| |
| |||||||
Log-Analyse und Auswertung: Verlinkungen auf fremde Seiten, wordslife.com virus?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2010, 12:48
| #1 | |
 |  Verlinkungen auf fremde Seiten, wordslife.com virus? Hallo, seit einigen Tagen hat sich mein Firefox Browser verselbstständigt. In unregelmäßigen Abständen öffnen sich Pop-up Seiten oder anstatt der angewählten Seite, völlig fremde, unbekannte Seiten. Gelegentlich öffnet sich auch ein gefaktes Fenster, das den Windows Expolrer und eine Art Virenscan darstellt, den ich jedesmal sofort abbreche und den Browser beende. Ich habe hier an Board schon ähnliche Probleme von Usern nachlesen können, allerdings haben meine versuche mit MAlwarebytes, OTL und co. keinen Erfolg gebracht. Über eine Hilfe wäre ich äußerst dankbar, denn ich bin mit meinem, sehr begrenzten, Compuerlatein am Ende. Hier erstmal der Logfile von Malwarebytes: Zitat:
Geändert von Toto.. (02.10.2010 um 13:21 Uhr) |
|
02.10.2010, 14:57
| #2 |
| /// Malware-holic   | Verlinkungen auf fremde Seiten, wordslife.com virus? ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
|
02.10.2010, 16:31
| #3 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Hallo Markus,
__________________vielen Dank schonmal für deine Hilfe! Hier die beiden Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.10.2010 17:14:31 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Toto\Desktop Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation Internet Explorer (Version = 8.0.7100.0) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,74 Gb Total Space | 72,54 Gb Free Space | 74,22% Space Free | Partition Type: NTFS Drive D: | 489,64 Gb Total Space | 307,90 Gb Free Space | 62,88% Space Free | Partition Type: NTFS Drive E: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 7,46 Gb Total Space | 2,27 Gb Free Space | 30,43% Space Free | Partition Type: FAT32 Computer Name: MIRAGE Current User Name: Toto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Toto\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe () PRC - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Toto\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.0_none_d75e6751736615f2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Manager) -- C:\Windows\system\regsrv.exe File not found SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (BlueSoleil Hid Service) -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe () SRV - (Start BT in service) -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () ========== Driver Services (SafeList) ========== DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\system32\DRIVERS\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-808281899-1991663251-1198128674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-808281899-1991663251-1198128674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-808281899-1991663251-1198128674-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 20 2D 6F A6 4F CB 01 [binary data] IE - HKU\S-1-5-21-808281899-1991663251-1198128674-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.09.23 09:44:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 22:37:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.01 17:13:44 | 000,000,000 | ---D | M] [2010.09.09 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\mozilla\Extensions [2010.10.01 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\mozilla\Firefox\Profiles\mrcvuz9w.default\extensions [2010.09.19 14:01:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Toto\AppData\Roaming\mozilla\Firefox\Profiles\mrcvuz9w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.01 18:07:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.25 02:44:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.25 02:44:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.25 02:44:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.25 02:44:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.25 02:44:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.27 12:26:32 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-808281899-1991663251-1198128674-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.07.09 16:18:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.07.09 16:18:00 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.08.25 16:22:14 | 000,098,304 | R--- | M] () - E:\autoplay.exe -- [ CDFS ] O33 - MountPoints2\{888fe01e-bb78-11df-b93c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{888fe01e-bb78-11df-b93c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2002.08.25 16:22:14 | 000,098,304 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {677DCE26-6E0E-4B07-C2C2-97AA7BA61ECF} - Themes Setup ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.10.02 14:47:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.02 14:46:50 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\SUPERAntiSpyware.com [2010.10.02 14:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.10.02 14:46:42 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.10.01 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\DivX [2010.10.01 18:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.10.01 18:08:22 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.10.01 18:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.10.01 17:48:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Toto\Desktop\OTL.exe [2010.10.01 17:23:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Toto\Desktop\HijackThis.exe [2010.10.01 17:13:47 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2010.10.01 17:13:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2010.10.01 17:13:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.01 17:13:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.01 17:13:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.01 17:13:38 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.10.01 17:10:20 | 028,253,422 | ---- | C] (AppWork UG (haftungsbeschränkt)) -- C:\Users\Toto\Desktop\JDownloader095Setup.exe [2010.09.27 16:16:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.09.27 16:16:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.27 15:52:06 | 006,132,304 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Toto\Desktop\mbam-rules.exe [2010.09.27 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Sunbelt Software [2010.09.27 15:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.09.25 13:36:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0 [2010.09.25 13:26:58 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.09.25 13:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.09.24 10:24:32 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Malwarebytes [2010.09.24 10:24:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.24 10:24:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.24 10:24:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.24 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.23 18:26:18 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Google [2010.09.23 18:26:18 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.09.20 23:34:10 | 000,000,000 | ---D | C] -- C:\Programme\Firefly Studios [2010.09.20 09:25:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll [2010.09.16 17:25:45 | 000,000,000 | ---D | C] -- C:\Users\Toto\Documents\Turbo Lister Backup [2010.09.16 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Toto\Documents\Turbo Lister [2010.09.15 18:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2010.09.15 18:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe Systems Shared [2010.09.15 17:47:32 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects [2010.09.15 13:14:26 | 000,000,000 | ---D | C] -- C:\Programme\eBay [2010.09.15 13:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2010.09.15 02:10:09 