corporation" C:\Windows\p_981116.exe /Q:A File exists |||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists |||| "P2Go_Menu" "CyberLink Corp." "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists |||||| "ADSM Service" (ADSMService) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe File exists |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "ASLDR Service" (ASLDRService) C:\Program Files\ATK Hotkey\ASLDRSrv.exe File exists |||||| "ATKGFNEX Service" (ATKGFNEXSrv) C:\Program Files\ATKGFNEX\GFNEXSrv.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "Cisco Systems, Inc. VPN Service" (CVPND) "Cisco Systems, Inc." C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "spmgr" (spmgr) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe File exists Winlogon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "ScCertProp" wlnotify.dll File not found Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer Inc. System Product Name: F5SR Logical Drives Mask: 0x000000fc Kernel Drivers (total 158): 0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe 0x81E08000 \SystemRoot\system32\hal.dll 0x8040F000 \SystemRoot\system32\kdcom.dll 0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80486000 \SystemRoot\system32\PSHED.dll 0x80497000 \SystemRoot\system32\BOOTVID.dll 0x8049F000 \SystemRoot\system32\CLFS.SYS 0x804E0000 \SystemRoot\system32\CI.dll 0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068D000 \SystemRoot\system32\drivers\acpi.sys 0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E4000 \SystemRoot\system32\drivers\pci.sys 0x8070B000 \SystemRoot\System32\drivers\partmgr.sys 0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80727000 \SystemRoot\system32\drivers\volmgr.sys 0x80736000 \SystemRoot\System32\drivers\volmgrx.sys 0x80780000 \SystemRoot\system32\drivers\pciide.sys 0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80795000 \SystemRoot\System32\drivers\mountmgr.sys 0x807A5000 \SystemRoot\system32\drivers\atapi.sys 0x807AD000 \SystemRoot\system32\drivers\ataport.SYS 0x807CB000 \SystemRoot\system32\drivers\fltmgr.sys 0x805C0000 \SystemRoot\system32\drivers\fileinfo.sys 0x805D0000 \SystemRoot\System32\Drivers\AsDsm.sys 0x805DA000 \SystemRoot\system32\DRIVERS\lullaby.sys 0x89E01000 \SystemRoot\System32\Drivers\ksecdd.sys 0x89E72000 \SystemRoot\system32\drivers\ndis.sys 0x89F7D000 \SystemRoot\system32\drivers\msrpc.sys 0x89FA8000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A000000 \SystemRoot\System32\drivers\tcpip.sys 0x8A0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A204000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A314000 \SystemRoot\system32\drivers\wd.sys 0x8A31C000 \SystemRoot\system32\drivers\volsnap.sys 0x8A355000 \SystemRoot\System32\Drivers\spldr.sys 0x8A35D000 \SystemRoot\System32\Drivers\mup.sys 0x8A36C000 \SystemRoot\System32\drivers\ecache.sys 0x8A393000 \SystemRoot\system32\drivers\disk.sys 0x8A3A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A3C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A3EE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A105000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8A10E000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0x8A116000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8DA08000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8DED2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8DF73000 \SystemRoot\System32\drivers\watchdog.sys 0x8DF7F000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8DF92000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x8DF9A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8DFA5000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8DFD4000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8DFD6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8DFE1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8DFF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8A125000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8A12F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A16D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8A17C000 \SystemRoot\system32\DRIVERS\SiSGB6.sys 0x8E00F000 \SystemRoot\system32\DRIVERS\athr.sys 0x8E0F3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E180000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8E184000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8E1A3000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8A18C000 \SystemRoot\system32\DRIVERS\storport.sys 0x8E1D2000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E1DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8E1F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A1CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8E000000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x89FE3000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x805E2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8A1F0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8DA00000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8E40B000 \SystemRoot\system32\DRIVERS\ks.sys 0x8E435000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8E43F000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8E44C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8E481000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8E600000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8E492000 \SystemRoot\system32\drivers\portcls.sys 0x8E4BF000 \SystemRoot\system32\drivers\drmk.sys 0x8E80F000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8E935000 \SystemRoot\system32\drivers\modem.sys 0x8E942000 \SystemRoot\system32\drivers\MODEMCSA.sys 