| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32.autorun.tmp wie werd ichs los?!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2011, 01:28
| #1 |
 |  win32.autorun.tmp wie werd ichs los?! habe heute mit spybot gescannt und es fand win32.autorun.tmp und konnte es leider nicht entfernen, beim nochmaligen scan wurde es nicht mehr gefunden, malware findet auch nix, cc cleaner benutzt nix passiert. habe bootkit remover runtergeladen, die spybot log datei ist zu groß, als dass sie hier rein passt, hat als word datei 216 seiten, weiß daher nicht, wie ich sie posten soll (otl dateien im anhang) bitte um HILFE Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Controlled by rootkit! Boot code on some of your physical disks is hidden by a rootkit. To disinfect the master boot sector, use the following command: remover.exe fix <device_name> To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] Done; Press any key to quit... malware log datei Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6057 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.03.2011 00:14:29 mbam-log-2011-03-15 (00-14-29).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167733 Laufzeit: 3 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6056 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.03.2011 23:59:11 mbam-log-2011-03-14 (23-59-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 288935 Laufzeit: 43 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) hab hier doch kleinere von sypbot, aber glaube nur die, bei denen nix mehr gefunden wurde --- Report generated: 2011-03-15 00:10 --- Gratuliere!: Es wurden keine Spione gefunden. (Status) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-12-09 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2011-02-24 Includes\Adware.sbi (*) 2011-03-08 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2011-03-08 Includes\DialerC.sbi (*) 2011-02-24 Includes\HeavyDuty.sbi (*) 2010-11-30 Includes\Hijackers.sbi (*) 2011-03-08 Includes\HijackersC.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2011-03-08 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2011-02-24 Includes\Malware.sbi (*) 2011-03-08 Includes\MalwareC.sbi (*) 2011-02-24 Includes\PUPS.sbi (*) 2011-03-03 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2011-03-08 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2011-02-24 Includes\Spyware.sbi (*) 2011-03-08 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-12-28 Includes\Trojans.sbi (*) 2011-03-08 Includes\TrojansC-02.sbi (*) 2011-03-03 Includes\TrojansC-03.sbi (*) 2011-03-08 Includes\TrojansC-04.sbi (*) 2011-03-08 Includes\TrojansC-05.sbi (*) 2011-03-08 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- Report generated: 2011-03-15 00:33 --- Gratuliere!: Es wurden keine Spione gefunden. (Status) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-12-09 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2011-02-24 Includes\Adware.sbi (*) 2011-03-08 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2011-03-08 Includes\DialerC.sbi (*) 2011-02-24 Includes\HeavyDuty.sbi (*) 2010-11-30 Includes\Hijackers.sbi (*) 2011-03-08 Includes\HijackersC.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2011-03-08 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2011-02-24 Includes\Malware.sbi (*) 2011-03-08 Includes\MalwareC.sbi (*) 2011-02-24 Includes\PUPS.sbi (*) 2011-03-03 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2011-03-08 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2011-02-24 Includes\Spyware.sbi (*) 2011-03-08 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-12-28 Includes\Trojans.sbi (*) 2011-03-08 Includes\TrojansC-02.sbi (*) 2011-03-03 Includes\TrojansC-03.sbi (*) 2011-03-08 Includes\TrojansC-04.sbi (*) 2011-03-08 Includes\TrojansC-05.sbi (*) 2011-03-08 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll so fängt die lange log datei an --- Search result list --- Win32.AutoRun.tmp: [SBI $751B1850] Einstellungen (Registrierungsdatenbank-Wert, fixing failed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Right Media: Verfolgender Cookie (Internet Explorer: mötö) (Cookie, fixed) spybot log datei gott tut mir leid ich bin in panik, habe jetzt nochmal die otl dateien mit load erstellt. otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 3/15/2011 2:10:23 AM - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mötö\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 25.50 Gb Free Space | 34.22% Space Free | Partition Type: NTFS Drive D: | 208.92 Gb Total Space | 182.91 Gb Free Space | 87.55% Space Free | Partition Type: NTFS Computer Name: MÖTÖ-PC | User Name: mötö | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mötö\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\mötö\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (SRS_VolSync_Service) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SRS_PremiumSound_Service) -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (CRFILTER) -- C:\Windows\SysNative\drivers\CRFILTER.sys (Generic) DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.backup.ftp: " 62.243.224.179" FF - prefs.js..network.proxy.backup.ftp_port: 1080 FF - prefs.js..network.proxy.backup.gopher: " 62.243.224.179" FF - prefs.js..network.proxy.backup.gopher_port: 1080 FF - prefs.js..network.proxy.backup.socks: " 62.243.224.179" FF - prefs.js..network.proxy.backup.socks_port: 1080 FF - prefs.js..network.proxy.backup.ssl: " 62.243.224.179" FF - prefs.js..network.proxy.backup.ssl_port: 1080 FF - prefs.js..network.proxy.ftp: " 131.247.2.247" FF - prefs.js..network.proxy.ftp_port: 3127 FF - prefs.js..network.proxy.gopher: " 131.247.2.247" FF - prefs.js..network.proxy.gopher_port: 3127 FF - prefs.js..network.proxy.http: " 131.247.2.247" FF - prefs.js..network.proxy.http_port: 3127 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: " 131.247.2.247" FF - prefs.js..network.proxy.socks_port: 3127 FF - prefs.js..network.proxy.ssl: " 131.247.2.247" FF - prefs.js..network.proxy.ssl_port: 3127 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/26 18:00:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 01:32:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/19 21:18:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/06 11:06:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/06 11:06:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/19 21:18:56 | 000,000,000 | ---D | M] [2009/12/09 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mötö\AppData\Roaming\mozilla\Extensions [2011/03/15 00:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions [2010/09/27 21:41:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/08/29 10:51:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/12/24 09:02:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/11 08:12:37 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2011/03/06 21:51:58 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/06/08 20:50:40 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\lazarus@interclue.com [2011/03/13 11:43:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\personas@christopher.beard [2011/03/08 20:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010/07/03 08:49:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/23 09:24:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/09 21:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/05 19:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/08 20:39:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010/10/25 22:02:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2010/03/06 01:32:31 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX [2010/08/19 21:18:55 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2010/10/25 22:02:54 