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\vlc [2010.09.13 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Microsoft Games [2010.09.12 18:26:57 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2010.09.12 18:26:34 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2010.09.12 18:09:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield [2010.09.12 17:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.09.12 17:50:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.09.12 17:50:15 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.09.12 17:48:29 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Adobe [2010.09.10 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Toto\Application Data [2010.09.10 16:03:00 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2010.09.10 14:19:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll [2010.09.10 14:18:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2010.09.10 14:18:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.09.10 14:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.09.10 14:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.09.10 09:18:43 | 000,000,000 | ---D | C] -- C:\Programme\Activision [2010.09.09 12:49:59 | 000,000,000 | ---D | C] -- C:\Programme\EDIROL [2010.09.09 12:46:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.09.09 12:35:28 | 000,000,000 | ---D | C] -- C:\Users\Toto\Documents\Bluetooth [2010.09.09 12:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluetooth [2010.09.09 12:31:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.09.09 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Pixmantec [2010.09.09 12:27:36 | 000,000,000 | ---D | C] -- C:\Programme\IVT Corporation [2010.09.09 12:26:02 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\WinRAR [2010.09.09 12:08:48 | 000,000,000 | ---D | C] -- C:\Programme\ASIO4ALL v2 [2010.09.09 11:57:19 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll [2010.09.09 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Toto\Documents\Image-Line [2010.09.09 11:57:07 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm [2010.09.09 11:56:41 | 000,000,000 | ---D | C] -- C:\Programme\VstPlugins [2010.09.09 11:56:37 | 000,000,000 | ---D | C] -- C:\Programme\Outsim [2010.09.09 11:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Image-Line [2010.09.09 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\Toto\Desktop\Uni [2010.09.09 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Diagnostics [2010.09.09 11:17:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010.09.09 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Macromedia [2010.09.09 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Adobe [2010.09.09 00:48:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010.09.09 00:41:14 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Mozilla [2010.09.09 00:41:14 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Mozilla [2010.09.08 21:39:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.09.08 21:21:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.09.08 21:21:28 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010.09.08 21:21:18 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010.09.08 21:21:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg [2010.09.08 21:21:10 | 000,000,000 | ---D | C] -- C:\Programme\AVG [2010.09.08 21:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010.09.08 21:20:32 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.09.08 21:18:27 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.09.08 21:17:09 | 000,000,000 | ---D | C] -- C:\Programme\Pixmantec [2010.09.08 21:12:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.09.08 21:12:54 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Winamp [2010.09.08 21:12:54 | 000,000,000 | ---D | C] -- C:\Programme\Winamp [2010.09.08 21:10:53 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.09.08 21:09:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.09.08 21:09:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.09.08 21:05:43 | 000,000,000 | R--D | C] -- C:\Users\Toto\Searches [2010.09.08 21:05:34 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Identities [2010.09.08 21:05:32 | 000,000,000 | R--D | C] -- C:\Users\Toto\Contacts [2010.09.08 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\VirtualStore [2010.09.08 21:05:04 | 000,000,000 | --SD | C] -- C:\Users\Toto\AppData\Roaming\Microsoft [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Videos [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Saved Games [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Pictures [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Music [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Links [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Favorites [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Downloads [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Documents [2010.09.08 21:05:04 | 000,000,000 | R--D | C] -- C:\Users\Toto\Desktop [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Vorlagen [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\AppData\Local\Verlauf [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\AppData\Local\Temporary Internet Files [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Startmenü [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\SendTo [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Recent [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Netzwerkumgebung [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Lokale Einstellungen [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Documents\Eigene Videos [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Documents\Eigene Musik [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Eigene Dateien [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Documents\Eigene Bilder [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Druckumgebung [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Cookies [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\AppData\Local\Anwendungsdaten [2010.09.08 21:05:04 | 000,000,000 | -HSD | C] -- C:\Users\Toto\Anwendungsdaten [2010.09.08 21:05:04 | 000,000,000 | -H-D | C] -- C:\Users\Toto\AppData [2010.09.08 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Temp [2010.09.08 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Local\Microsoft [2010.09.08 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Toto\AppData\Roaming\Media Center Programs [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.09.08 21:04:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.09.08 20:43:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.09.08 20:41:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL ========== Files - Modified Within 30 Days ========== [2010.10.02 17:15:53 | 001,310,720 | -HS- | M] () -- C:\Users\Toto\NTUSER.DAT [2010.10.02 17:12:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.02 14:50:02 | 000,001,604 | ---- | M] () -- C:\Users\Toto\Desktop\FL.lnk [2010.10.02 14:46:43 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.02 14:31:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.02 13:13:17 | 000,001,424 | ---- | M] () -- C:\Users\Toto\Desktop\mbam.lnk [2010.10.02 12:29:38 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.02 12:29:38 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.02 12:28:05 | 065,562,057 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.10.02 12:26:40 | 001,476,494 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.02 12:26:40 | 000,643,640 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.02 12:26:40 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.02 12:26:40 | 000,130,496 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.02 12:26:40 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.02 