| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/EyeStye.H.163 in C:\moonxxxxxx.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2011, 10:59
| #1 |
 |  TR/EyeStye.H.163 in C:\moonxxxxxx.exe Hallo! Bei meinem Postbank Online Banking wurde von besagtem Virus versucht, meine TANs abzugreifen, woraufhin ich - wie im Forum beschrieben - Virenscans von Malwarebytes und OTL gemacht habe. Die gefundenen Trojaner habe ich gelöscht. Muss ich zur Sicherheit das System neu aufsetzen? Wie sicher sind meine Passwörter noch? Ist ein Masterpasswort sicherer? 1. Hier das Logfile von Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6062 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 15.03.2011 10:05:08 mbam-log-2011-03-15 (10-05-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150390 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\recycle.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\recycle.bin\recycle.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully. 2. Die Logs von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.03.2011 10:36:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,17 Gb Total Space | 39,63 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive D: | 121,72 Gb Total Space | 9,05 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
Computer Name: LÄTTA-PC | User Name: Lätta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Programme\OTL Virenscan.exe File not found
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Lätta\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (SafeList) ==========
MOD - C:\Programme\OTL Virenscan.exe File not found
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (JuniperAccessService) -- C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
SRV - (VideoAcceleratorService) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 16 44 88 0F 80 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.18 21:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 19:50:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 16:22:28 | 000,000,000 | ---D | M]
[2008.10.02 10:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Extensions
[2011.03.14 17:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions
[2010.07.12 22:18:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.01 23:08:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.12 15:10:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.08 23:22:39 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.06 08:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}-trash
[2011.03.06 08:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\pink-bee@loic.com
[2011.03.10 10:19:56 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-1.xml
[2009.08.27 09:26:19 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-2.xml
[2009.09.23 16:53:35 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-3.xml
[2009.10.29 09:42:32 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-4.xml
[2009.07.22 07:46:53 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin.xml
[2009.12.08 23:22:28 | 000,003,915 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\sweetim.xml
[2011.03.14 17:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.28 16:39:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.19 08:20:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 08:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.11 19:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 01:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.18 21:47:10 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010.08.28 16:39:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.10.02 10:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008.12.16 22:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.01.27 20:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.28 09:44:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.01.06 22:55:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.06 08:19:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.04.19 08:20:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 08:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.11 19:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 01:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\LäTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\LäTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\LäTTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:22:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:22:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:22:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:22:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:22:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.11.17 23:23:55 | 000,000,937 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Lätta Stuff\Pix\Bowie\david_bowie_wallpaper_by_johnnypf-d344vv6.jpg
O24 - Desktop BackupWallPaper: D:\Lätta Stuff\Pix\Bowie\david_bowie_wallpaper_by_johnnypf-d344vv6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.15 10:28:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL Virenscan.exe
[2011.03.11 01:32:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.11 01:32:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.11 01:32:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.09 20:34:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 20:34:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 20:34:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 20:34:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.09 13:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.01 23:08:48 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.03.01 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\Lätta\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.01 21:15:19 | 000,000,000 | ---D | C] -- C:\Programme\Youtube Converter
[2011.02.28 19:02:08 | 010,405,274 | ---- | C] (Macromedia, Inc.) -- C:\Windows\Ziggy Stardust.exe
[2011.02.28 19:02:08 | 000,381,636 | ---- | C] (MacSourcery) -- C:\Windows\Ziggy Stardust.scr
[2011.02.28 19:02:08 | 000,040,960 | ---- | C] (MacSourcery) -- C:\Windows\Ziggy Stardust.dll
[2011.02.24 08:33:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 08:30:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 08:30:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 08:30:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 08:30:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 08:30:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 08:30:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 08:30:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 08:30:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 08:30:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 08:30:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 08:30:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 08:30:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 08:30:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.24 08:30:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 08:30:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 08:30:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010.12.09 18:26:25 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2010.07.29 15:55:14 | 001,391,616 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview_427_setup.exe
[2009.11.11 22:54:47 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7B37.dll
========== Files - Modified Within 30 Days ==========
[2011.03.15 10:35:53 | 000,000,708 | ---- | M] () -- C:\Users\Lätta\Desktop\OTL Virenscan.exe - Verknüpfung.lnk
[2011.03.15 10:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL Virenscan.exe
[2011.03.15 10:07:43 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.03.15 10:07:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.15 10:07:10 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 10:07:10 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 10:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.15 10:06:52 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.15 10:05:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.15 09:57:36 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.15 09:57:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962289449-4030429664-270294031-1000UA.job
[2011.03.15 09:51:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.14 17:16:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27E3785D-F620-427C-88C4-DE2BAC273D02}.job
[2011.03.14 10:57:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962289449-4030429664-270294031-1000Core.job
[2011.03.11 17:32:25 | 000,000,591 | ---- | M] () -- C:\Users\Lätta\Desktop\Uni - Verknüpfung.lnk
[2011.03.11 17:31:03 | 000,000,457 | ---- | M] () -- C:\Users\Lätta\Desktop\Lätta Stuff.lnk
[2011.03.11 10:52:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 10:52:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 10:52:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 10:52:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.09 13:57:24 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 10:23:58 | 000,040,014 | ---- | M] () -- C:\Users\Lätta\Documents\cc_20110307_102348.reg
[2011.03.01 21:15:51 | 000,001,038 | ---- | M] () -- C:\Users\Lätta\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.01 21:15:24 | 000,001,232 | ---- | M] () -- C:\Users\Lätta\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.28 19:02:08 | 010,405,274 | ---- | M] (Macromedia, Inc.) -- C:\Windows\Ziggy Stardust.exe