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D} File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3} File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360} File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/08/13 22:03:05 | 000,799,808 | ---- | M] (www.devalvr.com) -- C:\Program Files (x86)\mozilla firefox\plugins\npdevalvr.dll [2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010/10/27 08:57:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/10/27 08:57:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/10/27 08:57:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/10/27 08:57:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/10/27 08:57:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Setwallpaper] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - Startup: C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/03/15 02:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/03/15 02:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/03/15 02:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011/03/15 01:56:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\mötö\Desktop\Erunt-setup.exe [2011/03/15 01:56:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mötö\Desktop\OTL.exe [2011/03/15 01:56:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\mötö\Desktop\TFC.exe [2011/03/15 00:18:44 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\mötö\Desktop\remover.exe [2011/03/14 22:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/03/14 22:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/03/14 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/03/14 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\mötö\Desktop\secres [2011/03/08 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/03/06 21:55:59 | 000,000,000 | ---D | C] -- C:\Users\mötö\AppData\Roaming\QuickScan [2011/03/06 19:17:44 | 000,000,000 | ---D | C] -- C:\Users\mötö\Desktop\vinatge [2011/02/27 20:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/02/27 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011/02/26 08:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/02/24 10:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2011/03/15 02:12:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/15 02:12:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/15 02:07:57 | 000,001,106 | ---- | M] () -- C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/03/15 02:07:46 | 000,000,926 | ---- | M] () -- C:\Users\mötö\Desktop\NTREGOPT.lnk [2011/03/15 02:07:46 | 000,000,907 | ---- | M] () -- C:\Users\mötö\Desktop\ERUNT.lnk [2011/03/15 02:05:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/03/15 02:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/15 02:04:44 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2011/03/15 01:56:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mötö\Desktop\TFC.exe [2011/03/15 01:56:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mötö\Desktop\OTL.exe [2011/03/15 01:56:20 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\mötö\Desktop\Erunt-setup.exe [2011/03/15 01:49:21 | 000,022,215 | ---- | M] () -- C:\Users\mötö\Desktop\SpybotSD.Results.zip [2011/03/15 01:47:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/03/14 22:41:30 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/03/14 21:52:35 | 000,074,483 | ---- | M] () -- C:\Users\mötö\Desktop\Wege-ins-Ausland.pdf [2011/03/13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\mötö\Desktop\Anleitung.html [2011/03/06 19:28:43 | 049,903,568 | ---- | M] () -- C:\Users\mötö\Desktop\MVI_6603.AVI [2011/02/28 18:39:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/02/28 18:39:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/02/28 18:39:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/02/28 18:39:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/02/28 18:39:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/02/16 21:08:40 | 001,040,395 | ---- | M] () -- C:\Users\mötö\Documents\zeugnisse.pdf [2011/02/16 21:04:36 | 000,099,023 | ---- | M] () -- C:\Users\mötö\Documents\Lebenslauf Deutsch nur zeugnisse.pdf ========== Files Created - No Company Name ========== [2011/03/15 02:07:57 | 000,001,106 | ---- | C] () -- C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/03/15 02:07:46 | 000,000,926 | ---- | C] () -- C:\Users\mötö\Desktop\NTREGOPT.lnk [2011/03/15 02:07:46 | 000,000,907 | ---- | C] () -- C:\Users\mötö\Desktop\ERUNT.lnk [2011/03/15 01:49:21 | 000,022,215 | ---- | C] () -- C:\Users\mötö\Desktop\SpybotSD.Results.zip [2011/03/14 22:41:30 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/03/14 21:52:35 | 000,074,483 | ---- | C] () -- C:\Users\mötö\Desktop\Wege-ins-Ausland.pdf [2011/03/13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\mötö\Desktop\Anleitung.html [2011/03/06 19:28:38 | 049,903,568 | ---- | C] () -- C:\Users\mötö\Desktop\MVI_6603.AVI [2011/02/16 21:08:37 | 001,040,395 | ---- | C] () -- C:\Users\mötö\Documents\zeugnisse.pdf [2011/02/16 21:04:35 | 000,099,023 | ---- | C] () -- C:\Users\mötö\Documents\Lebenslauf Deutsch nur zeugnisse.pdf [2010/04/15 10:42:58 | 000,003,584 | ---- | C] () -- C:\Users\mötö\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/26 13:41:38 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll [2009/12/31 19:55:39 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/12/09 13:43:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/12/09 12:57:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/11/18 12:55:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/11/18 12:21:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/08/19 09:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2009/08/19 09:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/01 09:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/10/29 23:54:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2010/03/27 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\3Dconnexion [2010/09/01 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Amazon [2009/12/09 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Asus WebStorage [2011/03/14 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Azureus [2009/12/11 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/08/29 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers [2010/06/02 09:50:54 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Facebook [2009/12/09 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\ICQ [2010/04/15 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Nokia [2009/12/11 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\PC Suite [2011/03/06 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\QuickScan [2011/01/03 21:09:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/01/22 13:27:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009/12/09 12:16:56 | 000,000,000 | -H-D | M] -- C:\asus.dat [2009/07/29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/12/09 13:55:09 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/03/14 22:41:26 | 000,000,000 | R--D | M] -- C:\Program Files [2011/03/15 02:07:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/02/07 15:30:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009/12/09 12:01:15 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/03/15 02:13:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/04/20 10:24:56 | 000,000,000 | R--D | M] -- C:\Users [2011/03/15 02:09:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
15.03.2011, 16:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | win32.autorun.tmp wie werd ichs los?! Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________Bitte auch dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ |
|
15.03.2011, 17:43
| #3 |
| | win32.autorun.tmp wie werd ichs los?! Malwarebytes' Anti-Malware 1.50.1.1100
