| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Tool - erfolgreich entfernt? OTH klappt nicht!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.03.2011, 22:07
| #1 |
 |  System Tool - erfolgreich entfernt? OTH klappt nicht! Hallo liebe Forumsleser, ich habe mir gestern auf meinem Rechner den Trojaner System Tools eingefangen. Dank der super verständlich geschriebenen Anleitung hier im Forum (http://www.trojaner-board.de/92246-s...entfernen.html) habe ich ihn nun glaube ich soweit entfernen können. Vielen Dank an dieser Stelle an den Verfasser!  Im letzten Abschnitt steht da aber dass das System könnte trotzdem noch nicht vollständig sauber sein könnte und man doch besser einen Post hier schreiben solle, was ich nun hiermit tue. Folgendes habe ich bisher getan: 1.) im abgesicherten Modus rkill.com mehrmals ausgeführt 2.) Scan mit Malwarebytes, 5 infizierte Stellen gefunden und gelöscht 3.) Windows HOSTS-Datei gelöscht und ersetzt Bis dahin alles problemlos, der nächste empfohlene Schritt klappte aber nicht: das OTH.scr lässt sich bei mir mit Doppelklick nur mit dem Windows Notizblock öffnen und beinhaltet einen Text aus für mich wirr aussehenden Zeichen. Einen Kill all Process Button gibts da nicht.  Besteht nun die Gefahr dass der Trojaner noch irgendwo vorhanden ist oder hat das gereicht was ich getan habe? Mein Rechner verhält sich immerhin wieder normal... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6017 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11.03.2011 18:01:34 mbam-log-2011-03-11 (18-01-34).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 165791 Laufzeit: 11 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) -----------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2011 18:09:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 5,69 Gb Free Space | 8,17% Space Free | Partition Type: NTFS Drive E: | 3,72 Gb Total Space | 2,09 Gb Free Space | 56,20% Space Free | Partition Type: FAT32 Drive F: | 465,65 Gb Total Space | 206,01 Gb Free Space | 44,24% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programas\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programas\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programas\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programas\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programas\Panda USB Vaccine\USBVaccine.exe (Panda Security) PRC - C:\Programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programas\ZTE Wireless Terminal\bin\MonServiceUDisk.exe () PRC - C:\Programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programas\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programas\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programas\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programas\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - C:\Programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated) PRC - C:\Programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UDisk Monitor) -- C:\Programas\ZTE Wireless Terminal\bin\MonServiceUDisk.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV - (MpKsl370bc68e) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79C73BE8-AF94-4498-ABC1-28C8A7B528F4}\MpKsl370bc68e.sys (Microsoft Corporation) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Controlador de Placa de Ligação WiFi Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (ztemtusbser) -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys (ZTEMT Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 6F D3 02 19 A3 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=pt_US&apn_uid=E89DDBA8-5BDC-4EE8-B478-9EB5AD8B98FB&apn_ptnrs=VX&apn_sauid=FCC000CD-AF37-4DEF-B5EC-E2580C4EA338&apn_dtid=YYYYYYYYAO&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.30 01:14:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.06 22:36:52 | 000,000,000 | ---D | M] [2010.01.16 15:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.11 13:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2qvhfb4z.default\extensions [2010.12.24 12:46:58 | 000,000,000 | ---D | M] (VDownloader Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2qvhfb4z.default\extensions\toolbar@ask.com [2011.03.11 17:45:33 | 000,002,394 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\searchplugins\askcom.xml [2011.03.11 13:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions [2010.12.03 14:01:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.06 22:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.07 19:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.01.05 16:00:40 | 000,000,000 | ---D | M] (Ultimatefox 1.0) -- C:\Programas\Mozilla Firefox\extensions\ultimatefox@gmail.com [2010.01.05 16:00:40 | 000,000,000 | ---D | M] (Vistafox 2.1) -- C:\Programas\Mozilla Firefox\extensions\vistafox@gmail.com [2010.12.03 14:01:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011.03.06 22:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.07 19:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Mozilla Firefox\plugins\npOGAPlugin.dll Hosts file not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programas\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programas\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.01.14 20:25:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.11 17:55:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.11 17:38:14 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2011.03.11 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ZEUG [2011.03.11 14:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.03.11 13:58:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.11 13:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.11 13:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.11 13:58:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.11 13:58:12 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware [2011.03.11 13:57:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2011.03.10 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\pEeDfNd18100 [2011.03.09 12:48:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.09 12:48:55 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.03.09 12:48:47 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 12:48:47 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.03.09 12:48:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 12:48:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.08 11:34:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.03.07 19:24:30 | 000,000,000 | ---D | C] -- C:\Programas\Common Files\Java [2011.03.07 19:24:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.03.07 19:24:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.03.07 19:24:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.06 22:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.03.06 22:36:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.03.06 22:36:27 | 000,000,000 | ---D | C] -- C:\Programas\Java [2011.03.05 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.03.05 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer [2011.03.02 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nova pasta (3) [2011.03.01 12:26:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hochzeit [2011.02.23 08:03:48 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.23 08:03:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.10 21:39:26 | 000,000,000 | ---D | C] -- C:\Windows\TempE3E9925E-A8CC-5BD7-6FDD-6C1DE94A4E2B-Signatures [2011.02.10 21:38:30 | 000,000,000 | ---D | C] -- C:\Programas\Microsoft Security Client [2011.02.10 21:37:40 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.02.10 20:54:36 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.10 20:54:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.10 20:54:36 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.10 20:54:36 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.10 20:54:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.10 20:54:35 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.10 20:54:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.10 20:54:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.10 20:54:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.10 20:36:42 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.10 20:36:42 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.10 20:10:40 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.10 20:10:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.10 20:10:25 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.10 20:10:18 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.02.10 20:10:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.02.10 20:10:12 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.02.10 20:09:29 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011.02.10 20:09:27 