12:22:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.02 12:22:34 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.02 12:22:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.02 12:22:22 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2010.10.02 02:46:39 | 001,419,288 | -H-- | M] () -- C:\Users\Toto\AppData\Local\IconCache.db [2010.10.01 18:41:01 | 000,000,000 | ---- | M] () -- C:\Users\Toto\AppData\Local\prvlcl.dat [2010.10.01 17:48:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Toto\Desktop\OTL.exe [2010.10.01 17:32:57 | 003,858,949 | ---- | M] () -- C:\Users\Toto\Desktop\ComFi.exe [2010.10.01 17:23:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Toto\Desktop\HijackThis.exe [2010.10.01 17:14:02 | 000,000,993 | ---- | M] () -- C:\Users\Toto\Desktop\JDownloader.lnk [2010.10.01 17:13:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2010.10.01 17:13:38 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.01 17:13:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.01 17:13:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.01 17:12:13 | 028,253,422 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- C:\Users\Toto\Desktop\JDownloader095Setup.exe [2010.10.01 15:59:09 | 000,037,888 | ---- | M] () -- C:\Users\Toto\Desktop\Gewicht.xls [2010.09.30 19:29:18 | 000,044,032 | ---- | M] () -- C:\Users\Toto\Desktop\Trainingsplan Peter 3.xls [2010.09.30 19:29:17 | 000,047,616 | ---- | M] () -- C:\Users\Toto\Desktop\Trainingsplan Toto 3.xls [2010.09.27 16:48:29 | 000,233,060 | ---- | M] () -- C:\Windows\System\latest.dat [2010.09.27 16:48:28 | 000,000,124 | ---- | M] () -- C:\Windows\System\update.dat [2010.09.27 16:16:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.27 15:52:18 | 006,132,304 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Toto\Desktop\mbam-rules.exe [2010.09.27 12:26:32 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.09.25 17:47:19 | 000,137,255 | ---- | M] () -- C:\Users\Toto\005-01 (2).jpg [2010.09.25 17:46:06 | 000,155,586 | ---- | M] () -- C:\Users\Toto\007-01.jpg [2010.09.25 17:43:28 | 000,128,162 | ---- | M] () -- C:\Users\Toto\008-01 (2).jpg [2010.09.25 17:40:50 | 000,124,852 | ---- | M] () -- C:\Users\Toto\Desktop\009-01.jpg [2010.09.25 13:27:03 | 000,001,222 | ---- | M] () -- C:\Users\Toto\Desktop\Spybot - Search & Destroy.lnk [2010.09.23 09:45:57 | 000,211,798 | ---- | M] () -- C:\Windows\System\tubelist.dat [2010.09.21 14:16:51 | 000,347,234 | ---- | M] () -- C:\Users\Toto\006-01.jpg [2010.09.21 14:16:39 | 000,349,775 | ---- | M] () -- C:\Users\Toto\014-01.jpg [2010.09.21 14:16:31 | 000,290,089 | ---- | M] () -- C:\Users\Toto\012-01.jpg [2010.09.21 14:16:20 | 000,315,126 | ---- | M] () -- C:\Users\Toto\011-01.jpg [2010.09.21 14:01:51 | 000,290,791 | ---- | M] () -- C:\Users\Toto\009-01.jpg [2010.09.21 14:01:30 | 000,256,995 | ---- | M] () -- C:\Users\Toto\010-01.jpg [2010.09.21 13:59:28 | 000,526,140 | ---- | M] () -- C:\Users\Toto\015-01.jpg [2010.09.21 13:58:32 | 000,502,730 | ---- | M] () -- C:\Users\Toto\016-01.jpg [2010.09.21 13:57:08 | 000,235,306 | ---- | M] () -- C:\Users\Toto\005-01.jpg [2010.09.21 13:55:48 | 000,320,729 | ---- | M] () -- C:\Users\Toto\008-01.jpg [2010.09.16 12:59:01 | 000,671,956 | ---- | M] () -- C:\Users\Toto\Toto Avatar.jpg [2010.09.15 20:09:41 | 000,383,200 | RHS- | M] () -- C:\bootmgr [2010.09.15 20:09:41 | 000,206,312 | RHS- | M] () -- C:\XELDZ [2010.09.15 18:01:52 | 000,002,257 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010.09.14 12:37:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.09.13 03:14:34 | 000,001,646 | ---- | M] () -- C:\Windows\System\msg.reg [2010.09.13 03:14:34 | 000,000,018 | ---- | M] () -- C:\Windows\System\msg.bat [2010.09.13 01:57:05 | 014,261,884 | ---- | M] () -- C:\Users\Toto\Desktop\Beat12.wav [2010.09.12 19:12:13 | 000,000,966 | ---- | M] () -- C:\Users\Toto\Desktop\Toto - Verknüpfung.lnk [2010.09.12 18:28:24 | 000,000,000 | ---- | M] () -- C:\Windows\OpPrintServer.INI [2010.09.12 15:38:14 | 000,570,535 | ---- | M] () -- C:\Users\Toto\Foto0090.jpg [2010.09.12 15:38:09 | 000,570,516 | ---- | M] () -- C:\Users\Toto\Foto0091.jpg [2010.09.12 13:42:58 | 000,326,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.10 14:58:08 | 000,082,872 | ---- | M] () -- C:\Users\Toto\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.10 14:19:18 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2010.09.09 12:44:49 | 192,450,511 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.09.09 12:29:51 | 000,013,312 | ---- | M] () -- C:\Windows\System32\BASSMOD.dll [2010.09.09 11:17:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.09.09 11:17:14 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010.09.09 11:17:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010.09.09 11:17:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010.09.09 11:17:06 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010.09.08 21:39:22 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.09.08 21:35:48 | 000,524,288 | -HS- | M] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.09.08 21:35:48 | 000,524,288 | -HS- | M] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 21:35:48 | 000,065,536 | -HS- | M] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TM.blf [2010.09.08 21:21:18 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2010.09.08 21:21:18 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2010.09.08 21:21:18 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010.09.08 21:05:04 | 000,000,020 | -HS- | M] () -- C:\Users\Toto\ntuser.ini [2010.09.08 20:44:52 | 000,037,992 | ---- | M] () -- C:\Windows\System32\license.rtf [2010.09.08 20:43:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.09.08 20:42:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.09.06 01:33:40 | 019,517,184 | ---- | M] () -- C:\Users\Toto\Desktop\Classical.wav [2010.09.03 19:58:37 | 023,004,080 | ---- | M] () -- C:\Users\Toto\Desktop\Beat10.wav [2010.09.03 02:09:27 | 008,789,856 | ---- | M] () -- C:\Users\Toto\Desktop\beat_8.wav ========== Files Created - No Company Name ========== [2010.10.02 14:50:02 | 000,001,604 | ---- | C] () -- C:\Users\Toto\Desktop\FL.lnk [2010.10.02 14:46:43 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.02 13:13:17 | 000,001,424 | ---- | C] () -- C:\Users\Toto\Desktop\mbam.lnk [2010.10.02 12:22:59 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.01 17:32:41 | 003,858,949 | ---- | C] () -- C:\Users\Toto\Desktop\ComFi.exe [2010.10.01 17:14:02 | 000,000,993 | ---- | C] () -- C:\Users\Toto\Desktop\JDownloader.lnk [2010.09.25 17:47:18 | 000,137,255 | ---- | C] () -- C:\Users\Toto\005-01 (2).jpg [2010.09.25 17:46:04 | 000,155,586 | ---- | C] () -- C:\Users\Toto\007-01.jpg [2010.09.25 17:43:27 | 000,128,162 | ---- | C] () -- C:\Users\Toto\008-01 (2).jpg [2010.09.25 17:40:48 | 000,124,852 | ---- | C] () -- C:\Users\Toto\Desktop\009-01.jpg [2010.09.25 13:27:03 | 000,001,222 | ---- | C] () -- C:\Users\Toto\Desktop\Spybot - Search & Destroy.lnk [2010.09.23 18:26:24 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.23 18:26:23 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.21 14:01:48 | 000,290,791 | ---- | C] () -- C:\Users\Toto\009-01.jpg [2010.09.21 14:01:28 | 000,256,995 | ---- | C] () -- C:\Users\Toto\010-01.jpg [2010.09.21 14:00:56 | 000,315,126 | ---- | C] () -- C:\Users\Toto\011-01.jpg [2010.09.21 14:00:34 | 000,290,089 | ---- | C] () -- C:\Users\Toto\012-01.jpg [2010.09.21 13:59:56 | 000,349,775 | ---- | C] () -- C:\Users\Toto\014-01.jpg [2010.09.21 13:59:26 | 000,526,140 | ---- | C] () -- C:\Users\Toto\015-01.jpg [2010.09.21 13:58:30 | 000,502,730 | ---- | C] () -- C:\Users\Toto\016-01.jpg [2010.09.21 13:57:05 | 000,235,306 | ---- | C] () -- C:\Users\Toto\005-01.jpg [2010.09.21 13:56:19 | 000,347,234 | ---- | C] () -- C:\Users\Toto\006-01.jpg [2010.09.21 13:55:45 | 000,320,729 | ---- | C] () -- C:\Users\Toto\008-01.jpg [2010.09.21 09:00:36 | 000,211,798 | ---- | C] () -- C:\Windows\System\tubelist.dat [2010.09.16 12:58:58 | 000,671,956 | ---- | C] () -- C:\Users\Toto\Toto Avatar.jpg [2010.09.15 20:06:51 | 000,206,312 | RHS- | C] () -- C:\XELDZ [2010.09.15 18:01:52 | 000,002,257 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010.09.14 12:37:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.09.13 03:14:34 | 000,001,646 | ---- | C] () -- C:\Windows\System\msg.reg [2010.09.13 03:14:34 | 000,000,018 | ---- | C] () -- C:\Windows\System\msg.bat [2010.09.13 01:43:34 | 014,261,884 | ---- | C] () -- C:\Users\Toto\Desktop\Beat12.wav [2010.09.12 19:13:08 | 000,013,989 | ---- | C] () -- C:\Users\Toto\HardTraining.m3u [2010.09.12 19:12:13 | 000,000,966 | ---- | C] () -- C:\Users\Toto\Desktop\Toto - Verknüpfung.lnk [2010.09.12 18:28:24 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2010.09.12 13:44:35 | 000,044,032 | ---- | C] () -- C:\Users\Toto\Desktop\Trainingsplan Peter 3.xls [2010.09.12 04:22:28 | 000,000,000 | ---- | C] () -- C:\Users\Toto\AppData\Local\prvlcl.dat [2010.09.10 19:11:41 | 000,047,616 | ---- | C] () -- C:\Users\Toto\Desktop\Trainingsplan Toto 3.xls [2010.09.10 16:01:19 | 000,037,888 | ---- | C] () -- C:\Users\Toto\Desktop\Gewicht.xls [2010.09.10 16:01:12 | 019,517,184 | ---- | C] () -- C:\Users\Toto\Desktop\Classical.wav [2010.09.10 16:01:12 | 015,606,676 | ---- | C] () -- C:\Users\Toto\Desktop\Beat11.wav [2010.09.10 16:01:11 | 023,004,080 | ---- | C] () -- C:\Users\Toto\Desktop\Beat10.wav [2010.09.10 16:01:11 | 008,789,856 | ---- | C] () -- C:\Users\Toto\Desktop\beat_8.wav [2010.09.10 16:01:03 | 000,016,384 | ---- | C] () -- C:\Users\Toto\Desktop\Arbeitsstunden.xls [2010.09.10 14:19:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.09.10 09:09:19 | 000,233,060 | ---- | C] () -- C:\Windows\System\latest.dat [2010.09.10 09:09:19 | 000,000,124 | ---- | C] () -- C:\Windows\System\update.dat [2010.09.09 16:10:39 | 000,570,535 | ---- | C] () -- C:\Users\Toto\Foto0090.jpg [2010.09.09 16:09:58 | 000,570,516 | ---- | C] () -- C:\Users\Toto\Foto0091.jpg [2010.09.09 12:31:47 | 192,450,511 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.09.09 12:26:32 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2010.09.08 21:21:18 | 065,562,057 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.09.08 21:21:18 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2010.09.08 21:21:18 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2010.09.08 21:21:18 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010.09.08 21:21:18 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010.09.08 21:05:04 | 001,310,720 | -HS- | C] () -- C:\Users\Toto\NTUSER.DAT [2010.09.08 21:05:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.09.08 21:05:04 | 000,524,288 | -HS- | C] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 21:05:04 | 000,262,144 | -HS- | C] () -- C:\Users\Toto\ntuser.dat.LOG1 [2010.09.08 21:05:04 | 000,065,536 | -HS- | C] () -- C:\Users\Toto\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TM.blf [2010.09.08 21:05:04 | 000,000,020 | -HS- | C] () -- C:\Users\Toto\ntuser.ini [2010.09.08 21:05:04 | 000,000,000 | -HS- | C] () -- C:\Users\Toto\ntuser.dat.LOG2 [2010.09.08 20:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.08 20:42:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.09.07 00:48:01 | 2415,370,240 | -HS- | C] () -- C:\hiberfil.sys [2009.04.22 05:50:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.04.22 05:40:32 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.09.09 12:29:22 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Pixmantec [2010.10.02 12:22:59 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009.04.22 10:27:21 | 000,012,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.25 17:47:29 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Adobe [2010.10.01 18:09:29 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\DivX [2010.09.08 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Identities [2010.09.09 00:49:00 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Macromedia [2010.09.24 10:24:32 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Malwarebytes [2009.04.22 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Media Center Programs [2010.09.16 00:28:56 | 000,000,000 | --SD | M] -- C:\Users\Toto\AppData\Roaming\Microsoft [2010.09.09 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Mozilla [2010.09.09 12:29:22 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Pixmantec [2010.10.02 14:46:50 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\SUPERAntiSpyware.com [2010.09.30 01:16:39 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\vlc [2010.10.01 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\Winamp [2010.09.09 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\Toto\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys [2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys [2009.04.22 07:24:12 | 000,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.05.06 15:36:34 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\DRIVER\VGA\ATI-CARDS\setup\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2007.04.16 18:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\DRIVER\VGA\ATI-CARDS\setup\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys [2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys [2009.04.22 07:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll [2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\explorer.exe [2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe < MD5 for: IASTORV.SYS > [2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys [2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.04.22 07:24:21 | 000,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll [2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys [2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys [2009.04.22 07:24:17 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys < MD5 for: SCECLI.DLL > [2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll [2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll < MD5 for: USER32.DLL > [2009.04.22 07:22:10 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=5CF35E5261DAA5C68DEBA4618DBE4121 -- C:\Windows\System32\user32.dll [2009.04.22 07:22:10 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=5CF35E5261DAA5C68DEBA4618DBE4121 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_3e2b64a2c272507b\user32.dll < MD5 for: USERINIT.EXE > [2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\System32\userinit.exe [2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.22 07:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows\System32\winlogon.exe [2009.04.22 07:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.04.22 05:53:36 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=2482D8B39E0010AD1BB2EA08703E4783 -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.04.22 05:53:36 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=2482D8B39E0010AD1BB2EA08703E4783 -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7100.0_none_c07999361ce3778a\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
02.10.2010, 17:04
| #4 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
02.10.2010, 17:38
| #5 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Hi, also eine Fremde seite hat sich gerade schon wieder geöffnet. Das Problem scheint noch nicht behoben zu sein. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-01.07 - Toto 02.10.2010 18:22:07.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.49.1031.18.3071.2219 [GMT 2:00]
ausgeführt von:: c:\users\Toto\Desktop\ComFi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-02 bis 2010-10-02 ))))))))))))))))))))))))))))))
.