__________________www.malwarebytes.org Datenbank Version: 6056 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.03.2011 23:59:11 mbam-log-2011-03-14 (23-59-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 288935 Laufzeit: 43 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6057 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.03.2011 00:14:29 mbam-log-2011-03-15 (00-14-29).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167733 Laufzeit: 3 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6062 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.03.2011 11:05:25 mbam-log-2011-03-15 (11-05-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 286204 Laufzeit: 1 Stunde(n), 2 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
15.03.2011, 17:45
| #4 |
| | win32.autorun.tmp wie werd ichs los?! die anderen sind von januar die log dateien vom tool folgen heute abend, danke schon mal |
|
15.03.2011, 21:25
| #5 |
| | win32.autorun.tmp wie werd ichs los?! hier die tdss killer log datei 2011/03/15 21:23:56.0700 5828 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/15 21:23:57.0213 5828 ================================================================================ 2011/03/15 21:23:57.0213 5828 SystemInfo: 2011/03/15 21:23:57.0213 5828 2011/03/15 21:23:57.0213 5828 OS Version: 6.1.7600 ServicePack: 0.0 2011/03/15 21:23:57.0213 5828 Product type: Workstation 2011/03/15 21:23:57.0214 5828 ComputerName: MÖTÖ-PC 2011/03/15 21:23:57.0214 5828 UserName: mötö 2011/03/15 21:23:57.0214 5828 Windows directory: C:\Windows 2011/03/15 21:23:57.0214 5828 System windows directory: C:\Windows 2011/03/15 21:23:57.0214 5828 Running under WOW64 2011/03/15 21:23:57.0214 5828 Processor architecture: Intel x64 2011/03/15 21:23:57.0214 5828 Number of processors: 2 2011/03/15 21:23:57.0214 5828 Page size: 0x1000 2011/03/15 21:23:57.0214 5828 Boot type: Normal boot 2011/03/15 21:23:57.0215 5828 ================================================================================ 2011/03/15 21:23:57.0663 5828 Initialize success 2011/03/15 21:24:07.0699 3412 ================================================================================ 2011/03/15 21:24:07.0699 3412 Scan started 2011/03/15 21:24:07.0699 3412 Mode: Manual; 2011/03/15 21:24:07.0699 3412 ================================================================================ 2011/03/15 21:24:09.0173 3412 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/03/15 21:24:09.0259 3412 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/03/15 21:24:09.0324 3412 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/03/15 21:24:09.0398 3412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/03/15 21:24:09.0465 3412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/03/15 21:24:09.0502 3412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/03/15 21:24:09.0591 3412 AF15BDA (0517e1670a58213e3f206066cd209273) C:\Windows\system32\DRIVERS\AF15BDA.sys 2011/03/15 21:24:09.0671 3412 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/03/15 21:24:09.0755 3412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/03/15 21:24:09.0817 3412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/03/15 21:24:09.0876 3412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/03/15 21:24:09.0908 3412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/03/15 21:24:09.0962 3412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/03/15 21:24:09.0993 3412 amdsata (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys 2011/03/15 21:24:10.0048 3412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/03/15 21:24:10.0087 3412 amdxata (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys 2011/03/15 21:24:10.0148 3412 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/03/15 21:24:10.0247 3412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/03/15 21:24:10.0282 3412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/03/15 21:24:10.0345 3412 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys 2011/03/15 21:24:10.0444 3412 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys 2011/03/15 21:24:10.0561 3412 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys 2011/03/15 21:24:10.0639 3412 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys 2011/03/15 21:24:10.0729 3412 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys 2011/03/15 21:24:10.0817 3412 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys 2011/03/15 21:24:10.0977 3412 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys 2011/03/15 21:24:11.0053 3412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/15 21:24:11.0113 3412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/03/15 21:24:11.0432 3412 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 2011/03/15 21:24:11.0837 3412 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/03/15 21:24:12.0062 3412 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 2011/03/15 21:24:12.0224 3412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/03/15 21:24:12.0331 3412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/03/15 21:24:12.0382 3412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/03/15 21:24:12.0454 3412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/03/15 21:24:12.0498 3412 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/15 21:24:12.0550 3412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/03/15 21:24:12.0584 3412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/03/15 21:24:12.0630 3412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/03/15 21:24:12.0664 3412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/03/15 21:24:12.0706 3412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/03/15 21:24:12.0733 3412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/03/15 21:24:12.0778 3412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/15 21:24:12.0867 3412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/15 21:24:12.0934 3412 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/15 21:24:13.0092 3412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/03/15 21:24:13.0185 3412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/03/15 21:24:13.0344 3412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/15 21:24:13.0395 3412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/03/15 21:24:13.0437 3412 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/03/15 21:24:13.0477 3412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/15 21:24:13.0538 3412 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/03/15 21:24:13.0617 3412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/03/15 21:24:13.0685 3412 CRFILTER (64beed6775c22b0362fa9ded3f8124a1) C:\Windows\system32\DRIVERS\CRFILTER.sys 2011/03/15 21:24:13.0823 3412 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/03/15 21:24:13.0873 3412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/03/15 21:24:13.0928 3412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/03/15 21:24:13.0996 3412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/03/15 21:24:14.0096 3412 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/15 21:24:14.0303 3412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/03/15 21:24:14.0606 3412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/03/15 21:24:14.0718 3412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/03/15 21:24:14.0818 3412 ETD (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys 2011/03/15 21:24:14.0899 3412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/03/15 21:24:14.0940 3412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/03/15 21:24:14.0983 3412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/15 21:24:15.0033 3412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/03/15 21:24:15.0077 3412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/03/15 21:24:15.0111 