[2011.02.28 19:02:08 | 000,381,636 | ---- | M] (MacSourcery) -- C:\Windows\Ziggy Stardust.scr
[2011.02.28 19:02:08 | 000,040,960 | ---- | M] (MacSourcery) -- C:\Windows\Ziggy Stardust.dll
[2011.02.27 15:50:05 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
========== Files Created - No Company Name ==========
[2011.03.15 10:35:53 | 000,000,708 | ---- | C] () -- C:\Users\Lätta\Desktop\OTL Virenscan.exe - Verknüpfung.lnk
[2011.03.09 13:57:24 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 10:23:50 | 000,040,014 | ---- | C] () -- C:\Users\Lätta\Documents\cc_20110307_102348.reg
[2011.03.01 21:15:24 | 000,001,232 | ---- | C] () -- C:\Users\Lätta\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.27 15:50:05 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.02.24 08:30:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 08:30:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 08:30:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.10.03 11:06:50 | 000,083,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.01 13:46:05 | 000,001,320 | ---- | C] () -- C:\Programme\NfUdOua1.htm.part.htm
[2010.07.29 17:59:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.21 07:09:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.08 00:16:50 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009.09.24 07:16:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 07:16:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 07:15:43 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.08.28 09:20:05 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.10.06 12:24:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.03 10:02:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.10.02 18:19:42 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.10.02 10:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.02 09:47:06 | 000,024,064 | ---- | C] () -- C:\Users\Lätta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.02 09:39:32 | 000,001,356 | ---- | C] () -- C:\Users\Lätta\AppData\Local\d3d9caps.dat
[2008.10.02 09:26:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008.01.21 09:24:09 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:24:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:24:09 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:24:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 03:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.22 09:14:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007.02.22 08:46:00 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006.11.02 13:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:46:27 | 000,253,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >
3. Das zweite OTL Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.03.2011 10:36:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,17 Gb Total Space | 39,63 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive D: | 121,72 Gb Total Space | 9,05 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
Computer Name: LÄTTA-PC | User Name: Lätta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC Media Player\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC Media Player\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12531FBD-8AF9-465F-98CD-4D0D37D5AE10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CA803CE-F5AA-4759-AAAF-4C8E82A94D38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23FEF789-6434-40EF-98AA-C26457A027BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CE74E01-2EBE-49E4-BC15-79759CD31DC4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40A0B431-CB09-4DEB-BD78-2430338A3A25}" = lport=445 | protocol=6 | dir=in | app=system |
"{57686CE2-DEC1-434F-8DA3-22EAB2E2C770}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AF7BA1C-7612-410C-8994-B81F5F5D46DC}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B98383B-006F-4FB2-806F-49240707378B}" = lport=139 | protocol=6 | dir=in | app=system |
"{952A2255-C274-4237-8C77-81272A30D359}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BF5B41E-ADD4-4A32-BB83-D90EB6D623A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B74FF30C-5962-4B01-B280-820659FE3BBF}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1F82C42-D32A-458F-BC5E-906852D8ECB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6BF5B92-1383-4FFE-99C8-23A1A0E70E22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD03A6F2-AF60-4259-B718-4B9CF86A61A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{CECF8136-5E12-447C-99D1-907B6F7AF134}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF8B6019-56FE-4947-A655-E56B75B56519}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E2ED7A09-1887-4453-B986-4DF5A29196B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EAAB7755-0A01-4E6A-907A-0C7601A265D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCCE7A5A-AE86-4DE1-8C9E-71B074600943}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E1A42F-BF52-4611-8CC8-59F6E5103E12}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0BC01314-A14D-4233-BEFC-3B39D87E545E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F8D24FD-82FB-4FB9-8CA4-E7618D6026B0}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1044342C-C302-4A1B-98DF-E5C133AB6A9B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{11FA1E81-C95F-4DCF-8B2E-AAF4A5AEA0D4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{16A128CA-CAE9-40C9-B593-9F0EB22269B7}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{198FD1F5-6140-40D6-9F28-BBA23C1399DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{19E24F77-5C45-4B5D-8024-B4053F028369}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1C83542E-14DB-4132-BF96-98306434FB47}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{1F32A3E1-7369-4D25-9D91-E47DF3E29631}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{191a62aa-eb3e-490a-b617-0224787ad9c5}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{256DA84B-B226-4172-B548-16ADCFC99ECB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CE2C4B9-3C73-4980-9BBA-D8D283FDD9A1}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{2c4e5791-ef2e-451b-a278-f6f4a98297bc}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{2ED4F240-5E47-423F-A264-8485CFD44083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3253C308-39F2-4BFF-AE97-879A0E54D8E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{34242FB8-27C0-4B71-8F69-16C9821E7BED}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{db8f8d51-9e7a-4db9-afe4-078d09057fc4}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{364C8EBA-313E-4BED-A462-226ED35B8689}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3C5762B8-B989-42F8-87B6-F645A54BD751}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3F7734AD-FB6D-410A-9765-90FCC70C2F14}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{7318de82-0e45-4af8-bdf2-6c89808be92f}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{44362347-5C72-41E2-8702-B013C467DFD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4484C1A5-B5E8-4037-9039-B7D7B821BD49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44CBD963-982A-4D06-A2D5-5D0613BD6912}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45F41E86-4167-4CAB-BA55-F01C9B9846DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48F69CDC-6683-4FCE-B40B-466A024AF4CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B127985-8157-475C-B179-1E2E4F2389C5}" = protocol=6 | dir=out | app=system |
"{4B2AF09D-D7BF-4CBC-AB04-671DBDE486AE}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{e818ace7-c229-4b99-b289-d75590aad356}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{535A8419-AB4A-4C74-9926-643DDCCDECC1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5579D968-2C3E-4EA9-B8A4-14905C84A9DF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5BD0E09E-E0A3-4FC8-9C59-306BF8561E79}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5EA3A245-D238-4A8A-948F-B6D2180D8E3C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66EE6A83-17CC-4850-9A48-782FBB5CCB04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{681339BB-01DA-4BC0-AAC4-020EC7166ECB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{6CD7D174-187E-4C48-A9E5-2C8B06176135}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{728B7D39-2203-4221-A8BF-C8BC4056D859}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{77DB064E-8F9E-4EB9-B7EA-96D01F0D99B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79F63AC5-2624-4D91-B73F-EFFDF0A2EE36}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A4E0990-FAE7-40F9-88B0-C73233AE8DAC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7CD9D74A-335B-4F57-B4A9-CD776AA306D2}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{7318de82-0e45-4af8-bdf2-6c89808be92f}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{81C707EF-DEF1-428D-86B6-48A9C871A092}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8665A969-BFD4-4900-A1E3-35490E94B587}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{191a62aa-eb3e-490a-b617-0224787ad9c5}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{89BE2F5C-9EB8-455B-AAD7-0CFB713915E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B0BF03E-1FE5-46D0-91DD-797BF5A0F8FE}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{dd01eac0-7e31-4b50-9009-189707d7fded}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{8D053747-34B0-497A-880F-2F4556285BF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9188D2E6-660A-415C-8385-607255A218CC}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{91F01FBA-7E3C-4738-BCD7-58DE136C6FB1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{9653F135