2010-10-02 16:25 . 2010-10-02 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-02 12:47 . 2010-10-02 12:47 63488 ----a-w- c:\users\Toto\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-02 12:47 . 2010-10-02 12:47 52224 ----a-w- c:\users\Toto\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-02 12:47 . 2010-10-02 12:47 117760 ----a-w- c:\users\Toto\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-02 12:46 . 2010-10-02 12:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-02 12:46 . 2010-10-02 12:46 -------- d-----w- c:\users\Toto\AppData\Roaming\SUPERAntiSpyware.com
2010-10-02 12:46 . 2010-10-02 12:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-01 16:08 . 2010-10-01 16:08 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-10-01 16:08 . 2010-10-01 16:08 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-10-01 16:08 . 2010-10-01 16:08 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-10-01 16:08 . 2010-10-01 16:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-10-01 16:08 . 2010-10-01 16:08 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-10-01 16:08 . 2010-10-01 16:09 -------- d-----w- c:\program files\DivX
2010-10-01 16:07 . 2010-10-01 16:07 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-10-01 16:07 . 2010-10-01 16:09 -------- d-----w- c:\programdata\DivX
2010-10-01 15:13 . 2010-10-01 15:25 -------- d-----w- c:\program files\JDownloader
2010-10-01 15:13 . 2010-10-01 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-10-01 15:13 . 2010-10-01 15:13 -------- d-----w- c:\program files\Java
2010-09-27 14:16 . 2010-10-02 12:47 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-27 14:16 . 2010-09-27 14:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-27 13:49 . 2010-09-27 13:49 -------- d-----w- c:\users\Toto\AppData\Local\Sunbelt Software
2010-09-27 13:49 . 2010-09-08 13:00 2985688 -c----w- c:\programdata\~0\Ad-AwareInstall.exe
2010-09-27 13:49 . 2010-10-02 12:47 -------- d-----w- c:\programdata\Lavasoft
2010-09-25 11:36 . 2010-10-02 12:47 -------- dc-h--w- c:\programdata\~0
2010-09-25 11:26 . 2010-09-25 12:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-25 11:26 . 2010-09-25 11:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 08:24 . 2010-09-24 08:24 -------- d-----w- c:\users\Toto\AppData\Roaming\Malwarebytes
2010-09-24 08:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 08:24 . 2010-10-02 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 08:24 . 2010-09-24 08:24 -------- d-----w- c:\programdata\Malwarebytes
2010-09-24 08:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 16:26 . 2010-09-23 16:27 -------- d-----w- c:\users\Toto\AppData\Local\Google
2010-09-23 16:26 . 2010-09-23 16:27 -------- d-----w- c:\program files\Google
2010-09-23 07:42 . 2010-09-23 07:42 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 07:42 . 2010-09-23 07:42 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 07:42 . 2010-09-23 07:42 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 07:42 . 2010-09-23 07:42 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 07:42 . 2010-09-23 07:42 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-23 07:41 . 2010-09-23 07:41 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-21 07:00 . 2010-09-23 07:45 211798 ----a-w- c:\windows\system\tubelist.dat
2010-09-12 16:26 . 2010-09-12 16:31 -------- d-----w- c:\program files\Canon
2010-09-12 16:09 . 2010-09-20 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-12 15:50 . 2010-09-15 16:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-12 15:48 . 2010-09-14 23:52 -------- d-----w- c:\users\Toto\AppData\Local\Adobe
2010-09-12 02:22 . 2010-10-01 16:41 0 ----a-w- c:\users\Toto\AppData\Local\prvlcl.dat
2010-09-10 14:03 . 2010-09-10 14:03 -------- d-----w- c:\program files\MSECache
2010-09-10 12:19 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-09-10 12:19 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-09-10 12:18 . 2010-09-10 12:18 -------- d-----w- c:\windows\PCHEALTH
2010-09-10 12:18 . 2010-09-10 12:18 -------- d-----w- c:\program files\Microsoft.NET
2010-09-10 07:18 . 2010-09-10 07:18 -------- d-----w- c:\program files\Activision
2010-09-10 07:09 . 2010-09-27 14:48 233060 ----a-w- c:\windows\system\latest.dat
2010-09-10 07:09 . 2010-09-27 14:48 124 ----a-w- c:\windows\system\update.dat
2010-09-09 10:49 . 2010-09-09 10:49 -------- d-----w- c:\program files\EDIROL
2010-09-09 10:35 . 2010-09-12 13:19 -------- d-----w- c:\programdata\Bluetooth
2010-09-09 10:29 . 2010-09-09 10:29 -------- d-----w- c:\users\Toto\AppData\Roaming\Pixmantec
2010-09-09 10:27 . 2010-09-09 10:27 -------- d-----w- c:\program files\IVT Corporation
2010-09-09 10:11 . 2010-09-10 12:58 82872 ----a-w- c:\users\Toto\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-09 10:08 . 2010-09-09 10:08 -------- d-----w- c:\program files\ASIO4ALL v2
2010-09-09 09:57 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-09-09 09:56 . 2010-09-09 10:50 -------- d-----w- c:\program files\VstPlugins
2010-09-09 09:56 . 2010-09-09 09:56 -------- d-----w- c:\program files\Outsim
2010-09-09 09:55 . 2010-09-09 09:57 -------- d-----w- c:\program files\Image-Line
2010-09-09 09:40 . 2010-09-09 09:40 -------- d-----w- c:\users\Toto\AppData\Local\Diagnostics
2010-09-09 09:17 . 2010-09-09 09:17 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-09-09 09:17 . 2010-09-09 09:17 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-09-09 09:17 . 2010-09-09 09:17 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-09-09 09:17 . 2010-09-09 09:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-09 01:02 . 2010-09-08 19:21 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-09-09 01:02 . 2010-09-08 19:21 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-09-09 01:02 . 2010-09-08 19:21 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-09-08 22:48 . 2010-09-08 22:48 -------- d-----w- c:\windows\system32\Macromed
2010-09-08 22:41 . 2010-09-08 22:41 -------- d-----w- c:\users\Toto\AppData\Local\Mozilla
2010-09-08 19:39 . 2010-09-08 19:04 -------- d-----w- c:\windows\Panther
2010-09-08 19:36 . 2009-07-18 03:28 299520 ----a-w- c:\windows\system32\wmpdxm.dll
2010-09-08 19:35 . 2009-09-10 03:10 306688 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-08 19:21 . 2010-09-09 09:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-08 19:21 . 2010-09-09 09:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-08 19:21 . 2010-10-02 10:28 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-08 19:21 . 2010-09-09 09:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-08 19:21 . 2010-09-08 19:21 -------- d-----w- c:\program files\AVG
2010-09-08 19:21 . 2010-09-08 19:21 -------- d-----w- c:\programdata\avg9
2010-09-08 19:20 . 2010-10-02 12:47 -------- d-sh--w- c:\windows\Installer
2010-09-08 19:17 . 2010-09-08 19:17 -------- d-----w- c:\program files\Pixmantec
2010-09-08 19:12 . 2010-10-01 16:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-08 19:12 . 2010-10-01 13:56 -------- d-----w- c:\users\Toto\AppData\Roaming\Winamp
2010-09-08 19:12 . 2010-09-08 19:13 -------- d-----w- c:\program files\Winamp
2010-09-08 19:10 . 2010-09-08 19:10 -------- d-----w- c:\program files\VideoLAN
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\users\Default\Vorlagen
2010-09-08 19:02 . 2010-10-02 10:26 -------- d-----w- c:\windows\system32\wbem\Performance
2010-09-08 18:43 . 2010-09-08 18:43 0 ----a-w- c:\windows\ativpsrm.bin
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 10:26 . 2009-04-22 10:41 643640 ----a-w- c:\windows\system32\perfh007.dat
2010-10-02 10:26 . 2009-04-22 10:41 130496 ----a-w- c:\windows\system32\perfc007.dat
2010-09-29 23:16 . 2010-09-15 00:10 -------- d-----w- c:\users\Toto\AppData\Roaming\vlc
2010-09-20 21:34 . 2010-09-20 21:34 -------- d-----w- c:\program files\Firefly Studios
2010-09-20 21:34 . 2010-09-12 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 16:01 . 2010-09-15 16:01 -------- d-----w- c:\programdata\Macrovision
2010-09-15 16:01 . 2010-09-15 16:01 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-09-15 15:47 . 2010-09-15 15:47 -------- d-----w- c:\program files\Smart Projects
2010-09-15 11:14 . 2010-09-15 11:14 -------- d-----w- c:\programdata\eBay
2010-09-15 11:14 . 2010-09-15 11:14 -------- d-----w- c:\program files\eBay
2010-09-14 10:37 . 2010-09-14 10:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\programdata\Vorlagen