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011.02.10 20:09:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011.02.10 20:09:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010.12.24 06:03:44 | 003,056,008 | ---- | C] (Ask) -- C:\Programas\Common Files\AskToolbarInstaller.exe ========== Files - Modified Within 30 Days ========== [2011.03.11 17:55:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.11 17:47:35 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 17:47:35 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 17:40:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.11 17:40:28 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2011.03.11 17:38:16 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr [2011.03.11 17:23:56 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\hosts-perm.bat [2011.03.11 13:58:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.11 13:57:18 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2011.03.11 13:46:28 | 001,006,747 | ---- | M] () -- C:\Users\***\Desktop\rkill.com [2011.03.02 11:34:05 | 000,681,442 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2011.03.02 11:34:05 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.02 11:34:05 | 000,134,752 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2011.03.02 11:34:05 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.22 23:20:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.02.21 07:02:51 | 001,712,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.10 21:41:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif ========== Files Created - No Company Name ========== [2011.03.11 16:14:39 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\hosts-perm.bat [2011.03.11 13:58:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.11 13:46:26 | 001,006,747 | ---- | C] () -- C:\Users\***\Desktop\rkill.com [2011.02.22 23:20:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.02.10 21:41:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2010.12.26 21:52:41 | 000,001,741 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2010.12.24 06:03:45 | 000,444,283 | ---- | C] () -- C:\Programas\Common Files\WinPcapNmap.exe [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.01.15 23:57:59 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.01.15 19:31:49 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.01.13 12:09:40 | 000,000,189 | ---- | C] () -- C:\Windows\hpdj1280.ini [2010.01.07 09:00:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.05 16:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.05 16:32:14 | 000,007,648 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.01.05 16:04:16 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.01.05 16:04:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010.01.05 16:04:14 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.01.05 16:04:14 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.01.05 16:04:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.07.14 09:10:46 | 000,681,442 | ---- | C] () -- C:\Windows\System32\prfh0816.dat [2009.07.14 09:10:46 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat [2009.07.14 09:10:46 | 000,134,752 | ---- | C] () -- C:\Windows\System32\prfc0816.dat [2009.07.14 09:10:46 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 001,712,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.04.30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.12.01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.12.01 20:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.10.30 14:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat < End of report > ------------------------------------------------------------------------ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.03.2011 18:09:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 5,69 Gb Free Space | 8,17% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 2,09 Gb Free Space | 56,20% Space Free | Partition Type: FAT32
Drive F: | 465,65 Gb Total Space | 206,01 Gb Free Space | 44,24% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client PT-BR Language Pack
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFAAE758-85CE-4A3D-93D8-70563CBE3663}" = OpenOffice.org 3.2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D40C0608-033D-43A7-B4D7-B0EE493F938C}" = Microsoft Antimalware Service PT-BR Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F855451C-21E2-3034-B042-E1E66923548A}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"lvdrivers_12.0" = Pacote de drivers Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Power Management Driver" = ThinkPad Power Management Driver
"printeria UnikatprintDigitalPrintLab3" = DigitalPrintLab3
"printeriaDigitalPrintLab3" = DigitalPrintLab3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"ZTEWireless-101_is1" = ZTE Wireless Terminal
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2011 11:03:09 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:06:11 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:06:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:10:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:10:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:21:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 11:21:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 12:38:24 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 12:53:10 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
Error - 11.03.2011 12:53:10 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Falha ao gerar o contexto de activação para "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Não
foi possível localizar a Assemblagem Dependente Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Utilize
sxstrace.exe para obter um diagnóstico detalhado.
[ Media Center Events ]
Error - 21.12.2010 07:29:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:29:48 - Erro ao ligar à Internet. 12:29:48 - Não é possível
contactar o servidor..
Error - 21.12.2010 07:29:58 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:29:54 - Erro ao ligar à Internet. 12:29:54 - Não é possível
contactar o servidor..
Error - 22.12.2010 22:47:08 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 03:47:03 - Erro ao ligar à Internet. 03:47:03 - Não é possível
contactar o servidor..
Error - 22.12.2010 23:47:15 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 04:47:13 - Erro ao ligar à Internet. 04:47:13 - Não é possível
contactar o servidor..
Error - 23.12.2010 00:47:20 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 05:47:19 - Erro ao ligar à Internet. 05:47:19 - Não é possível
contactar o servidor..
Error - 23.12.2010 01:47:26 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 06:47:25 - Erro ao ligar à Internet. 06:47:25 - Não é possível
contactar o servidor..
Error - 23.12.2010 19:28:17 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:28:17 - Erro ao ligar à Internet. 00:28:17 - Não é possível
contactar o servidor..
Error - 23.12.2010 19:28:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 00:28:23 - Erro ao ligar à Internet. 00:28:23 - Não é possível
contactar o servidor..
Error - 25.12.2010 15:53:37 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:53:37 - Erro ao ligar à Internet. 20:53:37 - Não é possível
contactar o servidor..
Error - 25.12.2010 15:53:54 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:53:43 - Erro ao ligar à Internet. 20:53:43 - Não é possível
contactar o servidor..
[ System Events ]
Error - 11.03.2011 11:10:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 11.03.2011 11:13:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Fornecedor do Grupo Doméstico depende do serviço Anfitrião
do Fornecedor de Detecção de Funções o qual falhou o arranque devido ao seguinte
erro: %%1068
Error - 11.03.2011 11:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Browser de computador depende do serviço Servidor o qual
falhou o arranque devido ao seguinte erro: %%1068
Error - 11.03.2011 11:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Browser de computador depende do serviço Servidor o qual
falhou o arranque devido ao seguinte erro: %%1068
Error - 11.03.2011 11:26:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Fornecedor do Grupo Doméstico depende do serviço Anfitrião
do Fornecedor de Detecção de Funções o qual falhou o arranque devido ao seguinte
erro: %%1068
Error - 11.03.2011 12:27:08 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
Error - 11.03.2011 12:41:29 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
Error - 11.03.2011 12:42:03 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
Error - 11.03.2011 12:42:04 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
Error - 11.03.2011 12:42:15 | Computer Name = ***-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ocorreu um erro ao tentar ler o ficheiro hosts local.