-B697-4648-9CE0-F19BCC907774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974EFA48-8E64-46BC-8E3B-5F45AD5B0C72}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9877629D-85C6-44CE-9995-454E7C8A15E3}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{be83b468-73b8-4908-9ef2-22d19709b8e9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{A1763436-55D7-4E9D-96D0-64A70BDFC5BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6B71200-FE10-4767-BFF1-A2985990DC3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7897400-FF49-417E-AD95-BAF607434D14}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{be83b468-73b8-4908-9ef2-22d19709b8e9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{ADC88AAA-F214-4435-B9FF-5F9405A59073}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{e818ace7-c229-4b99-b289-d75590aad356}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{ADF6FDD0-F875-4836-B792-2A3644022980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD6F2CD4-C72F-4F68-8838-D06E5669A83C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C09B3841-F2F6-4481-B976-04B3F838299C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3F2F912-5399-4AF0-888B-ADD8A3F1C623}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C85D54E0-B3E8-4100-8E1A-E9C392AAC8DC}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{D015D9C3-5A97-496D-AE1A-3BA543DE557F}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D0ACBB32-7FAF-4960-A643-07CE6E48D007}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D38D227A-DE02-4D43-A290-F4E9533CF3EE}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{DB4E5A3B-98F3-4216-A0A6-CDDFECE23E5B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCA0DF42-B1C6-4ACE-A754-9641DF1E1C30}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{2c4e5791-ef2e-451b-a278-f6f4a98297bc}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{DD2407BB-5969-4F6B-BB3A-E647686910BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD43A023-B4FA-4BF6-9FF1-06952B970859}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{db8f8d51-9e7a-4db9-afe4-078d09057fc4}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{DD54E958-DE04-4D35-9535-98E783EDE20F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{DEED9EEA-E964-49B1-AD24-EFDBE8B6898E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E207445C-18A8-43DA-AA59-A388EA861D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2B65363-9A4C-45DD-8CC5-ADA0CD419CF6}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E7D00BBE-3135-40C9-A830-ABF87CF3859C}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{40aaad67-4725-4673-ba3b-5996349fb873}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{E99A4E04-2111-474D-87A2-5DB3BB5502E1}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{40aaad67-4725-4673-ba3b-5996349fb873}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{EAF4FD9D-5E82-44D9-B108-E1B68B1BEBB5}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{dd01eac0-7e31-4b50-9009-189707d7fded}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"TCP Query User{0BD67CFF-0B54-4179-8406-D83BC135C4A0}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{4442AFEE-1AFD-4C42-AF80-35E15C7FC9CC}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{685E4090-39FA-49CD-A47A-FE434FA8E5E4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7F7301EA-87F3-40B1-8F91-C237ED82258D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D3987A54-1836-4EE4-AC21-D113178C5220}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DDE5EC26-4073-4888-AB59-FFAF8B65F1B4}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{FD0AB29A-5062-456D-A27C-5E6994BB5778}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{FDE96826-2307-4BCF-9470-46F93805C7B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{147FBAFA-2BDB-4997-B7B8-1EE839C341D3}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{181AF3AC-B077-4CE6-920A-0F79177F5546}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{208A18A3-B2A7-4C81-8B95-C50F5D675D60}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{2EA0F319-B77D-462B-9774-73E2A176E939}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{4C72DB8C-5357-4306-A497-3D1EBD1B296C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6E01B844-F3F1-459D-8D77-8EDCB6842837}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7CCA3111-DDF7-4290-88EB-FAD1ECC45611}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{98A40B30-D6AC-4C97-AD50-7AD97C6743F5}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"DTweak_is1" = DTweak
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Download Manager_is1" = Free Download Manager 2.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iDump" = iDump (Backing up your iPod)
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LastFM_is1" = Last.fm 1.5.4.27091
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OnScreenDisplay" = Anzeige am Bildschirm
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"ratDVD" = ratDVD 0.78.1444
"SetupService" = Juniper Installer Service
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.178.20:5353 4 L-tta-PC.local.
Addr 192.168.178.20
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 L-tta-PC.local.
Addr 192.168.178.28
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname L-tta-PC.local already in use; will try L-tta-PC-2.local
instead
Error - 03.01.2011 10:27:44 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 13.03.2011 10:38:53 | Computer Name = Lätta-PC | Source = DCOM | ID = 10010
Description =
Error - 13.03.2011 10:44:50 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.03.2011 16:14:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.03.2011 04:47:16 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.03.2011 07:36:10 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.03.2011 08:04:47 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.03.2011 09:47:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.03.2011 12:17:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 03:39:14 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 05:08:32 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
________________________________ Vielen Dank für die Hilfe! |
|
15.03.2011, 11:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
15.03.2011, 13:50
| #3 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Hier die alten Logs, sin aber alle mit ner veralteten Version gelaufen (wusste nicht, dass man manuell updaten muss).
__________________1. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 15.03.2011 09:27:12 mbam-log-2011-03-15 (09-27-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 121373 Laufzeit: 13 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 2. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 07.03.2011 22:28:32 mbam-log-2011-03-07 (22-28-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 121143 Laufzeit: 15 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 3. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 07.03.2011 22:28:32 mbam-log-2011-03-07 (22-28-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 121143 Laufzeit: 15 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 4. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 07.03.2011 13:57:56 mbam-log-2011-03-07 (13-57-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 344466 Laufzeit: 3 Stunde(n), 23 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 5. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 07.03.2011 10:27:56 mbam-log-2011-03-07 (10-27-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 98191 Laufzeit: 10 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Ziggy Stardust.dat (Trojan.Agent) -> Quarantined and deleted successfully. 6. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 05.09.2010 23:31:52 mbam-log-2010-09-05 (23-31-52).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 120867 Laufzeit: 8 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 7. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4092 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 12.05.2010 11:06:19 mbam-log-2010-05-12 (11-06-19).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 120860 Laufzeit: 5 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
15.03.2011, 16:08
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/EyeStye.H.163 in C:\moonxxxxxx.exeZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2011, 00:06
| #5 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe alles klar, hier der Vollscan; und schon mal danke! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6066 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 15.03.2011 19:33:44 mbam-log-2011-03-15 (19-33-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 378833 Laufzeit: 2 Stunde(n), 53 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: d:\Utils\exact audio copy 0.99 prebeta 4\eac-0.99pb4.exe (Adware.Yabector) -> Quarantined and deleted successfully. |
|
16.03.2011, 10:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> TR/EyeStye.H.163 in C:\moonxxxxxx.exe |
|
16.03.2011, 15:11
| #7 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Combofix Logfile: Code:
ATTFilter ComboFix 11-03-15.02 - Lätta 16.03.2011 14:58:47.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.3062.1762 [GMT 1:00]
ausgeführt von:: c:\users\Lätta\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe7B37.dll
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.5-win32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-16 bis 2011-03-16 ))))))))))))))))))))))))))))))
.