3412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/15 21:24:15.0151 3412 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/03/15 21:24:15.0205 3412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/03/15 21:24:15.0258 3412 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/03/15 21:24:15.0296 3412 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/15 21:24:15.0366 3412 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/15 21:24:15.0428 3412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/03/15 21:24:15.0510 3412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/03/15 21:24:15.0572 3412 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/03/15 21:24:15.0721 3412 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/15 21:24:15.0797 3412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/03/15 21:24:15.0839 3412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/15 21:24:15.0873 3412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/03/15 21:24:15.0930 3412 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/15 21:24:16.0009 3412 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/03/15 21:24:16.0076 3412 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/03/15 21:24:16.0186 3412 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/03/15 21:24:16.0313 3412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/15 21:24:16.0373 3412 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/03/15 21:24:16.0433 3412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/03/15 21:24:16.0486 3412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/03/15 21:24:16.0576 3412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/15 21:24:16.0632 3412 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/15 21:24:16.0671 3412 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/03/15 21:24:16.0717 3412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/03/15 21:24:16.0761 3412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/03/15 21:24:16.0794 3412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/03/15 21:24:16.0840 3412 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/15 21:24:16.0899 3412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/15 21:24:16.0946 3412 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/03/15 21:24:16.0997 3412 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 2011/03/15 21:24:17.0051 3412 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/15 21:24:17.0104 3412 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/03/15 21:24:17.0150 3412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/03/15 21:24:17.0294 3412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/15 21:24:17.0415 3412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/03/15 21:24:17.0485 3412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/03/15 21:24:17.0548 3412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/03/15 21:24:17.0605 3412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/03/15 21:24:17.0656 3412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/03/15 21:24:17.0708 3412 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys 2011/03/15 21:24:17.0751 3412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/03/15 21:24:17.0804 3412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/03/15 21:24:17.0872 3412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/03/15 21:24:17.0924 3412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/15 21:24:18.0009 3412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/15 21:24:18.0097 3412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/15 21:24:18.0154 3412 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/03/15 21:24:18.0194 3412 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/03/15 21:24:18.0240 3412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/15 21:24:18.0297 3412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/03/15 21:24:18.0359 3412 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/15 21:24:18.0395 3412 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/15 21:24:18.0432 3412 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/15 21:24:18.0474 3412 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/03/15 21:24:18.0514 3412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/03/15 21:24:18.0575 3412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/03/15 21:24:18.0617 3412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/03/15 21:24:18.0643 3412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/03/15 21:24:18.0701 3412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/15 21:24:18.0732 3412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/15 21:24:18.0756 3412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/03/15 21:24:18.0790 3412 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/03/15 21:24:18.0833 3412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/15 21:24:18.0874 3412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/03/15 21:24:18.0914 3412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/03/15 21:24:18.0971 3412 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys 2011/03/15 21:24:19.0043 3412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/03/15 21:24:19.0140 3412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/15 21:24:19.0260 3412 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/03/15 21:24:19.0410 3412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/03/15 21:24:19.0489 3412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/15 21:24:19.0553 3412 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/15 21:24:19.0591 3412 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/15 21:24:19.0618 3412 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/03/15 21:24:19.0658 3412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/15 21:24:19.0695 3412 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/15 21:24:19.0805 3412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/03/15 21:24:19.0957 3412 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys 2011/03/15 21:24:20.0034 3412 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys 2011/03/15 21:24:20.0082 3412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/03/15 21:24:20.0127 3412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/15 21:24:20.0223 3412 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/03/15 21:24:20.0331 3412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/03/15 21:24:20.0392 3412 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/03/15 21:24:20.0444 3412 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/03/15 21:24:20.0480 3412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/03/15 21:24:20.0536 3412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/15 21:24:20.0597 3412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/03/15 21:24:20.0631 3412 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/03/15 21:24:20.0694 3412 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 2011/03/15 21:24:20.0734 3412 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/03/15 21:24:20.0766 3412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/03/15 21:24:20.0815 3412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/03/15 21:24:20.0853 3412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/03/15 21:24:20.0907 3412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/03/15 21:24:21.0062 3412 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/15 21:24:21.0099 3412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/03/15 21:24:21.0155 3412 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/15 21:24:21.0345 3412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/03/15 21:24:21.0572 3412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/03/15 21:24:21.0658 