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\programdata\Startmenü
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\programdata\Favoriten
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\programdata\Dokumente
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-09-08 19:04 . 2010-09-08 19:04 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-09-08 18:42 . 2010-09-08 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-27 13:57 . 2010-07-27 13:57 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-07-27 13:57 . 2010-07-27 13:57 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-09 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-15 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 135664]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2009-04-22 3179520]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\DRIVERS\acpipmi.sys [2009-04-22 9728]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-04-22 422992]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-04-22 297552]
R3 amdsata;amdsata;c:\windows\system32\DRIVERS\amdsata.sys [2009-04-22 77904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-04-22 159312]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2009-04-22 50176]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-04-22 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-04-22 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-04-22 229888]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-04-22 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-04-22 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-04-22 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-04-22 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-04-22 12160]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-04-22 37888]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-04-22 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-04-22 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-04-22 28160]
R3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-04-22 45648]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-04-22 26624]
R3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\DRIVERS\HpSAMD.sys [2009-04-22 67152]
R3 iaStorV;iaStorV;c:\windows\system32\DRIVERS\iaStorV.sys [2009-04-22 332368]
R3 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\DRIVERS\IPMIDrv.sys [2009-04-22 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-22 186960]
R3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [2009-04-22 22528]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-04-22 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-04-22 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-04-22 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-04-22 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-04-22 30800]
R3 mpio;mpio;c:\windows\system32\DRIVERS\mpio.sys [2009-04-22 130640]
R3 msahci;msahci;c:\windows\system32\DRIVERS\msahci.sys [2009-04-22 27728]
R3 msdsm;msdsm;c:\windows\system32\DRIVERS\msdsm.sys [2009-04-22 115792]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-04-22 4096]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-04-22 12288]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-22 267264]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-04-22 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-04-22 44624]
R3 nvstor;nvstor;c:\windows\system32\DRIVERS\nvstor.sys [2009-04-22 142416]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-04-22 1383504]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-04-22 105552]
R3 s3cap;s3cap;c:\windows\system32\DRIVERS\vms3cap.sys [2009-04-22 5632]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [2009-04-22 26624]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\DRIVERS\sffp_mmc.sys [2009-04-22 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-04-22 77904]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [2009-04-22 71168]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-04-22 21072]
R3 storvsc;storvsc;c:\windows\system32\DRIVERS\storvsc.sys [2009-04-22 28240]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2009-04-22 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2009-04-22 30208]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [2009-04-22 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\DRIVERS\uliagpkx.sys [2009-04-22 57424]
R3 UmRdpService;Anschlussumleitung für Remotedesktopdienst im Benutzermodus;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\DRIVERS\usbcir.sys [2009-04-22 86016]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [2009-04-22 22528]
R3 vhdmp;vhdmp;c:\windows\system32\DRIVERS\vhdmp.sys [2009-04-22 158288]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-04-22 52736]
R3 vmbus;vmbus;c:\windows\system32\DRIVERS\vmbus.sys [2009-04-22 175824]
R3 VMBusHID;VMBusHID;c:\windows\system32\DRIVERS\VMBusHID.sys [2009-04-22 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-04-22 141904]
R3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\System32\drivers\vwifibus.sys [2009-04-22 19968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-04-22 21632]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [2009-04-22 1203200]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-04-22 19024]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-04-22 19024]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-04-22 20992]
R3 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-04-22 20992]
R3 WwanSvc;WWAN – automatische Konfiguration;c:\windows\system32\svchost.exe [2009-04-22 20992]
R4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
R4 Megatlrs;Megatlrs; [x]
S0 amdxata;amdxata;c:\windows\system32\DRIVERS\amdxata.sys [2009-04-22 23120]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [2009-04-22 249424]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-04-22 369056]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-04-22 58448]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [2009-04-22 194488]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2009-04-22 13904]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-04-22 133200]
S0 msisadrv;msisadrv;c:\windows\system32\DRIVERS\msisadrv.sys [2009-04-22 13904]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-04-22 42576]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2009-04-22 173648]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers;c:\windows\system32\DRIVERS\vmstorfl.sys [2009-04-22 40912]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\DRIVERS\vdrvroot.sys [2009-04-22 32848]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\DRIVERS\volmgr.sys [2009-04-22 52304]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-22 297040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-09-09 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-09-09 243024]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-04-22 35328]
S1 CSC;Treiber für Offlinedateien;c:\windows\system32\drivers\csc.sys [2009-04-22 387584]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-22 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-04-22 32768]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-04-22 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-04-22 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-04-22 7168]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [2009-04-22 74240]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [2009-04-22 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-04-22 9728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-09 308136]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 CscService;Offlinedateien;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-04-22 48128]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-04-22 86528]