.
2011-03-16 14:04 . 2011-03-16 14:04 -------- d-----w- c:\users\Lätta\AppData\Local\temp
2011-03-16 14:04 . 2011-03-16 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 13:53 . 2011-03-16 13:55 -------- d-----w- C:\32788R22FWJFW
2011-03-15 09:28 . 2011-03-15 09:28 580608 ----a-w- c:\program files\OTL Virenscan.exe
2011-03-15 07:43 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77CD5EE3-D158-4B74-B1FD-F1C86B52A2AA}\mpengine.dll
2011-03-09 19:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 19:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-01 22:08 . 2011-03-01 22:08 -------- d-----w- c:\program files\Conduit
2011-03-01 20:15 . 2011-03-01 20:15 -------- d-----w- c:\users\Lätta\AppData\Roaming\DVDVideoSoftIEHelpers
2011-03-01 20:15 . 2011-03-01 20:15 -------- d-----w- c:\program files\Youtube Converter
2011-02-28 18:02 . 2011-02-28 18:02 40960 ----a-w- c:\windows\Ziggy Stardust.dll
2011-02-28 18:02 . 2011-02-28 18:02 381636 begin_of_the_skype_highlighting**************02 381636******end_of_the_skype_highlighting ----a-w- c:\windows\Ziggy Stardust.scr
2011-02-28 18:02 . 2011-02-28 18:02 10405274 ----a-w- c:\windows\Ziggy Stardust.exe
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-04-19 07:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-13 07:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 15:55 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 15:55 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 15:55 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 15:55 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 15:55 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 15:55 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 15:55 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 15:55 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 15:55 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 15:55 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 15:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 15:55 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 15:55 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 15:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 15:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 15:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 15:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 15:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 15:55 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 15:55 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 15:55 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 15:55 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 15:55 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 15:55 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 15:55 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 15:55 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 15:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 15:55 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 15:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 15:55 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 15:56 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 09:32 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-26 08:53 . 2009-08-27 11:47 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 17:09 . 2010-05-12 08:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-05-12 08:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 06:27 . 2011-02-09 15:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 15:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 15:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 15:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:22 . 2011-02-09 15:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 05:25 . 2011-02-09 15:55 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 15:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 15:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-09 17:29 . 2010-12-09 17:26 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-07-29 14:55 . 2010-07-29 14:55 1391616 ----a-w- c:\program files\iview_427_setup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Google Update"="c:\users\Lätta\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-27 133104]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-11-16 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-05 34352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"LPManager"="c:\progra~1\Lenovo\LENOVO~1\LPMGR.exe" [2007-03-01 120368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-3-29 719664]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-11-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e87644512c99;Google Update Service (gupdate1c9e87644512c99);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-05-04 288368]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-06-02 132464]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-03-27 58736]
S3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 20:18]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 20:18]
.
2011-03-15 c:\windows\Tasks\User_Feed_Synchronization-{27E3785D-F620-427C-88C4-DE2BAC273D02}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\Buyertools Reminder\ReminderIE.exe
FF - ProfilePath - c:\users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-16 15:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-16 15:06:28
ComboFix-quarantined-files.txt 2011-03-16 14:06
.
Vor Suchlauf: 13 Verzeichnis(se), 41.458.610.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 41.386.536.960 Bytes frei
.
- - End Of File - - D78EF613B293FCC8F741F7FD0E5A0965
|
|
16.03.2011, 15:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 15:36
| #9 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe 2011/03/16 15:33:34.0780 1896 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/16 15:33:35.0167 1896 ================================================================================ 2011/03/16 15:33:35.0167 1896 SystemInfo: 2011/03/16 15:33:35.0167 1896 2011/03/16 15:33:35.0167 1896 OS Version: 6.0.6002 ServicePack: 2.0 2011/03/16 15:33:35.0167 1896 Product type: Workstation 2011/03/16 15:33:35.0167 1896 ComputerName: LÄTTA-PC 2011/03/16 15:33:35.0168 1896 UserName: Lätta 2011/03/16 15:33:35.0168 1896 Windows directory: C:\Windows 2011/03/16 15:33:35.0168 1896 System windows directory: C:\Windows 2011/03/16 15:33:35.0168 1896 Processor architecture: Intel x86 2011/03/16 15:33:35.0168 1896 Number of processors: 2 2011/03/16 15:33:35.0168 1896 Page size: 0x1000 2011/03/16 15:33:35.0168 1896 Boot type: Normal boot 2011/03/16 15:33:35.0168 1896 ================================================================================ 2011/03/16 15:33:35.0472 1896 Initialize success 2011/03/16 15:33:46.0782 4104 ================================================================================ 2011/03/16 15:33:46.0782 4104 Scan started 2011/03/16 15:33:46.0782 4104 Mode: Manual; 2011/03/16 15:33:46.0782 4104 ================================================================================ 2011/03/16 15:33:47.0346 4104 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/03/16 15:33:47.0415 4104 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/03/16 15:33:47.0617 4104 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/03/16 15:33:47.0742 4104 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/03/16 15:33:47.0860 4104 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/03/16 15:33:47.0936 4104 AF15BDA (ad0565605d67500ca1c25d3a415d3dce) C:\Windows\system32\drivers\AF15BDA.sys 2011/03/16 15:33:48.0041 4104 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/03/16 15:33:48.0211 4104 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/03/16 15:33:48.0361 4104 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/03/16 15:33:48.0405 4104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/03/16 15:33:48.0530 4104 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/03/16 15:33:48.0580 4104 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/03/16 15:33:48.0622 4104 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/03/16 15:33:48.0740 4104 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/03/16 15:33:48.0764 4104 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/03/16 15:33:48.0957 4104 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/03/16 15:33:48.0995 4104 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/03/16 15:33:49.0113 4104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/16 15:33:49.0168 4104 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/03/16 15:33:49.0223 4104 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 2011/03/16 15:33:49.0307 4104 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/03/16 15:33:49.0411 4104 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/03/16 15:33:49.0468 4104 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/03/16 15:33:49.0625 4104 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/03/16 15:33:49.0690 4104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/03/16 15:33:49.0818 4104 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/03/16 