3412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/15 21:24:21.0688 3412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/15 21:24:21.0736 3412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/03/15 21:24:21.0782 3412 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/15 21:24:21.0833 3412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/15 21:24:21.0866 3412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/15 21:24:21.0899 3412 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/15 21:24:21.0934 3412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/03/15 21:24:21.0965 3412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/15 21:24:22.0007 3412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/15 21:24:22.0038 3412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/03/15 21:24:22.0090 3412 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/03/15 21:24:22.0190 3412 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/03/15 21:24:22.0292 3412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/15 21:24:22.0357 3412 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/03/15 21:24:22.0405 3412 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/03/15 21:24:22.0458 3412 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/03/15 21:24:22.0658 3412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/03/15 21:24:22.0780 3412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/15 21:24:22.0851 3412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/03/15 21:24:22.0893 3412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/03/15 21:24:23.0126 3412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/03/15 21:24:23.0270 3412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/03/15 21:24:23.0320 3412 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/03/15 21:24:23.0363 3412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/03/15 21:24:23.0541 3412 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 2011/03/15 21:24:23.0660 3412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/03/15 21:24:23.0733 3412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/03/15 21:24:23.0843 3412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/03/15 21:24:24.0097 3412 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/03/15 21:24:24.0222 3412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/03/15 21:24:24.0325 3412 SRS_PremiumSound_Service (ac51533c7eeb05aa02b294a60e946238) C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys 2011/03/15 21:24:24.0403 3412 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2011/03/15 21:24:24.0485 3412 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/15 21:24:24.0539 3412 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/15 21:24:24.0609 3412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/03/15 21:24:24.0654 3412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/15 21:24:24.0774 3412 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/03/15 21:24:24.0969 3412 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/15 21:24:25.0028 3412 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/15 21:24:25.0080 3412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/03/15 21:24:25.0114 3412 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/03/15 21:24:25.0143 3412 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/15 21:24:25.0166 3412 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/15 21:24:25.0256 3412 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/15 21:24:25.0289 3412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/15 21:24:25.0317 3412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/03/15 21:24:25.0351 3412 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/15 21:24:25.0405 3412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/03/15 21:24:25.0451 3412 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/15 21:24:25.0500 3412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/03/15 21:24:25.0557 3412 upperdev (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 2011/03/15 21:24:25.0623 3412 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/15 21:24:25.0669 3412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/03/15 21:24:25.0701 3412 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/15 21:24:25.0739 3412 usbfilter (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys 2011/03/15 21:24:25.0787 3412 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/15 21:24:25.0816 3412 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/03/15 21:24:25.0859 3412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/15 21:24:25.0923 3412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/03/15 21:24:26.0052 3412 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys 2011/03/15 21:24:26.0132 3412 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys 2011/03/15 21:24:26.0177 3412 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/15 21:24:26.0214 3412 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/15 21:24:26.0280 3412 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2011/03/15 21:24:26.0361 3412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/03/15 21:24:26.0427 3412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/15 21:24:26.0465 3412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/03/15 21:24:26.0576 3412 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/03/15 21:24:26.0727 3412 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys 2011/03/15 21:24:26.0904 3412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/03/15 21:24:26.0960 3412 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/03/15 21:24:27.0008 3412 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/03/15 21:24:27.0055 3412 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/03/15 21:24:27.0101 3412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/03/15 21:24:27.0145 3412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/03/15 21:24:27.0177 3412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/03/15 21:24:27.0221 3412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/03/15 21:24:27.0279 3412 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/15 21:24:27.0309 3412 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/15 21:24:27.0452 3412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/03/15 21:24:27.0514 3412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/15 21:24:27.0671 3412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/03/15 21:24:27.0726 3412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/03/15 21:24:27.0844 3412 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/03/15 21:24:27.0891 3412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/03/15 21:24:27.0980 3412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/15 21:24:28.0040 3412 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/03/15 21:24:28.0089 3412 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/15 21:24:28.0202 3412 ================================================================================ 2011/03/15 21:24:28.0202 3412 Scan finished 2011/03/15 21:24:28.0202 3412 ================================================================================ |
|
15.03.2011, 21:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp wie werd ichs los?! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: " 62.243.224.179"
FF - prefs.js..network.proxy.backup.ftp_port: 1080
FF - prefs.js..network.proxy.backup.gopher: " 62.243.224.179"
FF - prefs.js..network.proxy.backup.gopher_port: 1080
FF - prefs.js..network.proxy.backup.socks: " 62.243.224.179"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: " 62.243.224.179"
FF - prefs.js..network.proxy.backup.ssl_port: 1080