S2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-04-22 20992]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-04-22 586752]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-04-22 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-04-22 34816]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\DRIVERS\1394ohci.sys [2009-04-22 162816]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [2009-04-22 69632]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\DRIVERS\CompositeBus.sys [2009-04-22 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-04-22 720384]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [2009-04-22 23552]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-04-22 60416]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2009-04-22 220672]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2009-04-22 94720]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-04-22 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-04-22 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-04-22 18432]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-04-22 139776]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2009-09-10 306688]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-04-22 113664]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [2009-04-22 108032]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\DRIVERS\umbus.sys [2009-04-22 39936]
S3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-04-22 20992]
S3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-04-22 20992]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
Inhalt des "geplante Tasks" Ordners
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 16:26]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 16:26]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Toto\AppData\Roaming\Mozilla\Firefox\Profiles\mrcvuz9w.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-02 18:25
Windows 6.1.7100 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-10-02 18:26:32
ComboFix-quarantined-files.txt 2010-10-02 16:26
Vor Suchlauf: 13 Verzeichnis(se), 77.576.417.280 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 77.545.283.584 Bytes frei
- - End Of File - - FF99225E4A006464E7B8AD1933133BBE
Danke und Gruß, Toto |
|
02.10.2010, 18:27
| #6 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. |
|
03.10.2010, 02:59
| #7 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Hmm.. nichts gefunden, Problem besteht aber weiterhin.. Hier das Log. Gute Nacht, Toto Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4653 Windows 6.1.7100 Internet Explorer 8.0.7100.0 03.10.2010 03:57:14 mbam-log-2010-10-03 (03-57-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 242871 Laufzeit: 34 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.10.2010, 10:22
| #8 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? aber das war nicht nach update, aktuell ist datenbank version 4720 oder so was in der drehe |
|
03.10.2010, 12:49
| #9 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Hi, habe lediglich die hier im Forum zu findenden mbam rules installiert. Ein normales Update ist leider nicht möglich. Oder habe ich vielleicht irgendetwas falsch gemacht? Versuche es nochmal zu updaten. Gruß, Toto Edit: Mir wird gemeldet: Ein Fehler ist aufgetreten... dazu steht ein Fehlercode, den ich an das Mbam-Team weiterleiten soll. |
|
03.10.2010, 13:02
| #10 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? versuchen wir erst mal gmer http://www.trojaner-board.de/74908-a...t-scanner.html |
|
03.10.2010, 14:55
| #11 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? So, das wäre erledigt. Habe allerdings zu meiner Schande beim ersten scan vergessen, die Internetleitung zu kappen  Habe deshalb im Anschluß nochmal mit gekappter Verbindung gescannt. Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-03 15:52:55
Windows 6.1.7100
Running: qb6fgqc0.exe; Driver: C:\Users\Toto\AppData\Local\Temp\fxldypow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A13898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2C1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A80549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA06B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A39000, 0x2D5378, 0xE8000020]
.text peauth.sys 9E807C9D 28 Bytes [15, 9E, 01, 1C, 33, 64, 26, ...]
.text peauth.sys 9E807CC1 28 Bytes [15, 9E, 01, 1C, 33, 64, 26, ...]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832e7673
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832e7673 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
03.10.2010, 15:04
| #12 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? download mal mbrcheck http://ad13.geekstogo.com/MBRCheck.exe rechtsklick, als admin ausführen das log posten. |
|
03.10.2010, 15:23
| #13 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Das ging flott  GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-03 15:52:55
Windows 6.1.7100
Running: qb6fgqc0.exe; Driver: C:\Users\Toto\AppData\Local\Temp\fxldypow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A13898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2C1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A80549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA06B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A39000, 0x2D5378, 0xE8000020]
.text peauth.sys 9E807C9D 28 Bytes [15, 9E, 01, 1C, 33, 64, 26, ...]
.text peauth.sys 9E807CC1 28 Bytes [15, 9E, 01, 1C, 33, 64, 26, ...]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832e7673
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832e7673 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
03.10.2010, 15:25
| #14 |
| | Verlinkungen auf fremde Seiten, wordslife.com virus? Hier das richtige Log: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7100), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: American Megatrends Inc. System Manufacturer: FUJITSU SIEMENS System Product Name: Amilo Desktop Pa3630A Logical Drives Mask: 0x000003fc Kernel Drivers (total 158): 0x82A48000 \SystemRoot\system32\ntkrnlpa.exe 0x82A11000 \SystemRoot\system32\halmacpi.dll 0x80B9B000 \SystemRoot\system32\kdcom.dll 0x8AA2D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x8AA38000 \SystemRoot\system32\PSHED.dll 0x8AA49000 \SystemRoot\system32\BOOTVID.dll 0x8AA51000 \SystemRoot\system32\CLFS.SYS 0x8AA93000 \SystemRoot\system32\CI.dll 0x8AB3E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8ABAF000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8AC10000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8AC58000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8AC61000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8AC69000 \SystemRoot\system32\DRIVERS\pci.sys 0x8AC93000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8AC9E000 \SystemRoot\System32\drivers\partmgr.sys 0x8ACAF000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8ACBF000 \SystemRoot\System32\drivers\volmgrx.sys 0x8AD0A000 \SystemRoot\system32\DRIVERS\pciide.sys 0x8AD11000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8AD1F000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AD35000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8AD3E000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8AD61000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8AD6A000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AD9E000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AE08000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AF37000 \SystemRoot\System32\Drivers\msrpc.sys 0x8AF62000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AF75000 \SystemRoot\System32\Drivers\cng.sys 0x8AFD2000 \SystemRoot\System32\drivers\pcw.sys 0x8AFE0000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B00A000 \SystemRoot\system32\drivers\ndis.sys 0x8B0C1000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B0FF000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B203000 \SystemRoot\System32\drivers\tcpip.sys 0x8B348000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B379000 \SystemRoot\system32\DRIVERS\vbtenum.sys 0x8B37D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B386000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B3C4000 \SystemRoot\System32\Drivers\spldr.sys 0x8B3CC000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B124000 \SystemRoot\System32\Drivers\mup.sys 0x8B134000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B13C000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B16E000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B17F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B3F9000 \SystemRoot\System32\Drivers\BTHidMgr.sys 0x8B1D6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B1F5000 \SystemRoot\System32\Drivers\Null.SYS 0x8B000000 \SystemRoot\System32\Drivers\Beep.SYS 0x8AFE9000 \SystemRoot\System32\drivers\vga.sys 0x8ADAF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8ADD0000 \SystemRoot\System32\drivers\watchdog.sys 