15:33:49.0873 4104 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/16 15:33:49.0993 4104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/03/16 15:33:50.0022 4104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/03/16 15:33:50.0073 4104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/03/16 15:33:50.0180 4104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/03/16 15:33:50.0204 4104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/03/16 15:33:50.0228 4104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/03/16 15:33:50.0353 4104 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/03/16 15:33:50.0418 4104 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/16 15:33:50.0457 4104 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/03/16 15:33:50.0600 4104 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/03/16 15:33:50.0636 4104 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/03/16 15:33:50.0766 4104 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 2011/03/16 15:33:50.0828 4104 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 2011/03/16 15:33:50.0936 4104 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/03/16 15:33:51.0152 4104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/16 15:33:51.0223 4104 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/16 15:33:51.0265 4104 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/03/16 15:33:51.0353 4104 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/03/16 15:33:51.0457 4104 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/16 15:33:51.0544 4104 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/03/16 15:33:51.0593 4104 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/16 15:33:51.0622 4104 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/03/16 15:33:51.0659 4104 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/03/16 15:33:51.0780 4104 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 2011/03/16 15:33:51.0867 4104 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/03/16 15:33:51.0992 4104 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\Windows\system32\Drivers\CVPNDRVA.sys 2011/03/16 15:33:52.0085 4104 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/03/16 15:33:52.0213 4104 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/03/16 15:33:52.0299 4104 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys 2011/03/16 15:33:52.0411 4104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/03/16 15:33:52.0480 4104 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/16 15:33:52.0583 4104 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/03/16 15:33:52.0646 4104 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/03/16 15:33:52.0819 4104 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/03/16 15:33:52.0945 4104 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/03/16 15:33:53.0061 4104 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/03/16 15:33:53.0109 4104 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/03/16 15:33:53.0232 4104 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/16 15:33:53.0280 4104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/03/16 15:33:53.0320 4104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/03/16 15:33:53.0355 4104 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/16 15:33:53.0436 4104 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/03/16 15:33:53.0517 4104 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/16 15:33:53.0600 4104 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/16 15:33:53.0656 4104 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/03/16 15:33:53.0710 4104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/03/16 15:33:53.0840 4104 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/03/16 15:33:53.0914 4104 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/16 15:33:54.0021 4104 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/16 15:33:54.0077 4104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/03/16 15:33:54.0140 4104 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/16 15:33:54.0242 4104 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/03/16 15:33:54.0303 4104 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/03/16 15:33:54.0326 4104 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/03/16 15:33:54.0422 4104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/16 15:33:54.0478 4104 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/03/16 15:33:54.0600 4104 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/03/16 15:33:54.0756 4104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/03/16 15:33:54.0860 4104 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys 2011/03/16 15:33:55.0001 4104 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/03/16 15:33:55.0027 4104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/16 15:33:55.0077 4104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/16 15:33:55.0131 4104 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/03/16 15:33:55.0227 4104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/03/16 15:33:55.0269 4104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/03/16 15:33:55.0300 4104 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/03/16 15:33:55.0359 4104 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/16 15:33:55.0459 4104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/03/16 15:33:55.0481 4104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/03/16 15:33:55.0523 4104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/16 15:33:55.0655 4104 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/03/16 15:33:55.0714 4104 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/16 15:33:55.0775 4104 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys 2011/03/16 15:33:55.0877 4104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/16 15:33:55.0949 4104 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys 2011/03/16 15:33:55.0986 4104 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/03/16 15:33:56.0099 4104 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/03/16 15:33:56.0129 4104 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/03/16 15:33:56.0163 4104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/03/16 15:33:56.0203 4104 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/03/16 15:33:56.0321 4104 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/03/16 15:33:56.0371 4104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/03/16 15:33:56.0408 4104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/16 15:33:56.0517 4104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/16 15:33:56.0560 4104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/16 15:33:56.0594 4104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/03/16 15:33:56.0653 4104 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/03/16 15:33:56.0756 4104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/16 15:33:56.0795 4104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/03/16 15:33:56.0839 4104 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/03/16 15:33:56.0905 4104 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/16 15:33:57.0018 4104 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/16 15:33:57.0046 4104 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/16 15:33:57.0116 4104 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/03/16 15:33:57.0203 4104 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/03/16 15:33:57.0228 4104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/03/16 15:33:57.0259 4104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/03/16 15:33:57.0294 4104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/16 15:33:57.0363 4104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/16 15:33:57.0403 4104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/03/16 15:33:57.0450 4104 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/03/16 15:33:57.0478 4104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/16 15:33:57.0578 4104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/03/16 15:33:57.0622 4104 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/03/16 15:33:57.0682 4104 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/16 15:33:57.0791 4104 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/03/16 15:33:57.0837 4104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/16 15:33:57.0865 4104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/16 15:33:58.0041 4104 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/16 15:33:58.0166 4104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/03/16 15:33:58.0252 4104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/16 15:33:58.0314 4104 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/16 15:33:58.0465 4104 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/03/16 15:33:58.0683 4104 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/03/16 15:33:58.0829 4104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/03/16 15:33:58.0901 4104 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/03/16 