FF - prefs.js..network.proxy.ftp: " 131.247.2.247"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: " 131.247.2.247"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: " 131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: " 131.247.2.247"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: " 131.247.2.247"
FF - prefs.js..network.proxy.ssl_port: 3127
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Setwallpaper] File not found
O4 - HKCU..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> win32.autorun.tmp wie werd ichs los?! |
|
15.03.2011, 22:31
| #7 |
| | win32.autorun.tmp wie werd ichs los?! hier bitte All processes killed ========== OTL ========== Prefs.js: " 62.243.224.179" removed from network.proxy.backup.ftp Prefs.js: 1080 removed from network.proxy.backup.ftp_port Prefs.js: " 62.243.224.179" removed from network.proxy.backup.gopher Prefs.js: 1080 removed from network.proxy.backup.gopher_port Prefs.js: " 62.243.224.179" removed from network.proxy.backup.socks Prefs.js: 1080 removed from network.proxy.backup.socks_port Prefs.js: " 62.243.224.179" removed from network.proxy.backup.ssl Prefs.js: 1080 removed from network.proxy.backup.ssl_port Prefs.js: " 131.247.2.247" removed from network.proxy.ftp Prefs.js: 3127 removed from network.proxy.ftp_port Prefs.js: " 131.247.2.247" removed from network.proxy.gopher Prefs.js: 3127 removed from network.proxy.gopher_port Prefs.js: " 131.247.2.247" removed from network.proxy.http Prefs.js: 3127 removed from network.proxy.http_port Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: " 131.247.2.247" removed from network.proxy.socks Prefs.js: 3127 removed from network.proxy.socks_port Prefs.js: " 131.247.2.247" removed from network.proxy.ssl Prefs.js: 3127 removed from network.proxy.ssl_port Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: mötö ->Temp folder emptied: 4549862 bytes ->Temporary Internet Files folder emptied: 1747337 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 95654215 bytes ->Flash cache emptied: 504 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 34626 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03152011_222651 Files\Folders moved on Reboot... C:\Users\mötö\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
16.03.2011, 10:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp wie werd ichs los?! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2011, 17:58
| #9 |
| | win32.autorun.tmp wie werd ichs los?! ... hat das gedauert.......  Geändert von mötö (16.03.2011 um 18:26 Uhr) |
|
16.03.2011, 18:21
| #10 |
| | win32.autorun.tmp wie werd ichs los?! finally nach fast 1 std kam die log datei Combofix Logfile: Code:
ATTFilter ComboFix 11-03-15.03 - mötö 16.03.2011 17:18:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2669 [GMT 1:00]
ausgeführt von:: c:\users\mötö\Desktop\cofi.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\mötö\remover.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-16 bis 2011-03-16 ))))))))))))))))))))))))))))))
.
.
2011-03-16 16:35 . 2011-03-16 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 21:41 . 2011-03-14 21:41 -------- d-----w- c:\program files\CCleaner
2011-03-14 21:34 . 2011-03-14 21:34 -------- d-----w- c:\program files (x86)\ESET
2011-03-08 19:40 . 2011-03-08 19:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-06 20:55 . 2011-03-06 20:56 -------- d-----w- c:\users\mötö\AppData\Roaming\QuickScan
2011-02-27 19:44 . 2011-02-27 19:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-02-24 09:59 . 2011-02-27 19:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-02-23 14:26 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 14:26 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-23 14:01 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 14:01 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 14:01 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 14:01 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-07-03 07:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-11 12:51 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-11 12:51 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-11 12:51 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-13 08:47 . 2009-12-09 11:26 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:47 . 2011-01-14 09:35 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-12-09 11:27 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-12-09 11:27 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-12-09 11:27 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-12-09 11:27 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-12-09 11:27 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 08:06 . 2011-02-11 12:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-11 12:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-11 12:51 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-11 12:51 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-11 12:51 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-11 12:51 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-11 12:51 3127808 ----a-w- c:\windows\system32\win32k.sys
2010-12-31 20:06 . 2010-11-17 18:20 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 06:16 . 2011-02-11 12:51 62976 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-11 12:51 97280 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-11 12:51 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-11 12:51 1197056 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-11 12:51 442880 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-11 12:51 258048 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-11 12:51 264192 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-11 12:51 15360 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-11 12:51 2003968 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-11 12:51 1880576 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-11 12:51 100864 ----a-w- c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-11 12:51 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-11 12:51 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-11 12:51 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-11 12:51 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-11 12:51 204288 ----a-w- c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-11 12:51 14336 ----a-w- c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-11 12:51 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-11 12:51 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-11 12:51 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
2010-12-20 17:09 . 2009-12-18 12:21 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-12-18 12:21 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-11 12:52 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-11 12:51 714752 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-11 12:52 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-11 12:51 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-11 12:52 482816 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-11 12:52 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-11 12:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-11 12:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33 2515552 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-07-10 3754232]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-18 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 16:22]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 16:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mötö\AppData\Roaming\Mozilla\Firefox\Profiles\lql6lmbe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16 18:18:54
ComboFix-quarantined-files.txt 2011-03-16 17:18
.
Vor Suchlauf: 7 Verzeichnis(se), 27.637.673.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.284.303.872 Bytes frei
.