0x8E94C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8E955000 \SystemRoot\System32\Drivers\Null.SYS 0x8E95C000 \SystemRoot\System32\Drivers\Beep.SYS 0x8E963000 \SystemRoot\System32\drivers\vga.sys 0x8E96F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8E990000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8E998000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8E9A0000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8E9AB000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8E9B9000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8E9C2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8E9D8000 \SystemRoot\system32\DRIVERS\smb.sys 0x8E4E4000 \SystemRoot\system32\drivers\afd.sys 0x8E52C000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8E55E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8E9EC000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8E574000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8E9FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8E587000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x8E800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8E5A9000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E7F2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E5E5000 \SystemRoot\System32\Drivers\dfsc.sys 0x8EA0B000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8EA27000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8EA29000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8EA40000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8EA4D000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8EA58000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8FA02000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x8FBB3000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x8FBC0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x8FBC7000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x8FBD9000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys 0x8EA60000 \SystemRoot\system32\DRIVERS\ewusbnet.sys 0x8EA7F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x95270000 \SystemRoot\System32\win32k.sys 0x8FBF3000 \SystemRoot\System32\drivers\Dxapi.sys 0x8EA94000 \SystemRoot\system32\DRIVERS\monitor.sys 0x95490000 \SystemRoot\System32\TSDDD.dll 0x954B0000 \SystemRoot\System32\cdd.dll 0x8EAA3000 \SystemRoot\system32\drivers\luafv.sys 0x8EABE000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8EAD2000 \SystemRoot\system32\drivers\spsys.sys 0x8EB82000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8EB92000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8EBBC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8EBC6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8EBD9000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys 0x9D807000 \SystemRoot\system32\drivers\H**P.sys 0x9D874000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D891000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D8AA000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D8BF000 \SystemRoot\system32\drivers\mrxdav.sys 0x9D8E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9D8FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9D938000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D950000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D977000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D9C5000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9F00D000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0x9F09D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 0x9F0A0000 \SystemRoot\system32\drivers\peauth.sys 0x9F17E000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9F188000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9F194000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9F1BC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9F1D1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x9F1E5000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x775E0000 \Windows\System32\ntdll.dll Processes (total 80): 0 System Idle Process 4 System 448 C:\Windows\System32\smss.exe 584 csrss.exe 688 C:\Windows\System32\wininit.exe 700 csrss.exe 732 C:\Windows\System32\services.exe 748 C:\Windows\System32\lsass.exe 756 C:\Windows\System32\lsm.exe 780 C:\Windows\System32\winlogon.exe 968 C:\Windows\System32\svchost.exe 1048 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\Ati2evxx.exe 1240 C:\Windows\System32\svchost.exe 1276 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\svchost.exe 1364 C:\Windows\System32\audiodg.exe 1400 C:\Windows\System32\SLsvc.exe 1440 C:\Windows\System32\svchost.exe 1544 C:\Windows\System32\Ati2evxx.exe 1568 C:\Program Files\ASUS\SmartLogon\smartlogon.exe 1620 C:\Windows\System32\svchost.exe 1768 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 1780 C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1820 C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1964 C:\Windows\System32\spoolsv.exe 1972 C:\Windows\System32\taskeng.exe 2000 C:\Windows\System32\dwm.exe 2016 C:\Windows\System32\wlanext.exe 2044 C:\Program Files\Avira\AntiVir Desktop\sched.exe 244 C:\Windows\explorer.exe 284 C:\Windows\System32\svchost.exe 1540 C:\Windows\System32\agrsmsvc.exe 1612 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 392 C:\Program Files\Bonjour\mDNSResponder.exe 2108 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2152 C:\Windows\System32\taskeng.exe 2180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2192 C:\Program Files\ATK Hotkey\HControl.exe 2200 C:\Program Files\ATKOSD2\ATKOSD2.exe 2212 C:\Program Files\Wireless Console 