15:33:58.0931 4104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/16 15:33:59.0053 4104 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/03/16 15:33:59.0165 4104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/03/16 15:33:59.0187 4104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/03/16 15:33:59.0216 4104 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/03/16 15:33:59.0246 4104 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/03/16 15:33:59.0354 4104 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/03/16 15:33:59.0451 4104 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/16 15:33:59.0505 4104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/03/16 15:33:59.0613 4104 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/03/16 15:33:59.0666 4104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/03/16 15:33:59.0729 4104 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/03/16 15:33:59.0832 4104 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/03/16 15:33:59.0865 4104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/03/16 15:33:59.0915 4104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/03/16 15:34:00.0098 4104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/16 15:34:00.0133 4104 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/03/16 15:34:00.0186 4104 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys 2011/03/16 15:34:00.0292 4104 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/16 15:34:00.0348 4104 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/03/16 15:34:00.0485 4104 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/03/16 15:34:00.0609 4104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/03/16 15:34:00.0646 4104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/16 15:34:00.0682 4104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/16 15:34:00.0725 4104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/16 15:34:00.0851 4104 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/16 15:34:00.0882 4104 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/16 15:34:00.0937 4104 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/16 15:34:01.0046 4104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/16 15:34:01.0124 4104 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/03/16 15:34:01.0157 4104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/16 15:34:01.0218 4104 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/03/16 15:34:01.0364 4104 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/03/16 15:34:01.0420 4104 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/03/16 15:34:01.0452 4104 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/03/16 15:34:01.0487 4104 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/03/16 15:34:01.0616 4104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/16 15:34:01.0688 4104 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/03/16 15:34:01.0787 4104 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2011/03/16 15:34:01.0819 4104 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2011/03/16 15:34:01.0872 4104 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2011/03/16 15:34:01.0983 4104 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2011/03/16 15:34:02.0037 4104 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2011/03/16 15:34:02.0147 4104 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2011/03/16 15:34:02.0204 4104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/03/16 15:34:02.0273 4104 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/03/16 15:34:02.0382 4104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/16 15:34:02.0440 4104 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2011/03/16 15:34:02.0472 4104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/03/16 15:34:02.0498 4104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/03/16 15:34:02.0593 4104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/03/16 15:34:02.0640 4104 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/03/16 15:34:02.0672 4104 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/03/16 15:34:02.0699 4104 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/03/16 15:34:02.0807 4104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/03/16 15:34:02.0842 4104 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/03/16 15:34:02.0874 4104 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/03/16 15:34:02.0912 4104 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/03/16 15:34:03.0028 4104 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/03/16 15:34:03.0076 4104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/03/16 15:34:03.0150 4104 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/03/16 15:34:03.0223 4104 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/16 15:34:03.0347 4104 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/16 15:34:03.0399 4104 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/03/16 15:34:03.0458 4104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/16 15:34:03.0561 4104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/03/16 15:34:03.0591 4104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/03/16 15:34:03.0615 4104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/03/16 15:34:03.0660 4104 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 2011/03/16 15:34:03.0817 4104 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/03/16 15:34:03.0962 4104 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/16 15:34:04.0086 4104 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/16 15:34:04.0132 4104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/03/16 15:34:04.0169 4104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/03/16 15:34:04.0222 4104 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/16 15:34:04.0346 4104 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/16 15:34:04.0411 4104 truecrypt (867d1d7c41e319268d4ef47f1f109199) C:\Windows\system32\drivers\truecrypt.sys 2011/03/16 15:34:04.0471 4104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/16 15:34:04.0588 4104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/03/16 15:34:04.0615 4104 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/16 15:34:04.0645 4104 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/03/16 15:34:04.0692 4104 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/16 15:34:04.0801 4104 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/03/16 15:34:04.0830 4104 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/03/16 15:34:04.0850 4104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/03/16 15:34:04.0878 4104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/03/16 15:34:04.0903 4104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/16 15:34:05.0053 4104 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/03/16 15:34:05.0092 4104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/16 15:34:05.0135 4104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/03/16 15:34:05.0252 4104 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/16 15:34:05.0311 4104 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/16 15:34:05.0358 4104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/03/16 15:34:05.0465 4104 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/16 15:34:05.0522 4104 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/03/16 15:34:05.0586 4104 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/16 15:34:05.0690 4104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/16 15:34:05.0741 4104 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/03/16 15:34:05.0867 4104 VClone (cefaa7d630b653be5f831da1f49780c5) C:\Windows\system32\DRIVERS\VClone.sys 2011/03/16 15:34:05.0917 4104 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/16 15:34:05.0940 4104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/03/16 15:34:06.0045 4104 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/03/16 15:34:06.0076 4104 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/03/16 15:34:06.0110 4104 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/03/16 15:34:06.0228 4104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/03/16 15:34:06.0274 4104 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/03/16 15:34:06.0395 4104 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/03/16 15:34:06.0446 4104 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/03/16 15:34:06.0491 4104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/03/16 15:34:06.0515 4104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/16 15:34:06.0532 4104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/16 15:34:06.0645 4104 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/03/16 15:34:06.0690 4104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/16 15:34:06.0861 4104 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/03/16 15:34:06.0965 4104 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/03/16 15:34:07.0066 4104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/16 15:34:07.0158 4104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/16 15:34:07.0254 4104 ================================================================================ 2011/03/16 15:34:07.0254 4104 Scan finished 2011/03/16 15:34:07.0254 4104 ================================================================================ |