< End of report >
 Wäre dankbar für eure Einschätzung!  Ginguba Geändert von Larusso (12.03.2011 um 12:51 Uhr) |
|
12.03.2011, 12:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System Tool - erfolgreich entfernt? OTH klappt nicht!Zitat:
__________________ |
|
13.03.2011, 12:21
| #3 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Ich seh grad es waren 4 infizierte Dateien. Hab dann gesagt alle entfernen, im Malwarebytes sind sie jetzt unter Quarantäne zu finden. Hier der erste log:
__________________-------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6017 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 11.03.2011 16:01:19 mbam-log-2011-03-11 (16-01-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 396363 Laufzeit: 1 Stunde(n), 4 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pEeDfNd18100 (Trojan.FakeAlert) -> Value: pEeDfNd18100 -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\peedfnd18100\peedfnd18100.exe (Trojan.FakeAlert) -> No action taken. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> No action taken. c:\Users\***\AppData\Roaming\Adobe\adobeutil .exe (Trojan.Agent.Gen) -> No action taken. c:\Users\***\AppData\Roaming\Adobe\adobeutil.exe (Trojan.Agent.Gen) -> No action taken. |
|
13.03.2011, 12:53
| #4 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Ich seh grad es waren 4 infizierte Dateien. Hab dann gesagt alle entfernen, im Malwarebytes sind sie jetzt unter Quarantäne zu finden. Hier der erste log: -------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6017 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 11.03.2011 16:01:19 mbam-log-2011-03-11 (16-01-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 396363 Laufzeit: 1 Stunde(n), 4 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pEeDfNd18100 (Trojan.FakeAlert) -> Value: pEeDfNd18100 -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\peedfnd18100\peedfnd18100.exe (Trojan.FakeAlert) -> No action taken. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\AdbUpd.lnk (Malware.Trace) -> No action taken. c:\Users\***\AppData\Roaming\Adobe\adobeutil .exe (Trojan.Agent.Gen) -> No action taken. c:\Users\***\AppData\Roaming\Adobe\adobeutil.exe (Trojan.Agent.Gen) -> No action taken. |
|
13.03.2011, 14:25
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.01.14 20:25:16 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2011, 01:07
| #6 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Ok, hab ich gemacht soweit, hier das Ergebnis: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File F:\AUTORUN.INF not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully. C:\Programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe moved successfully. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 3447569921 bytes ->Temporary Internet Files folder emptied: 96829581 bytes ->Java cache emptied: 842025 bytes ->FireFox cache emptied: 91795780 bytes ->Flash cache emptied: 2609012 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 142948217 bytes RecycleBin emptied: 230135993 bytes Total Files Cleaned = 3.827,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03142011_005908 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
14.03.2011, 10:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 16:51
| #8 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Hallo, ich war eine Weile ausser Gefecht, daher konnte ich mich erst jetzt wieder um meinen Rechner kuemmern... Danke, Arne, hab getan wie mir aufgetragen wurde. Hier ist das Ergebnis von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-29.05 - *** 30.03.2011 15:39:49.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.351.2070.18.3070.1899 [GMT 1:00]
Executando de: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Adobe\adb.cer
c:\users\***\AppData\Roaming\Adobe\plugs
c:\users\***\AppData\Roaming\Adobe\shed
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-28 to 2011-03-30 ))))))))))))))))))))))))))))
.
.
2011-03-30 14:45 . 2011-03-30 14:49 -------- d-----w- c:\users\***\AppData\Local\temp
2011-03-30 14:45 . 2011-03-30 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 13:16 . 2011-03-30 13:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\MpKsl21da1b12.sys
2011-03-30 13:16 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\mpengine.dll
2011-03-30 12:39 . 2011-03-30 12:39 -------- d-----w- c:\program files\CCleaner
2011-03-30 11:41 . 2011-03-30 11:41 -------- d-----w- c:\programdata\Hewlett-Packard
2011-03-30 11:40 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-03-25 12:54 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 12:53 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A06CF22-E7D7-4C8A-8C60-9E6AD3B1D739}\gapaengine.dll
2011-03-13 23:59 . 2011-03-13 23:59 -------- d-----w- C:\_OTL
2011-03-11 13:02 . 2011-03-11 13:02 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-03-11 12:58 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 12:58 . 2011-03-11 12:58 -------- d-----w- c:\programdata\Malwarebytes
2011-03-11 12:58 . 2011-03-11 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 12:58 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 19:45 . 2011-03-11 15:01 -------- d-----w- c:\programdata\pEeDfNd18100
2011-03-09 11:48 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 11:48 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 11:48 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 11:48 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 11:48 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 11:48 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 11:48 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 11:48 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 11:48 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-07 18:24 . 2011-03-07 18:24 -------- d-----w- c:\program files\Common Files\Java
2011-03-06 21:36 . 2011-02-02 20:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-06 21:36 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 21:36 . 2011-03-07 18:24 -------- d-----w- c:\program files\Java
2011-03-05 15:59 . 2011-03-05 15:59 -------- d-----w- c:\users\***\AppData\Local\Windows Live Writer
2011-03-05 15:59 . 2011-03-05 15:59 -------- d-----w- c:\users\***\AppData\Roaming\Windows Live Writer
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-01-11 11:54 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-10 09:26 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-10 19:10 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:31 . 2011-02-23 07:03 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 07:03 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 19:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-10 19:10 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 18:37 . 2011-01-06 18:37 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-01-05 05:37 . 2011-02-10 19:10 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-10 19:10 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 10:50 . 2010-12-24 05:03 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 09:11 . 2010-12-24 05:03 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2009-05-31 104704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl21da1b12;MpKsl21da1b12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB4753-5BB2-46E8-99CB-C222CA501EBB}\MpKsl21da1b12.sys [2011-03-30 28752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 UDisk Monitor;UDisk Monitor;c:\program files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [2009-06-11 262144]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 netw5v32;Controlador de Placa de Ligação WiFi Intel(R) Sem Fios 5000 Series para Windows Vista de 32 Bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.ask.com?o=14780&l=dis
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=pt_US&apn_uid=E89DDBA8-5BDC-4EE8-B478-9EB5AD8B98FB&apn_ptnrs=VX&apn_sauid=FCC000CD-AF37-4DEF-B5EC-E2580C4EA338&apn_dtid=YYYYYYYYAO&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3823376189-4068465128-1039079962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3823376189-4068465128-1039079962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(6080)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-03-30 15:53:04 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-03-30 14:53
.
Pré-execução: 11.425.910.784 bytes livres
Pós execução: 11.332.386.816 bytes livres
.