0x8AFF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8AE00000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8ADDD000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8ADE5000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8ADF0000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8ABBD000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8AC00000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90021000 \SystemRoot\System32\Drivers\avgtdix.sys 0x9005B000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9008D000 \SystemRoot\system32\drivers\afd.sys 0x900E7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x900EE000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9010C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9011A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9012D000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9013D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x9015F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x90165000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x901A6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x901B0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x901BA000 \SystemRoot\System32\drivers\discache.sys 0x90605000 \SystemRoot\system32\drivers\csc.sys 0x90669000 \SystemRoot\System32\Drivers\dfsc.sys 0x90681000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x9068F000 \SystemRoot\System32\Drivers\avgmfx86.sys 0x90695000 \SystemRoot\System32\Drivers\avgldx86.sys 0x906C9000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x906E8000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x90A38000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x906F9000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90F4D000 \SystemRoot\System32\drivers\dxgmms1.sys 0x90F86000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90FA5000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x90FD1000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x90FF6000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x907B0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x90A00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90A0F000 \SystemRoot\System32\Drivers\VcommMgr.sys 0x90A19000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x90A26000 \SystemRoot\system32\DRIVERS\blueletaudio.sys 0x901C6000 \SystemRoot\system32\DRIVERS\portcls.sys 0x90000000 \SystemRoot\system32\DRIVERS\drmk.sys 0x91616000 \SystemRoot\system32\DRIVERS\ks.sys 0x9164A000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys 0x91650000 \SystemRoot\System32\Drivers\RootMdm.sys 0x91658000 \SystemRoot\system32\drivers\modem.sys 0x91665000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x91677000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x9168F000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x9169A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x916BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x916D5000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x916EC000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x91703000 \SystemRoot\system32\DRIVERS\btnetdrv.sys 0x91706000 \SystemRoot\system32\DRIVERS\VComm.sys 0x9170D000 \SystemRoot\system32\DRIVERS\serenum.sys 0x91717000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x91721000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9172E000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9173B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9173D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9174B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9178F000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x917A0000 \SystemRoot\system32\drivers\HdAudio.sys 0x96F10000 \SystemRoot\System32\win32k.sys 0x917F0000 \SystemRoot\System32\drivers\Dxapi.sys 0x91600000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x8B1A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x917FA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90A2D000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8B1BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x90019000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8ABD4000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8ABE0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x901F5000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8AA00000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8AA0D000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8AA18000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8C632000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8C643000 \SystemRoot\system32\DRIVERS\monitor.sys 0x97170000 \SystemRoot\System32\TSDDD.dll 0x971A0000 \SystemRoot\System32\cdd.dll 0x8C64E000 \SystemRoot\system32\drivers\luafv.sys 0x8C669000 \SystemRoot\system32\drivers\WudfPf.sys 0x8C683000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8C693000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8C6A6000 \SystemRoot\system32\drivers\HTTP.sys 0x8C72B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8C744000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8C756000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x8C779000 \SystemRoot\System32\Drivers\fastfat.SYS 0x8C7A3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x8C7DE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9E802000 \SystemRoot\system32\drivers\peauth.sys 0x9E899000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9E8A3000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9E8C4000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9E8D1000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9E920000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E9B7000 \??\C:\Users\Toto\AppData\Local\Temp\fxldypow.sys 0x773B0000 \Windows\System32\ntdll.dll 0x48300000 \Windows\System32\smss.exe 0x775F0000 \Windows\System32\apisetschema.dll 0x00C20000 \Windows\System32\autochk.exe Processes (total 41): 0 System Idle Process 4 System 272 C:\Windows\System32\smss.exe 400 csrss.exe 492 C:\Windows\System32\wininit.exe 500 csrss.exe 540 C:\Windows\System32\services.exe 556 C:\Windows\System32\lsass.exe 564 C:\Windows\System32\lsm.exe 664 C:\Windows\System32\winlogon.exe 732 C:\Windows\System32\svchost.exe 808 C:\Windows\System32\svchost.exe 868 C:\Windows\System32\atiesrxx.exe 940 C:\Windows\System32\svchost.exe 976 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 1172 C:\Windows\System32\svchost.exe 1280 C:\Windows\System32\svchost.exe 1376 C:\Windows\System32\atieclxx.exe 1412 C:\Windows\System32\spoolsv.exe 1480 C:\Windows\System32\svchost.exe 1576 C:\Program Files\AVG\AVG9\avgwdsvc.exe 1596 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 1812 C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe 1832 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\taskhost.exe 1876 C:\Windows\System32\dwm.exe 2072 C:\Windows\explorer.exe 2268 C:\Program Files\AVG\AVG9\avgtray.exe 2316 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2712 C:\Program Files\AVG\AVG9\avgnsx.exe 2748 C:\Windows\System32\svchost.exe 3452 C:\Program Files\AVG\AVG9\avgrsx.exe 3460 C:\Program Files\AVG\AVG9\avgchsvx.exe 3520 C:\Program Files\AVG\AVG9\avgcsrvx.exe 3788 C:\Windows\System32\SearchIndexer.exe 3916 C:\Program Files\Windows Media Player\wmpnetwk.exe 3500 C:\Windows\System32\audiodg.exe 316 C:\Users\Toto\Desktop\MBRCheck.exe 1772 C:\Windows\System32\conhost.exe 3172 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`a1b00000 (NTFS) PhysicalDrive0 Model Number: WDCWD6400AAKS-07A7B2, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
03.10.2010, 16:11
| #15 |
| /// Malware-holic | Verlinkungen auf fremde Seiten, wordslife.com virus? lade cureit http://www.trojaner-board.de/59299-a...eb-cureit.html nutze das programm im normal modus, bitte schalte alle programme ab, auch antivirus. den schnell scan abbrechen und gleich konfigurieren, dann trenne die internetverbindung, starte den scan, arbeite nicht am pc, das log wird warscheinlich ziemlich groß also lad es bitte hoch File-Upload.net und poste den download link. |
|
| Themen zu Verlinkungen auf fremde Seiten, wordslife.com virus? |
| anti-malware, board, browser, dateien, explorer, firefox, gen, logfile, malwarebytes, pop-up, probleme, scan, seite, seiten, tot, unbekannte, unregelmäßige, usern, verlinkungen, version, virenscan, virus, virus?, windows, öffnen, öffnet |
Linear-Darstellung