|
16.03.2011, 16:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 19:55
| #11 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe So, also das erste Programm is ziemlich zum Ende hin ein zweites mal abgestürzt, ich post jetzt einfach mal das, was bis da hin angezeigt wurde: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-16 19:31:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 HITACHI_HTS542525K9SA00 rev.BBFZC3HP
Running: fxjv8fb8.exe; Driver: C:\Users\LTTA~1\AppData\Local\Temp\uwlcapow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 51216
Process VideoAccelerato (*** hidden *** ) 55624
Process hidden process (*** hidden *** ) 57740
Process VideoAccelerato (*** hidden *** ) 59448
Process VideoAccelerato (*** hidden *** ) 59488
Process hidden process (*** hidden *** ) 59516
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e6cb71
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1e6cb71 (not active ControlSet)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
---- EOF - GMER 1.0.15 ----
Das andere Programm lass ich gleich noch laufen. |
|
16.03.2011, 20:09
| #12 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Hier OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:07:34 on 16.03.2011 OS: Windows Vista Ultimate Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\LTTA~1\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "uwlcapow" (uwlcapow) - ? - C:\Users\LTTA~1\AppData\Local\Temp\uwlcapow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7070D8E0-650A-46b3-B03C-9497582E6A74} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes.exe /AddRegistration {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes2.exe /AddRegistration -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} "JuniperSetupControlXP Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetup.ocx / https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm "Buyertools Reminder" - ? - C:\Program Files\Buyertools Reminder\ReminderIE.exe (File found, but it contains no detailed information) {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (File found, but it contains no detailed information) {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Lätta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Google Update" - "Google Inc." - "C:\Users\Lätta\AppData\Local\Google\Update\GoogleUpdate.exe" /c "googletalk" - "Google" - "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "FingerPrintSoftware" - "Authentec,Inc" - "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe "PMHandler" - "Lenovo" - C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TPFNF7" - "Lenovo Group Limited" - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r "TPWAUDAP" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Fn+F5 Service" (FNF5SVC) - "Lenovo." - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe "getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe "Google Update Service (gupdate1c9e87644512c99)" (gupdate1c9e87644512c99) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Juniper Unified Network Service" (JuniperAccessService) - "Juniper Networks" - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "PMSveH" (PMSveH) - "Lenovo" - C:\Program Files\Lenovo\PM Driver\PMSveH.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "VideoAcceleratorService" (VideoAcceleratorService) - "Speedbit Ltd." - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "MacSourcery" - C:\Windows\ZIGGYS~1.SCR [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
16.03.2011, 20:12
| #13 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Ultimate Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 0769AH9 Logical Drives Mask: 0x0000001c Kernel Drivers (total 167): 0x8244E000 \SystemRoot\system32\ntoskrnl.exe 0x8241B000 \SystemRoot\system32\hal.dll 0x82C0B000 \SystemRoot\system32\kdcom.dll 0x82C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x82C82000 \SystemRoot\system32\PSHED.dll 0x82C93000 \SystemRoot\system32\BOOTVID.dll 0x82C9B000 \SystemRoot\system32\CLFS.SYS 0x82CDC000 \SystemRoot\system32\CI.dll 0x82DBC000 \SystemRoot\system32\drivers\Wdf01000.sys 0x82E38000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x82E45000 \SystemRoot\system32\drivers\acpi.sys 0x82E8B000 \SystemRoot\system32\drivers\WMILIB.SYS 0x82E94000 \SystemRoot\system32\drivers\msisadrv.sys 0x82E9C000 \SystemRoot\system32\drivers\pci.sys 0x82EC3000 \SystemRoot\system32\DRIVERS\LPCFilter.sys 0x82ECD000 \SystemRoot\System32\drivers\partmgr.sys 0x82EDC000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x82EDF000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82EE9000 \SystemRoot\system32\drivers\volmgr.sys 0x82EF8000 \SystemRoot\System32\drivers\volmgrx.sys 0x82F42000 \SystemRoot\system32\drivers\intelide.sys 0x82F49000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x82F57000 \SystemRoot\System32\drivers\mountmgr.sys 0x82F67000 \SystemRoot\system32\drivers\atapi.sys 0x82F6F000 \SystemRoot\system32\drivers\ataport.SYS 0x82F8D000 \SystemRoot\system32\drivers\msahci.sys 0x82F97000 \SystemRoot\system32\drivers\fltmgr.sys 0x82FC9000 \SystemRoot\system32\drivers\fileinfo.sys 0x82FD9000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8A800000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A871000 \SystemRoot\system32\drivers\ndis.sys 0x8A97C000 \SystemRoot\system32\drivers\msrpc.sys 0x8A9A7000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A9E2000 \SystemRoot\System32\drivers\tcpip.sys 0x8AACC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AAE7000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AC07000 \SystemRoot\system32\drivers\volsnap.sys 0x8AC40000 \SystemRoot\System32\Drivers\spldr.sys 0x8AC48000 \SystemRoot\System32\Drivers\mup.sys 0x8AC57000 \SystemRoot\System32\drivers\ecache.sys 0x8AC7E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8ACA2000 \SystemRoot\system32\drivers\disk.sys 0x8ACB3000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8ACD4000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AD10000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AD1B000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8AD24000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8AD33000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8F002000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8F6BD000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F75D000 \SystemRoot\System32\drivers\watchdog.sys 0x8F769000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8F774000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F7B2000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8AD3C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8ADC9000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x8F7C1000 \SystemRoot\system32\DRIVERS\b57nd60x.sys 0x8F7F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x82FE2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FC04000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8FC1E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x8FC2D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x8FC41000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8FC92000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8FC96000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8FCA9000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8FCB4000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8FCDF000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8FCE1000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FCEC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FD04000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0x8FD0A000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x8FD29000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8FD58000 \SystemRoot\system32\DRIVERS\storport.sys 0x8FD99000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8FDA4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8FDBB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FDC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FDE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FDF8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FE0C000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FE21000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x8FEAA000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FEBA000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x8FEC0000 \SystemRoot\system32\DRIVERS\psadd.sys 0x8FEC6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FEC8000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FEF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FEFC000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FF09000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FF3E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90008000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x901B5000 \SystemRoot\system32\drivers\portcls.sys 