- - End Of File - - A2E3EB85FA67C3F29C19534B370CE1D1
 |
|
30.03.2011, 19:05
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Kein Problem, eigene Gesundheit geht vor der "Gesundheit" des PC!  Zitat:
Nach der Deinstallation im dem obligatorischen Neustart des Rechners bitte dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2011, 09:40
| #10 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Hallo, hab AntiVir deinstalliert, hier ist das log vom TDSS Killer: 2011/03/31 09:30:57.0804 0172 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/31 09:30:58.0917 0172 ================================================================================ 2011/03/31 09:30:58.0917 0172 SystemInfo: 2011/03/31 09:30:58.0917 0172 2011/03/31 09:30:58.0917 0172 OS Version: 6.1.7600 ServicePack: 0.0 2011/03/31 09:30:58.0917 0172 Product type: Workstation 2011/03/31 09:30:58.0917 0172 ComputerName: ***-PC 2011/03/31 09:30:58.0918 0172 UserName: *** 2011/03/31 09:30:58.0918 0172 Windows directory: C:\Windows 2011/03/31 09:30:58.0918 0172 System windows directory: C:\Windows 2011/03/31 09:30:58.0918 0172 Processor architecture: Intel x86 2011/03/31 09:30:58.0918 0172 Number of processors: 2 2011/03/31 09:30:58.0918 0172 Page size: 0x1000 2011/03/31 09:30:58.0918 0172 Boot type: Normal boot 2011/03/31 09:30:58.0918 0172 ================================================================================ 2011/03/31 09:30:59.0894 0172 Initialize success 2011/03/31 09:31:11.0088 4012 ================================================================================ 2011/03/31 09:31:11.0088 4012 Scan started 2011/03/31 09:31:11.0088 4012 Mode: Manual; 2011/03/31 09:31:11.0088 4012 ================================================================================ 2011/03/31 09:31:34.0438 4012 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/03/31 09:31:34.0529 4012 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/03/31 09:31:34.0628 4012 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/03/31 09:31:34.0706 4012 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/03/31 09:31:34.0941 4012 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/03/31 09:31:35.0030 4012 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/03/31 09:31:35.0142 4012 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/03/31 09:31:35.0208 4012 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/03/31 09:31:35.0378 4012 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/03/31 09:31:35.0494 4012 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/03/31 09:31:35.0564 4012 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/03/31 09:31:35.0636 4012 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/03/31 09:31:35.0713 4012 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/03/31 09:31:35.0837 4012 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/03/31 09:31:35.0918 4012 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/03/31 09:31:36.0008 4012 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/03/31 09:31:36.0070 4012 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/03/31 09:31:36.0147 4012 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/03/31 09:31:36.0331 4012 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/03/31 09:31:36.0407 4012 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/03/31 09:31:36.0478 4012 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/31 09:31:36.0528 4012 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/03/31 09:31:36.0822 4012 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/03/31 09:31:37.0234 4012 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/03/31 09:31:37.0435 4012 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/03/31 09:31:37.0517 4012 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/03/31 09:31:37.0593 4012 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/03/31 09:31:37.0757 4012 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/31 09:31:37.0860 4012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/03/31 09:31:37.0928 4012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/03/31 09:31:38.0071 4012 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/03/31 09:31:38.0474 4012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/03/31 09:31:38.0727 4012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/03/31 09:31:39.0088 4012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/03/31 09:31:39.0386 4012 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/03/31 09:31:39.0620 4012 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/31 09:31:39.0940 4012 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/03/31 09:31:40.0266 4012 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/03/31 09:31:40.0601 4012 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/03/31 09:31:41.0414 4012 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/31 09:31:41.0651 4012 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/31 09:31:42.0064 4012 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/03/31 09:31:42.0356 4012 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/03/31 09:31:42.0704 4012 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/31 09:31:42.0774 4012 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/03/31 09:31:42.0948 4012 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/03/31 09:31:43.0131 4012 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/31 09:31:43.0187 4012 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/03/31 09:31:43.0479 4012 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/03/31 09:31:43.0963 4012 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/03/31 09:31:44.0403 4012 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys 2011/03/31 09:31:44.0584 4012 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/03/31 09:31:44.0696 4012 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/03/31 09:31:45.0012 4012 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/03/31 09:31:45.0182 4012 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/03/31 09:31:45.0470 4012 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/31 09:31:45.0637 4012 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys 2011/03/31 09:31:46.0329 4012 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/03/31 09:31:46.0915 4012 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/03/31 09:31:47.0134 4012 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/03/31 09:31:47.0526 4012 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/03/31 09:31:47.0657 4012 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/03/31 09:31:48.0006 4012 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/31 09:31:48.0136 4012 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/03/31 09:31:48.0338 4012 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/03/31 09:31:48.0647 4012 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/31 09:31:48.0922 4012 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/03/31 09:31:49.0199 4012 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/03/31 09:31:49.0460 4012 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/03/31 09:31:49.0736 4012 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/31 09:31:49.0931 4012 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/31 09:31:50.0134 4012 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/03/31 09:31:50.0298 4012 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/03/31 09:31:50.0388 4012 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/03/31 09:31:50.0460 4012 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/31 09:31:50.0525 4012 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/03/31 09:31:50.0593 4012 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/31 09:31:50.0702 4012 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/03/31 09:31:50.0900 4012 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/31 09:31:51.0188 4012 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/03/31 09:31:51.0822 4012 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/03/31 09:31:52.0152 4012 hwdatacard (bd01cb77fbeff75089915e361457f7cb) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/03/31 09:31:52.0248 4012 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/03/31 09:31:52.0330 4012 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/31 09:31:52.0590 4012 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/03/31 09:31:52.0802 4012 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 2011/03/31 09:31:53.0685 4012 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/03/31 09:31:53.0839 4012 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/03/31 09:31:53.0899 4012 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/31 09:31:54.0140 4012 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/31 09:31:54.0320 4012 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/03/31 09:31:54.0650 4012 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/03/31 09:31:54.0922 4012 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys 2011/03/31 09:31:55.0182 4012 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/03/31 09:31:55.0451 4012 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/03/31 09:31:55.0574 4012 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/31 09:31:55.0783 4012 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/31 09:31:55.0891 4012 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/03/31 09:31:56.0017 4012 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/31 09:31:56.0213 4012 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/03/31 09:31:56.0405 4012 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/31 09:31:56.0511 4012 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/03/31 09:31:56.0598 4012 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/03/31 09:31:56.0695 4012 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/03/31 09:31:56.0802 4012 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/03/31 09:31:56.0950 4012 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/03/31 09:31:57.0098 4012 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\Windows\system32\DRIVERS\lvpopflt.sys 2011/03/31 09:31:57.0249 4012 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/03/31 09:31:57.0384 4012 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys 2011/03/31 09:31:58.0317 4012 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/03/31 09:31:58.0774 4012 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/03/31 09:31:58.0885 4012 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/03/31 09:31:58.0989 4012 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/03/31 09:31:59.0088 4012 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/31 09:31:59.0206 4012 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/31 09:31:59.0345 4012 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/31 09:31:59.0486 4012 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/03/31 09:31:59.0628 4012 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys 2011/03/31 09:31:59.0699 4012 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/03/31 09:31:59.0887 4012 MpKsl171ef24f (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B890733-D2E5-4428-8A1A-E2404005B8BC}\MpKsl171ef24f.sys 