2\wcourier.exe 2292 C:\Windows\System32\svchost.exe 2316 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 2336 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe 2348 C:\Program Files\P4G\BatteryLife.exe 2524 C:\Windows\System32\svchost.exe 2560 C:\Windows\System32\taskeng.exe 2592 C:\Program Files\ASUS\ASUS Live Update\ALU.exe 2640 C:\Windows\System32\svchost.exe 2672 C:\Windows\System32\SearchIndexer.exe 2724 C:\Program Files\Windows Defender\MSASCui.exe 2748 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 2820 C:\Windows\RtHDVCpl.exe 2828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2840 C:\Program Files\ASUS\ATK Media\DMedia.exe 2852 C:\Windows\System32\ASUSTPE.exe 2868 C:\Windows\ASScrPro.exe 2876 C:\Program Files\QuickTime\QTTask.exe 2884 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2920 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2980 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe 3036 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3056 C:\Program Files\iTunes\iTunesHelper.exe 3096 C:\Program Files\Windows Sidebar\sidebar.exe 3104 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 3112 C:\Windows\ehome\ehtray.exe 3120 C:\Program Files\ICQ7.2\ICQ.exe 3128 WUDFHost.exe 3212 C:\Program Files\ATK Hotkey\ATKOSD.exe 3632 C:\Program Files\ATK Hotkey\KBFiltr.exe 3644 C:\Windows\ehome\ehmsas.exe 4004 C:\Program Files\iPod\bin\iPodService.exe 4136 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4936 C:\Program Files\Mobile Partner\Mobile Partner.exe 5556 C:\Program Files\Mozilla Firefox\firefox.exe 1216 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5756 C:\Users\***\Downloads\MBRCheck.exe 4708 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`8d1db400 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
08.09.2010, 12:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2010, 10:53
| #11 |
| | Musik im Hintergrund! Virus? Hier die beiden Scans. Danke!! Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4578 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 09.09.2010 09:57:33 mbam-log-2010-09-09 (09-57-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 251700 Laufzeit: 1 Stunde(n), 18 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log h**p://w*w.superantispyware.com Generated 09/09/2010 at 11:40 AM Application Version : 4.42.1000 Core Rules Database Version : 5476 Trace Rules Database Version: 3288 Scan type : Complete Scan Total Scan Time : 01:37:44 Memory items scanned : 821 Memory threats detected : 0 Registry items scanned : 7569 Registry threats detected : 0 File items scanned : 124036 File threats detected : 102 Adware.Tracking Cookie C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[5].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[3].txt imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ] C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[2].txt .doubleclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .tribalfusion.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad3.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .apmebf.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ww251.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] studivz.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .im.banner.t-online.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad2.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .clickaider.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] statse.webtrendslive.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .ad.adnet.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .xiti.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .adviva.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .germanwings.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .libri.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] tradefx.advertserve.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] .77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] ad1.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ] |
|
09.09.2010, 13:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2010, 15:49
| #13 |
| | Musik im Hintergrund! Virus? Leider ist die Musik immer noch da. Scheint ein hartnäckiger Virus zu sein! Danke schonmal bis hierher für deine Bemühungen Ich hoffe aber, du weißt noch was, was ich tun könnte!!?? |
|
09.09.2010, 19:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Musik im Hintergrund! Virus? Hm, ich hab nochmal nachgesehen, aber offensichtlich hab ich nichts übersehen  Probier mal eine saubere Re-Installation von ICQ/Skype. Hilfe das auch nicht, machst Du mal mit der Kasperksy-Resue-CD weiter => Kaspersky Rescue Disk: Boot-CD mit Virenscanner (ISO-Image) ... ScareWare.de
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2010, 09:59
| #15 |
| | Musik im Hintergrund! Virus? Die Reinstallation hat leider nichts gebracht! Mit der Kasperksy-Resue-CD kann ich den Schritt nicht durchführen, den Scanner upzudaten. Ich denke mal, dass liegt daran, dass ich mit einem Internetstick ins Internet gehe und so dann nicht im Internet bin. Kann ich das irgendwie anders updaten? |
|
| Themen zu Musik im Hintergrund! Virus? |
| 0x0000001f, ad.yieldmanager, adfarm, advertising, appdata, cookies, detected, doubleclick, ergebnis, flash player, folge, folgendes, forum, googleads.g.doubleclick.net, guten, hintergrund, home premium, macromedia, microsoft, musik, musik im hintergrund, player, problem, roaming, scan, superantispyware, unknown mbr, version, virus, virus musik hintergrund icq skype, virus?, windows, windows vista home |
Linear-Darstellung