0x901E2000 \SystemRoot\system32\drivers\drmk.sys 0x90207000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x90323000 \SystemRoot\system32\drivers\modem.sys 0x90330000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90339000 \SystemRoot\System32\Drivers\Null.SYS 0x90340000 \SystemRoot\System32\Drivers\Beep.SYS 0x90350000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90357000 \SystemRoot\System32\drivers\vga.sys 0x90363000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90384000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9038C000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90394000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9039F000 \SystemRoot\System32\Drivers\Npfs.SYS 0x903AD000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x903B6000 \SystemRoot\system32\DRIVERS\tdx.sys 0x903CC000 \SystemRoot\system32\DRIVERS\smb.sys 0x8FF4F000 \SystemRoot\system32\drivers\afd.sys 0x8FF97000 \SystemRoot\System32\DRIVERS\netbt.sys 0x903E0000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FFC9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FFD7000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9040F000 \SystemRoot\System32\drivers\truecrypt.sys 0x90447000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x9044D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90489000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90493000 \SystemRoot\system32\DRIVERS\smiif32.sys 0x90495000 \SystemRoot\system32\drivers\csc.sys 0x904F0000 \SystemRoot\System32\Drivers\dfsc.sys 0x9052D000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys 0x90550000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x90567000 \SystemRoot\System32\Drivers\usbvideo.sys 0x90588000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90595000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x905A0000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x905AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x98430000 \SystemRoot\System32\win32k.sys 0x90648000 \SystemRoot\System32\drivers\Dxapi.sys 0x90795000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98650000 \SystemRoot\System32\TSDDD.dll 0x98670000 \SystemRoot\System32\cdd.dll 0x907A4000 \SystemRoot\system32\drivers\luafv.sys 0xAA40D000 \SystemRoot\system32\drivers\spsys.sys 0xAA4BD000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xAA4CD000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xAA4F7000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAA501000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xAA514000 \SystemRoot\system32\drivers\HTTP.sys 0xAA581000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAA59E000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAA5B7000 \SystemRoot\System32\drivers\mpsdrv.sys 0xAA5CC000 \SystemRoot\system32\drivers\mrxdav.sys 0xAA5ED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAA60C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAA645000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAA65D000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAA685000 \SystemRoot\System32\DRIVERS\srv.sys 0xAA6EB000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xAD00A000 \SystemRoot\system32\drivers\peauth.sys 0xAD0E8000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAD0F2000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAD0FE000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAD114000 \??\C:\Users\LTTA~1\AppData\Local\Temp\uwlcapow.sys 0xAD2FC000 \SystemRoot\System32\Drivers\BTHUSB.sys 0xAD309000 \SystemRoot\System32\Drivers\bthport.sys 0xAD389000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0xAD3B2000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0xAD3BC000 \SystemRoot\system32\DRIVERS\bthpan.sys 0xAD12C000 \SystemRoot\system32\drivers\btwavdt.sys 0xAD193000 \SystemRoot\system32\drivers\btwaudio.sys 0xAD20F000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0xAD212000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAD222000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xAD248000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x76F20000 \Windows\System32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 524 C:\Windows\System32\smss.exe 664 csrss.exe 716 C:\Windows\System32\wininit.exe 724 csrss.exe 760 C:\Windows\System32\services.exe 772 C:\Windows\System32\lsass.exe 784 C:\Windows\System32\lsm.exe 900 C:\Windows\System32\winlogon.exe 988 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\svchost.exe 1228 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\svchost.exe 1364 C:\Windows\System32\audiodg.exe 1392 C:\Windows\System32\svchost.exe 1432 C:\Windows\System32\SLsvc.exe 1468 C:\Windows\System32\svchost.exe 1636 C:\Windows\System32\svchost.exe 1968 C:\Windows\System32\spoolsv.exe 2004 C:\Windows\System32\svchost.exe 656 C:\Windows\System32\agrsmsvc.exe 712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 876 C:\Program Files\Bonjour\mDNSResponder.exe 1120 C:\Windows\System32\svchost.exe 1356 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 1700 C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe 2012 C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe 1564 C:\Program Files\CDBurnerXP\NMSAccessU.exe 2064 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe 2168 C:\Program Files\Lenovo\PM Driver\PMSveH.exe 2184 C:\Windows\System32\svchost.exe 2216 C:\Windows\System32\svchost.exe 2268 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 2292 C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe 2368 C:\Windows\System32\svchost.exe 2400 C:\Windows\System32\SearchIndexer.exe 2744 C:\Windows\System32\taskeng.exe 3632 C:\Windows\System32\taskeng.exe 3684 C:\Windows\System32\dwm.exe 3720 C:\Windows\explorer.exe 956 C:\Windows\RtHDVCpl.exe 1796 C:\Program Files\Lenovo\PM Driver\PMHandler.exe 2120 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3548 C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe 1984 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe 4108 C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE 4216 C:\Windows\System32\igfxtray.exe 4240 C:\Windows\System32\hkcmd.exe 4348 C:\Windows\System32\igfxpers.exe 4792 C:\Program Files\iTunes\iTunesHelper.exe 4800 C:\Program Files\Windows Media Player\wmpnscfg.exe 4808 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4844 C:\Program Files\Windows Sidebar\sidebar.exe 4880 C:\Windows\System32\igfxsrvc.exe 4912 C:\Program Files\Windows Media Player\wmpnetwk.exe 5068 C:\Users\Lätta\AppData\Local\Google\Update\GoogleUpdate.exe 5328 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe 5728 C:\Windows\System32\svchost.exe 3736 C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe 5204 C:\Program Files\iPod\bin\iPodService.exe 247824 C:\Program Files\Windows Defender\MSASCui.exe 431484 C:\Program Files\Mozilla Firefox\firefox.exe 430620 C:\Program Files\Mozilla Firefox\plugin-container.exe 430712 C:\Users\Lätta\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe 451600 C:\Program Files\Avira\AntiVir Desktop\sched.exe 452108 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 452188 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 451188 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 485668 C:\Users\Lätta\Desktop\MBRCheck.exe 469256 C:\Windows\System32\conime.exe 486544 <unknown> \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`cac00000 (NTFS) PhysicalDrive0 Model Number: HITACHIHTS542525K9SA00, Rev: BBFZC3HP Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
16.03.2011, 20:18
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 00:14
| #15 |
| | TR/EyeStye.H.163 in C:\moonxxxxxx.exe Hier schon mal das Log von SuperAntiSpyware: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/17/2011 at 00:05 AM Application Version : 4.49.1000 Core Rules Database Version : 6609 Trace Rules Database Version: 4421 Scan type : Complete Scan Total Scan Time : 03:07:53 Memory items scanned : 714 Memory threats detected : 0 Registry items scanned : 8026 Registry threats detected : 0 File items scanned : 232375 File threats detected : 6 Trojan.Agent/Gen-Bancos C:\PROGRAM FILES\BUYERTOOLS REMINDER\IEBUTTONEBAYINTERFACE.DLL C:\WINDOWS.OLD\PROGRAM FILES\BUYERTOOLS REMINDER\IEBUTTONEBAYINTERFACE.DLL Trojan.Agent/Gen-FakeAV C:\PROGRAM FILES\WINRAR\DEFAULT.SFX Adware.Tracking Cookie s0.2mdn.net [ C:\Users\Lätta\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SUGYG4YL ] Trojan.Agent/Gen-Frauder C:\WINDOWS\SETUP\SCRIPTS\BIESTART.EXE Trojan.Agent/Gen-OnlineGames[Wilao] C:\WINDOWS\SETUP\SCRIPTS\START.EXE |
|
| Themen zu TR/EyeStye.H.163 in C:\moonxxxxxx.exe |
| antivir, audiograbber, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, canon, cdburnerxp, desktop, error, firefox, flash player, free download, google, helper, install.exe, langs, lenovo, location, logfile, masterpasswort, mozilla, mp3, neu aufsetzen, object, oldtimer, picasa, plug-in, programdata, realtek, recycle.bin, registry, saver, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, start menu, svchost.exe, system, system neu, system neu aufsetzen, tr/eyestye.h.163, trojan.spyeyes, trojaner, usb, virus, vista |
Linear-Darstellung