2011/03/31 09:32:00.0057 4012 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys 2011/03/31 09:32:00.0149 4012 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/31 09:32:00.0231 4012 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/03/31 09:32:00.0359 4012 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/31 09:32:00.0430 4012 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/31 09:32:00.0542 4012 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/31 09:32:00.0610 4012 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/03/31 09:32:00.0668 4012 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/03/31 09:32:00.0768 4012 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/03/31 09:32:00.0832 4012 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/03/31 09:32:00.0951 4012 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/03/31 09:32:01.0069 4012 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/31 09:32:01.0194 4012 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/31 09:32:01.0262 4012 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/03/31 09:32:01.0379 4012 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/03/31 09:32:01.0471 4012 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/31 09:32:01.0554 4012 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/03/31 09:32:01.0629 4012 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/03/31 09:32:01.0704 4012 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/03/31 09:32:01.0839 4012 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/31 09:32:01.0962 4012 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/03/31 09:32:02.0159 4012 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/03/31 09:32:02.0277 4012 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/31 09:32:02.0363 4012 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/31 09:32:02.0424 4012 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/31 09:32:02.0477 4012 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/03/31 09:32:02.0573 4012 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/31 09:32:02.0686 4012 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/31 09:32:03.0465 4012 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/03/31 09:32:03.0945 4012 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/03/31 09:32:04.0101 4012 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 2011/03/31 09:32:04.0548 4012 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys 2011/03/31 09:32:04.0677 4012 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/03/31 09:32:04.0845 4012 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 2011/03/31 09:32:05.0190 4012 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/31 09:32:05.0410 4012 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/03/31 09:32:05.0736 4012 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/03/31 09:32:05.0842 4012 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/03/31 09:32:05.0951 4012 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/03/31 09:32:06.0051 4012 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/03/31 09:32:06.0276 4012 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/31 09:32:06.0432 4012 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/03/31 09:32:06.0580 4012 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/03/31 09:32:06.0823 4012 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/03/31 09:32:06.0968 4012 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/03/31 09:32:07.0133 4012 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/03/31 09:32:07.0363 4012 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/03/31 09:32:07.0471 4012 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/03/31 09:32:07.0631 4012 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/03/31 09:32:08.0075 4012 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/31 09:32:08.0261 4012 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/03/31 09:32:08.0560 4012 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/31 09:32:08.0862 4012 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/03/31 09:32:09.0196 4012 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/03/31 09:32:09.0386 4012 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/31 09:32:09.0513 4012 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/31 09:32:09.0668 4012 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/03/31 09:32:09.0743 4012 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/31 09:32:09.0835 4012 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/31 09:32:09.0907 4012 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/31 09:32:09.0980 4012 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/31 09:32:10.0034 4012 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/03/31 09:32:10.0116 4012 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/31 09:32:10.0194 4012 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/03/31 09:32:10.0285 4012 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/31 09:32:10.0363 4012 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/03/31 09:32:10.0451 4012 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/03/31 09:32:10.0540 4012 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/03/31 09:32:10.0663 4012 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/03/31 09:32:10.0771 4012 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/31 09:32:11.0024 4012 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/03/31 09:32:11.0119 4012 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/03/31 09:32:11.0189 4012 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/03/31 09:32:11.0304 4012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/31 09:32:11.0414 4012 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/31 09:32:11.0493 4012 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/03/31 09:32:11.0579 4012 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/03/31 09:32:11.0681 4012 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/03/31 09:32:11.0749 4012 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/03/31 09:32:11.0810 4012 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/03/31 09:32:11.0886 4012 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/03/31 09:32:11.0998 4012 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/03/31 09:32:12.0108 4012 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/03/31 09:32:12.0180 4012 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/03/31 09:32:12.0267 4012 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/03/31 09:32:12.0401 4012 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/03/31 09:32:12.0552 4012 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/03/31 09:32:12.0662 4012 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/31 09:32:12.0765 4012 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/03/31 09:32:12.0900 4012 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/03/31 09:32:13.0065 4012 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/03/31 09:32:13.0304 4012 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/31 09:32:13.0426 4012 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/03/31 09:32:13.0514 4012 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/03/31 09:32:13.0576 4012 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/03/31 09:32:13.0668 4012 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/31 09:32:13.0872 4012 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/03/31 09:32:14.0125 4012 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/31 09:32:14.0221 4012 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/31 09:32:14.0336 4012 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/03/31 09:32:14.0410 4012 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/03/31 09:32:14.0478 4012 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/31 09:32:14.0534 4012 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/31 09:32:14.0659 4012 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/31 09:32:14.0776 4012 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/31 09:32:14.0845 4012 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/03/31 09:32:14.0923 4012 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/31 09:32:15.0052 4012 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/03/31 09:32:15.0158 4012 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/31 09:32:15.0280 4012 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/03/31 09:32:15.0413 4012 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/03/31 09:32:15.0500 4012 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/31 09:32:15.0603 4012 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/03/31 09:32:15.0690 4012 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/31 09:32:15.0828 4012 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/31 09:32:15.0899 4012 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/03/31 09:32:16.0023 4012 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/31 09:32:16.0091 4012 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/31 09:32:16.0194 4012 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/31 09:32:16.0310 4012 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/03/31 09:32:16.0393 4012 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/31 09:32:16.0465 4012 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/03/31 09:32:16.0544 4012 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/03/31 09:32:16.0635 4012 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/03/31 09:32:16.0726 4012 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/03/31 09:32:16.0821 4012 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/03/31 09:32:16.0912 4012 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/03/31 09:32:17.0026 4012 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/03/31 09:32:17.0092 4012 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/03/31 09:32:17.0147 4012 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/03/31 09:32:17.0241 4012 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/03/31 09:32:17.0369 4012 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/03/31 09:32:17.0439 4012 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/03/31 09:32:17.0533 4012 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/03/31 09:32:17.0633 4012 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/31 09:32:17.0657 4012 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/31 09:32:17.0755 4012 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/03/31 09:32:17.0882 4012 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/31 09:32:18.0011 4012 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/03/31 09:32:18.0077 4012 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/03/31 09:32:18.0394 4012 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/03/31 09:32:18.0753 4012 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/03/31 09:32:19.0019 4012 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/31 09:32:19.0196 4012 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/03/31 09:32:19.0282 4012 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/31 09:32:19.0451 4012 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys 2011/03/31 09:32:19.0598 4012 ================================================================================ 2011/03/31 09:32:19.0598 4012 Scan finished 2011/03/31 09:32:19.0599 4012 ================================================================================ |