- - End Of File - - 01EA26A06BE79366077DB77B6E36F43E
|
|
16.03.2011, 19:26
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp wie werd ichs los?! Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 19:47
| #12 |
| | win32.autorun.tmp wie werd ichs los?! MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer INC. System Product Name: K50AB Logical Drives Mask: 0x0000001c Kernel Drivers (total 201): 0x02A1D000 \SystemRoot\system32\ntoskrnl.exe 0x02FFA000 \SystemRoot\system32\hal.dll 0x00BA6000 \SystemRoot\system32\kdcom.dll 0x00C40000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C4D000 \SystemRoot\system32\PSHED.dll 0x00C61000 \SystemRoot\system32\CLFS.SYS 0x00CBF000 \SystemRoot\system32\CI.dll 0x00E49000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EED000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EFC000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F53000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F5C000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F66000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F99000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FA6000 \SystemRoot\System32\drivers\partmgr.sys 0x00FBB000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00FC4000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FD0000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FE5000 \SystemRoot\system32\drivers\pciide.sys 0x00FEC000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys 0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00E23000 \SystemRoot\system32\DRIVERS\msahci.sys 0x00E2E000 \SystemRoot\system32\DRIVERS\amdsata.sys 0x01084000 \SystemRoot\system32\DRIVERS\storport.sys 0x010E6000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys 0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys 0x01151000 \SystemRoot\System32\Drivers\AsDsm.sys 0x0115E000 \SystemRoot\system32\DRIVERS\lullaby.sys 0x01239000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01167000 \SystemRoot\System32\Drivers\msrpc.sys 0x013DC000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01000000 \SystemRoot\System32\Drivers\cng.sys 0x01200000 \SystemRoot\System32\drivers\pcw.sys 0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0149F000 \SystemRoot\system32\drivers\ndis.sys 0x01591000 \SystemRoot\system32\drivers\NETIO.SYS 0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x018C2000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0190E000 \SystemRoot\System32\Drivers\spldr.sys 0x01916000 \SystemRoot\System32\drivers\rdyboost.sys 0x01950000 \SystemRoot\System32\Drivers\mup.sys 0x01962000 \SystemRoot\System32\drivers\hwpolicy.sys 0x0196B000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x019A5000 \SystemRoot\system32\DRIVERS\disk.sys 0x019BB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x019EB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys 0x0183F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01869000 \SystemRoot\System32\Drivers\Null.SYS 0x01872000 \SystemRoot\System32\Drivers\Beep.SYS 0x01879000 \SystemRoot\System32\drivers\vga.sys 0x01887000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x018AC000 \SystemRoot\System32\drivers\watchdog.sys 0x019F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01475000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0147E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01487000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x011C5000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01492000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x011E3000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x02C9F000 \SystemRoot\system32\drivers\afd.sys 0x02D29000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x02D33000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D78000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D81000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02DA7000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x02DBD000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02DCC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DE7000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C68000 \SystemRoot\System32\drivers\discache.sys 0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys 0x01073000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03A97000 \SystemRoot\System32\Drivers\aswSP.SYS 0x03AE0000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03B06000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x03C98000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x042AF000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x043A3000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04833000 \SystemRoot\system32\DRIVERS\athrx.sys 0x049B0000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x049BD000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x03C39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x049C8000 \SystemRoot\system32\DRIVERS\usbfilter.sys 0x049D4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03B1B000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x04824000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x049E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03B39000 \SystemRoot\system32\DRIVERS\ETD.sys 0x043E9000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x049F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x043F8000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys 0x03B5A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x03B6A000 \SystemRoot\system32\drivers\srs_PremiumSound_amd64.sys 0x03BBD000 \SystemRoot\system32\drivers\ks.sys 0x049F9000 \SystemRoot\system32\drivers\ksthunk.sys 0x03A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03A16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03A3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03A46000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03A75000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x00DDB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04A34000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04A4E000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04A50000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04A62000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04ABC000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x05617000 \SystemRoot\system32\drivers\viahduaa.sys 0x057AB000 \SystemRoot\system32\drivers\portcls.sys 0x04AD1000 \SystemRoot\system32\drivers\drmk.sys 0x057E8000 \SystemRoot\System32\Drivers\crashdmp.sys 0x057F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x05600000 \SystemRoot\System32\Drivers\dump_amdsata.sys 0x04AF3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x04B06000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x04B14000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04B2D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05614000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04B36000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x04B43000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x000B0000 \SystemRoot\System32\win32k.sys 0x04B60000 \SystemRoot\System32\drivers\Dxapi.sys 0x01E2E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x01FE6000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x01FF7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x01E00000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004B0000 \SystemRoot\System32\TSDDD.dll 0x00630000 \SystemRoot\System32\cdd.dll 0x04B6C000 \SystemRoot\system32\drivers\luafv.sys 0x04B8F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x01E0E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x04BC9000 \SystemRoot\system32\drivers\WudfPf.sys 0x01E17000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x034CC000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x0351F000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x03532000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0354A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys 0x03400000 \SystemRoot\system32\drivers\HTTP.sys 0x03551000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0356F000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03587000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x06AB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x06AFF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x06B22000 \SystemRoot\system32\drivers\peauth.sys 0x06BC8000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06BD3000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06A00000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06A12000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07210000 \SystemRoot\System32\DRIVERS\srv.sys 0x072A6000 \SystemRoot\System32\Drivers\fastfat.SYS 0x07386000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x772A0000 \Windows\System32\ntdll.dll 0x484C0000 \Windows\System32\smss.exe 0xFF5C0000 \Windows\System32\apisetschema.dll 0xFFD80000 \Windows\System32\autochk.exe 0xFF4D0000 \Windows\System32\advapi32.dll 0xFF270000 \Windows\System32\iertutil.dll 0xFF1D0000 \Windows\System32\comdlg32.dll 0x77470000 \Windows\System32\normaliz.dll 0xFF180000 \Windows\System32\Wldap32.dll 0xFF000000 \Windows\System32\urlmon.dll 0x77460000 \Windows\System32\psapi.dll 0xFEF80000 \Windows\System32\difxapi.dll 0xFED70000 \Windows\System32\ole32.dll 0xFED20000 \Windows\System32\ws2_32.dll 0xFED00000 \Windows\System32\imagehlp.dll 0xFEC60000 \Windows\System32\msvcrt.dll 0x771A0000 \Windows\System32\user32.dll 0xFEB80000 \Windows\System32\oleaut32.dll 0xFEB50000 \Windows\System32\imm32.dll 0xFEB40000 \Windows\System32\nsi.dll 0xFEB20000 \Windows\System32\sechost.dll 0xFDD90000 \Windows\System32\shell32.dll 0xFDD20000 \Windows\System32\gdi32.dll 0xFDC10000 \Windows\System32\msctf.dll 0xFDAE0000 \Windows\System32\rpcrt4.dll 0xFD9B0000 \Windows\System32\wininet.dll 0xFD8E0000 \Windows\System32\usp10.dll 0xFD840000 \Windows\System32\clbcatq.dll 0xFD660000 \Windows\System32\setupapi.dll 0x77080000 \Windows\System32\kernel32.dll 0xFD650000 \Windows\System32\lpk.dll 0xFD5D0000 \Windows\System32\shlwapi.dll 0xFD530000 \Windows\System32\comctl32.dll 0xFD510000 \Windows\System32\devobj.dll 0xFD3A0000 \Windows\System32\crypt32.dll 0xFD360000 \Windows\System32\cfgmgr32.dll 0xFD320000 \Windows\System32\wintrust.dll 0xFD2B0000 \Windows\System32\KernelBase.dll 0xFD2A0000 \Windows\System32\msasn1.dll 0x76A50000 \Windows\SysWOW64\normaliz.dll Processes (total 79): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 352 csrss.exe 420 C:\Windows\System32\wininit.exe 440 csrss.exe 492 C:\Windows\System32\services.exe 516 C:\Windows\System32\winlogon.exe 544 C:\Windows\System32\lsass.exe 552 C:\Windows\System32\lsm.exe 652 C:\Windows\System32\svchost.exe 736 C:\Windows\System32\svchost.exe 792 C:\Windows\System32\atiesrxx.exe 872 C:\Windows\System32\svchost.exe 916 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 336 C:\Windows\System32\svchost.exe 444 C:\Windows\System32\atieclxx.exe 1108 C:\Windows\System32\svchost.exe 1204 C:\Windows\System32\FBAgent.exe 1232 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe 1260 C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1288 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1444 C:\Windows\System32\dwm.exe 1464 C:\Windows\explorer.exe 1564 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe 1572 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe 1704 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe 1860 C:\Windows\System32\spoolsv.exe 1872 C:\Windows\System32\taskhost.exe 2000 C:\Windows\System32\taskeng.exe 1124 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe 1088 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe 1072 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe 1488 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe 1368 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe 1364 C:\Program Files\P4G\BatteryLife.exe 1340 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe 1956 C:\Windows\System32\svchost.exe 2076 C:\Windows\SysWOW64\ACEngSvr.exe 2088 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe 2400 C:\Windows\System32\svchost.exe 2444 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2456 C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe 2580 C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe 2660 C:\Windows\System32\svchost.exe 2748 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 3108 C:\Windows\System32\SearchIndexer.exe 3628 C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe 3640 C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe 4012 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 4092 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe 1096 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe 3152 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE 836 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe 2556 C:\Program Files (x86)\Winamp\winampa.exe 2648 C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe 2804 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2788 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2644 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3988 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 4196 C:\Program Files\Windows Media Player\wmpnetwk.exe 4500 C:\Windows\System32\svchost.exe 4684 C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe 4804 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5004 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe 3448 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe 2996 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe 4636 C:\Windows\System32\svchost.exe 3816 C:\Windows\System32\svchost.exe 6096 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2652 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe 4056 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe 3924 C:\Windows\System32\audiodg.exe 660 MpCmdRun.exe 6000 taskhost.exe 2872 C:\Users\mötö\Desktop\MBRCheck.exe 5280 C:\Windows\System32\conhost.exe 4916 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000016`4aaf6e00 (NTFS) PhysicalDrive0 Model Number: ST9320325AS, Rev: 0002SDM1 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! bitte |
|
16.03.2011, 19:57
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp wie werd ichs los?! GMER wollte nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 20:14
| #14 |
| | win32.autorun.tmp wie werd ichs los?! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-16 20:11:41
Windows 6.1.7600
Running: y758zvjy.exe
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 1040 bytes
File C:\ADSM_PData_0150\DB\VL.db 6160 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Users\mötö\Gesicherte Musik 0 bytes
File C:\Users\mötö\Gesicherte Musik\_avt 512 bytes
File C:\Users\mötö\Gesicherte Musik\_lit 512 bytes
File C:\Users\mötö\Gesichertes Dokument 0 bytes
File C:\Users\mötö\Gesichertes Dokument\_avt 512 bytes
File C:\Users\mötö\Gesichertes Dokument\_lit 512 bytes
File C:\Users\mötö\Gesichertes Video 0 bytes
File C:\Users\mötö\Gesichertes Video\_avt 512 bytes
File C:\Users\mötö\Gesichertes Video\_lit 512 bytes
---- EOF - GMER 1.0.15 ----
|
|
16.03.2011, 20:14
| #15 |
| | win32.autorun.tmp wie werd ichs los?! doch doch eins nach dem anderen :-) |
|
| Themen zu win32.autorun.tmp wie werd ichs los?! |
| adblock, anti-malware, avast!, cc cleaner, cleaner, code, conduit, datei, dateien, edition, entfernen, explorer, file, fix, gfnexsrv.exe, home, location, log, log datei, malware, mas, microsoft, msvcr80.dll, nicht mehr, oldtimer, otl.exe, pdfforge toolbar, plug-in, programdata, remover, rootkit, safer networking, searchplugins, seite, seiten, spigot, spybot, start menu, synchronisation, syswow64, vdeck.exe, version, webcheck, win, windows, windows 7, windows 7 home, windows 7 home premium |
Linear-Darstellung