|
31.03.2011, 13:32
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2011, 09:52
| #12 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Hallo, mit dem OSAM.rar hatte ich einige Probleme, es kam beim runterladen scheinbar immer unvollstaendig an un liess sich dann nicht starten. Heute hat´s aber komischerweise geklappt :-) Hier also die log Inhalte von allen 3: ------------------------------------------------------------------------------------ GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-01 10:08:04
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHV2080BH rev.00840028
Running: 5kplmhnf.exe; Driver: C:\Users\janis\AppData\Local\Temp\kgloypod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E89589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C19000, 0x23097E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000076 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016ceeb7a91
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???}??????????????????????????????????????,??}???????????????????????????????????????}?}?}?}?}?}?}?}?}?}????? ???????}???????????i?:??????,?L??? ???????????????????????? ???????}????????????m??&???????????????????}??? R??}??????????t????}??? ???????o?????}?????}????????$?????????M?????N??}?????????e????@%Systemroot%\system32\wsmsvc.dll,-101????????h??}????????h?????%SystemRoot%\System32\svchost.exe -k NetworkService??????}?}?}????N??}?????????n????@%Systemroot%\system32\wsmsvc.dll,-102??????? 8??}??????????????NT AUTHORITY\NetworkService????????}?????}??????????????????????????????????t???ServiceMain????????? ????????????????}???????????e??RPCSS?HTTP????????,??}???????????????????????????????????????}??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege???????? B??}???????????????}???????????????????????????????????????????????}?}?}?}?}?}?}?}?}?}?}?}????? ???????}???????????}????????,?B??? ???????????%SystemRoot%\system32\WsmSv
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????Net??????????j??????????oem16.inf????????????????h???????????????e????N???????????D??????{?{?{?{?{?{?{?{?{?{?s???????????????1?????????????????e5???????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????B????????????????????X?????????????? ??????????????????{4e04cd35-fb92-11de-a6db-0018de2a1a6b}??????????????? ???????s?????????????;??L??????????????}??? ???????????????????n?;????????D???&???????????????????????? D??????1??????e-??Teredo Tunneling Pseudo-Interface????????????C??????06???????t???n??ss??system32\DRIVERS\lvrs.sys?????D????????????e????Logitech RightSound Filter Driver?????????X?????????????? ??????? ?????OS ????????????????????????4???????????h?????????????????????????????????t?????????????????????????6???????????h?????system32\DRIVERS\lvuvc.sys????????2????????????e????Logitech Webcam 200(UVC)????? N??????|???????|??????os??Logitech????????or???e??tunnel?n?????j?k?y?y???????????????????????????s??????????????Z???????????????????????X??????|???t??? ???????5??????}?????N??????|?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???p?|????<??p?????????n??????????????????????????????????????????\??q??????????????????????????????????????????????????_r??????_r???????n????P??p?????????e????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe?????????????????????????????p??????p?????4???????????h??????????????????????????????????????????????????e??????????????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???B????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p???????????????????p???????????p??????????????SeCreateGlobalPrivilege?SeTcbPrivilege?SeChangeNotifyPrivil
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???}????????ba???z??11???????????????z??????????????????????{C4BA0EB2-85C7-4CD7-B250-833E3A113FF3}??-8??????6B???????????????????????????????z??.NT?????.NTx86??????usb.inf?????????????????????????? ???e???v??????????????????input.inf???11??????6-21-2006??????????????????????s????????????????????.NT??????????????????????????h??6-21-2006????????????z???????????z???????z???_???h??????????????????SS??????_{???????????????????????????????????????e??????????USB?????? :??|???5???????2??????????tf???????z??USB\VID_19D2&PID_FFF1&MI_00\6&36d16a50&0&0000????z???????A??????????????????.NT??????z???????z??6.1.7600.16385??????? ???d???e?????;Ge???z??*6to4mp??????? ??z???????????????????z??Microsoft???hdaudio\func_01?????AT&F<cr>?B??Microsoft???6-21-2006???Microsoft????????z????????????????*??????@?????@?@???????????????????????z????\??z??????????????????????Microsoft????????A???????z??????????????????????.NT?????v_mscdsc.inf?6???????????a???h???????????????????????????????????_???9??? ??Microsoft????????z??? P?????? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????8??????????????????????????192.168.1.254???????????C4???????????v??????PROCEXP113???????d??????????????s???MpKsl124e2d67???????0A???????????|??????????????????????????ROOT\*6TO4MP\0024??????????????? ????????????6??58??Composite.Dev?????z?????????$???????????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E58B9B43-933F-484E-8B3E-71EC80717420}] SEQPACKET 22????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????-??"?????l?????????????????????????r??????????????r???h???????????u??????????? l??????{??????????? ??????? ????????????X?????????????6-21-2006????????????4??26??0.0.0.0?2.41???|?????????????????????????????????????&??oem18.inf???? ?????????????????????-??"?????l???????71??? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???v?????|????????????????2??v????????h??????????~??????????????????????????????_tcp????????????????t???C:\ProgramData\Microsoft\MF??????????????|???????u???????z???????????????????????????????????????d??? ???????n????????????????????6????????????8?????????????????????????n??? ???????n?????n???????-????????????????????????????? l????????????/????Modem????????n???D?????????gnt??????s???????????????r????n???????????????&???n????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506???????????????????????????????????:??????????????????????????????&???o???????????????????????????????????&???o???????????????????????????&???o???????????????????????????&???o????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501???????@FirewallAPI.dll,-23502???????mpssvc??????????????????????????????????????????????????????????????????@Firewall
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016ceeb7a91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s?q???????s????????????4??s????????h??????????????????????????????s???????????????????s??328000???????????s?????????e????????????????????umb\umbus????????t??????0.0.0.0????????????????????????????????s????45000???Protocolo IrDA???????????3???????????????????+??????????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?q???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,???????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s?s???????e????????????????????????????????????????????T??s??????????????????SeChangeNotifyPrivilege?SeAuditPrivilege??????,??????????????????????????|???s?s?s?s?s?s?s????R??s?????????e???????? ???????????? F??s??????????????@%systemroot%\system32\FntCache.dll,-100?????????s????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation?????? ???????s???????????s????????,?F??? ????????????????@???????????????????????@??????????????????????????????????????????????????????????????????%SystemRoot%\system32\FntCache.dll???????????????????????????????s???s??? ???????s???????????s???????????????????????????s??????????????????0????????????????????????????????????? ?????????????????????????????????????????????????????????? ???????o?????s?????s????????????v???????????????d??s?????????e????@%SystemRoot%\system32\PresentationHost.exe,-3309????????????????????????????s????????h?????%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe?????????????????t??????s?????s?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???ss???????????????Keyboard Class??????System Bus Extender?????????????????????????*6to4mp??|???????d???????????B???????????s?????????????????????????s???????????????g ?????8??s????????h?????????????????t???@%systemroot%\system32\drivers\hwpolicy.sys,-101?????????????????????????????5???????????k?k???k?????????s??? ???????o?????s?????s??????????x?|???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????????s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k?t???k??? ???????k?????k?????k?-???????????? ???????R???????????????????????? ???????k???????????l?-????????P??????????????k?&??? ???????k?????k?????k?-??????????g??????????0??Volume?:\W???l?l?l??? ???????k???????????l?-????????P???????????USBSTOR??????????????????????l?l?l?????k?&??USBSTOR?NN??Microsoft???Volume???????i?k?k?k?????????l??????????Ndi-Mp-Bh????????????,???????????????????????????????????????t???????????????2?????????????????s???????????????????????|?o??.NT??????k?l?????l??? ???????k?????k?????k?-??????????h??????????0????N?xl????????D?????? ???????k???????????|?-????????P????????????????k??????s????????????e?????s? ?????k?&??rdbss???????LegacyDriver????????????????????? ???????k?????k?????k?-??????????y? ????????????????????????????????? l?&???l??????????????? ???????k???????????k?-????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????l??????????????????????????.NTx86??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? V??????????????????????????:??????08?????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???o?q????<??q????????h??????????s???????|??????????????????MS_RFCOMM????o?o?o???o??????????????t???????5???????????????????????t???????t????q???????q????????????????????????6??t??????????????MS_BTHBRB???? ???????o???????????o????????,?F??? ???????????%SystemRoot%\System32\appidsvc.dll???????????????????????o????????????????????????????????????????P??o????????h?????\SystemRoot\system32\DRIVERS\amdagp.sys???????4??o?????????e????AMD AGP Bus Filter Driver????????o??????p???PnP Filter???????o?o?o?o?o?o?o????R??o???????????d??machine.inf_x86_neutral_65848c2d7375a720????? ???????o???????????o?????????????? ????????????????o???????????????o???????????????o?????????????????????o????? ???????o???????????o??????????P????????????????????????????o??MS_BTHPAN??????o?????????????????????&???o??????????????????????????? ?????????????????????????o?????o??????????????.?????????????????????????????????????????????????????????:??????????????????&???o??????????????????????????? ???????o???????????o??????????N???????8??????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???q?q??protimus?{??????????????? ???????o?????q????Pq?2??????$?h?Z???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????q???????????q???????????????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??q????????n?????%SystemRoot%\System32\dnsext.dll????? ???????q???????????p?2??????????????????????8??s????????h?????? ???????p???????????p?2????????????????????????????0??????????????????????????? ??????????? ??????????????????????????
---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------------ OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 09:33:30 on 07.04.2011 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\janis\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "MpKsl84c01e34" (MpKsl84c01e34) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE34627A-8189-43F4-8EF9-F1D3724527BD}\MpKsl84c01e34.sys "NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll <binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll <binary data> "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "VDownloader Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\janis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "UDisk Monitor" (UDisk Monitor) - ? - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe (File found, but it contains no detailed information) "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Microsoft Corporation" - C:\Windows\WLXPGSS.SCR [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index ------------------------------------------------------------------------------------ MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 2007FRG Logical Drives Mask: 0x0000000c Kernel Drivers (total 180): 0x82E40000 \SystemRoot\system32\ntkrnlpa.exe 0x82E09000 \SystemRoot\system32\halmacpi.dll 0x80BCD000 \SystemRoot\system32\kdcom.dll 0x8AE3A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8AEB2000 \SystemRoot\system32\PSHED.dll 0x8AEC3000 \SystemRoot\system32\BOOTVID.dll 0x8AECB000 \SystemRoot\system32\CLFS.SYS 0x8AF0D000 \SystemRoot\system32\CI.dll 0x8B010000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B081000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B08F000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8B0D7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8B0E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8B0E8000 \SystemRoot\system32\DRIVERS\pci.sys 0x8B112000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8B11D000 \SystemRoot\System32\drivers\partmgr.sys 0x8B12E000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8B136000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8B141000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8B151000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B19C000 \SystemRoot\system32\DRIVERS\intelide.sys 0x8B1A3000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8B1B1000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x8B1DF000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B1F5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8AFB8000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8B000000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8AFDB000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8AE00000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AFE4000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B20C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B33B000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B366000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B379000 \SystemRoot\System32\Drivers\cng.sys 0x8B3D6000 \SystemRoot\System32\drivers\pcw.sys 0x8B3E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B420000 \SystemRoot\system32\drivers\ndis.sys 0x8B4D7000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B515000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B628000 \SystemRoot\System32\drivers\tcpip.sys 0x8B771000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B7A2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B7AB000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B7EA000 \SystemRoot\System32\Drivers\spldr.sys 0x8B53A000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B600000 \SystemRoot\System32\Drivers\mup.sys 0x8B610000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B567000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B599000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B5AA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B400000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90232000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x90259000 \SystemRoot\System32\Drivers\Null.SYS 0x90260000 \SystemRoot\System32\Drivers\Beep.SYS 0x90267000 \SystemRoot\System32\drivers\vga.sys 0x90273000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90294000 \SystemRoot\System32\drivers\watchdog.sys 0x902A1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x902A9000 \SystemRoot\system32\drivers\rdpencdd.sys 0x902B1000 \SystemRoot\system32\drivers\rdprefmp.sys 0x902B9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x902C4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x902D2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x902E9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x902F4000 \SystemRoot\system32\drivers\afd.sys 0x9034E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90380000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x90387000 \SystemRoot\system32\DRIVERS\pacer.sys 0x903A6000 \SystemRoot\system32\DRIVERS\netbios.sys 0x903B4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x903C7000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FA00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FA41000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8FA4B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FA55000 \SystemRoot\System32\drivers\discache.sys 0x8FA61000 \SystemRoot\system32\drivers\csc.sys 0x8FAC5000 \SystemRoot\System32\Drivers\dfsc.sys 0x8FADD000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8FAEB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8FB0C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x90809000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8FB1E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x95412000 \SystemRoot\System32\drivers\dxgmms1.sys 0x9544B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x95C10000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x96023000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x9602E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x96079000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x96088000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x960A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x960AD000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x960BA000 \SystemRoot\system32\DRIVERS\nscirda.sys 0x960C2000 \SystemRoot\system32\drivers\irenum.sys 0x960CB000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x960CF000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x960D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x960E0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x960F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x9610A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x96115000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x96137000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x9614F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x96166000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9617D000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x96187000 \SystemRoot\system32\DRIVERS\swenum.sys 0x96189000 \SystemRoot\system32\DRIVERS\ks.sys 0x961BD000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9546A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x961CB000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x954AE000 \SystemRoot\system32\drivers\HdAudio.sys 0x954FE000 \SystemRoot\system32\drivers\portcls.sys 0x961DC000 \SystemRoot\system32\drivers\drmk.sys 0x9552D000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS 0x95823000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS 0x95925000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS 0x959DA000 \SystemRoot\system32\drivers\modem.sys 0x959E7000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x95800000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9580D000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x95818000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9556A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x82770000 \SystemRoot\System32\win32k.sys 0x961F5000 \SystemRoot\System32\drivers\Dxapi.sys 0x9557B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x959FD000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x95C00000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x95592000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x95599000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x955A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x955B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x955C3000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x955CE000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x8C424000 \SystemRoot\System32\Drivers\bthport.sys 0x8C4B2000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x8C4D6000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x8C4E3000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x8C4FE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x829D0000 \SystemRoot\System32\TSDDD.dll 0x82600000 \SystemRoot\System32\cdd.dll 0x82620000 \SystemRoot\System32\ATMFD.DLL 0x8C509000 \SystemRoot\system32\drivers\luafv.sys 0x8C524000 \SystemRoot\system32\drivers\WudfPf.sys 0x8C53E000 \SystemRoot\system32\DRIVERS\WinUSB.sys 0x8C547000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x8C568000 \SystemRoot\system32\DRIVERS\irda.sys 0x8C586000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8C596000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C5DC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8C5EC000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x98A06000 \SystemRoot\system32\drivers\HTTP.sys 0x98A8B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x98AA4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x98AB6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x98AD9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x98B14000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x98B47000 \SystemRoot\system32\drivers\npf.sys 0x98B56000 \SystemRoot\system32\drivers\peauth.sys 0x98BED000 \SystemRoot\System32\Drivers\secdrv.SYS 0x8C400000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x98B2F000 \SystemRoot\System32\drivers\tcpipreg.sys 0x98B3C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0x9AA22000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9AA71000 \SystemRoot\System32\DRIVERS\srv.sys 0x9AAC2000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0x9AACE000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0x9AAD3000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE34627A-8189-43F4-8EF9-F1D3724527BD}\MpKsl84c01e34.sys 0x9AAD9000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9AB6D000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x76FE0000 \Windows\System32\ntdll.dll 0x48470000 \Windows\System32\smss.exe 0x77220000 \Windows\System32\apisetschema.dll 0x00480000 \Windows\System32\autochk.exe 0x77170000 \Windows\System32\usp10.dll 0x76E80000 \Windows\System32\ole32.dll 0x76D40000 \Windows\System32\urlmon.dll 0x76C40000 \Windows\System32\wininet.dll 0x76B70000 \Windows\System32\msctf.dll 0x77140000 \Windows\System32\imagehlp.dll 0x76B20000 \Windows\System32\gdi32.dll 0x76AE0000 \Windows\System32\ws2_32.dll Processes (total 57): 0 System Idle Process 4 System 264 C:\Windows\System32\smss.exe 352 csrss.exe 428 C:\Windows\System32\wininit.exe 440 csrss.exe 476 C:\Windows\System32\services.exe 492 C:\Windows\System32\lsass.exe 500 C:\Windows\System32\lsm.exe 540 C:\Windows\System32\winlogon.exe 652 C:\Windows\System32\svchost.exe 716 C:\Windows\System32\ibmpmsvc.exe 768 C:\Windows\System32\svchost.exe 820 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 920 C:\Windows\System32\Ati2evxx.exe 952 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1116 C:\Windows\System32\audiodg.exe 1180 C:\Windows\System32\svchost.exe 1320 WUDFHost.exe 1428 C:\Windows\System32\svchost.exe 1472 C:\Windows\System32\Ati2evxx.exe 1684 C:\Windows\System32\spoolsv.exe 1720 C:\Windows\System32\svchost.exe 1788 C:\Program Files\Bonjour\mDNSResponder.exe 1856 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1916 C:\Windows\System32\svchost.exe 1980 C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe 2028 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 1296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2324 C:\Windows\System32\taskhost.exe 2668 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 2788 C:\Windows\System32\svchost.exe 2896 C:\Windows\System32\svchost.exe 3104 C:\Windows\System32\rundll32.exe 3228 C:\Windows\System32\dwm.exe 3256 C:\Windows\explorer.exe 3296 C:\Program Files\Panda USB Vaccine\USBVaccine.exe 3400 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 3424 C:\Program Files\Microsoft Security Client\msseces.exe 3440 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3524 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe 3544 C:\Program Files\Logitech\Logitech Vid\Vid.exe 3592 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3692 C:\Program Files\OpenOffice.org 3\program\soffice.exe 3708 C:\Program Files\OpenOffice.org 3\program\soffice.bin 3744 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe 3900 C:\Windows\System32\SearchIndexer.exe 4032 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 2576 C:\Windows\System32\svchost.exe 4076 C:\Windows\servicing\TrustedInstaller.exe 2532 C:\Windows\System32\SearchProtocolHost.exe 2432 C:\Windows\System32\SearchFilterHost.exe 1732 C:\Users\janis\Desktop\MBRCheck.exe 788 C:\Windows\System32\conhost.exe 1692 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHV2080BH, Rev: 00840028 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! ------------------------------------------------------------------------------------ Gruss, |
|
07.04.2011, 10:15
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2011, 18:51
| #14 |
| | System Tool - erfolgreich entfernt? OTH klappt nicht! Hallo, ich hab momentan nicht immer Internet, daher erst jetzt wieder... Habe die scans gemacht. Bei SUPERAntiSpyware sind ne Menge Cookies gefunden worden... Hier die Logs: ------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6389 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 19.04.2011 00:15:28 mbam-log-2011-04-19 (00-15-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 291815 Laufzeit: 55 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) -------------------------------------------------------------------- SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/19/2011 at 10:17 AM Application Version : 4.50.1002 Core Rules Database Version : 6623 Trace Rules Database Version: 4672 Scan type : Complete Scan Total Scan Time : 00:53:18 Memory items scanned : 446 Memory threats detected : 0 Registry items scanned : 9086 Registry threats detected : 0 File items scanned : 36964 File threats detected : 90 Adware.Tracking Cookie www.unmultimedia.org [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYP9JLQV ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .doubleclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .yadro.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .apmebf.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .photobox.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .traffictrack.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] urbia.wwe-media.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad2.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tacoda.at.atwola.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .advertising.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .advertising.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] tracking.publicidees.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .xiti.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .rambler.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adtech.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ww251.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .zanox-affiliate.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .estat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .toplist.cz [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] eas.apm.emediate.eu [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] eas.apm.emediate.eu [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .247realmedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .advertstream.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .boursoramabanque.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .clubmed.solution.weborama.fr [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .horyzon-media.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .horyzon-media.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .adbrite.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .mediabrandsww.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] m1.webstats.motigo.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2qvhfb4z.default\cookies.sqlite ] ------------------------------------------------------------   |
|
19.04.2011, 20:15
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Tool - erfolgreich entfernt? OTH klappt nicht! Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Tool - erfolgreich entfernt? OTH klappt nicht! |
| 7-zip, abgesicherten, adobe after effects, anleitung, avgntflt.sys, besser, button, conduit, doppelklick, entfernt, entfernt?, erfolgreich, gefahr, hosts-datei, infizierte, install.exe, langs, location, lws.exe, malwarebytes, media center, microsoft security, modus, oldtimer, oth.scipt, oth.scr, otl.exe, panda usb vaccine, plug-in, problemlos, process, programdata, rechner, sauber, saver, scan, sched.exe, searchplugins, shell32.dll, sketchup, start menu, stelle, super, system, system tool, taskhost.exe, tool, tools, trojaner, vollständig, vorhanden, webcheck, windows, windows live mesh, öffnen |
Linear-Darstellung
