| |
| |||||||
Log-Analyse und Auswertung: Mehrere Trojaner und Sonstiges im RecyclerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2011, 20:09
| #1 |
| |  Mehrere Trojaner und Sonstiges im Recycler Hallo zusammen, hab heute ne supertolle Trojaner&Co-Kombi in meinen Recyclern gehabt - konnte alle mit Avira löschen. Danach erneuter Scan mit Avira und MBAM - kein Fund. Aber irgendwie ist mir noch ziemlich unwohl - kann sich bitte einer mal meine Logs ansehen? OTL: Code:
ATTFilter OTL logfile created on: 25.03.2011 19:32:12 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 19,68 Gb Free Space | 25,23% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 129,34 Gb Free Space | 66,22% Space Free | Partition Type: NTFS Drive E: | 192,31 Gb Total Space | 90,18 Gb Free Space | 46,89% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Program Files (x86)\East-Tec Eraser 2010\etRiskMon.exe (EAST Technologies) PRC - C:\Program Files (x86)\Winamp\winampa.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.) DRV:64bit: - (UGURU) -- C:\Windows\SysNative\drivers\uGuru.sys (ABIT) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 9C 01 94 1A C5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010.03.16 15:56:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 00:18:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 08:30:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.05 19:36:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.02.23 19:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.02.23 19:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.01.19 10:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com [2011.03.25 09:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions [2011.01.26 11:36:05 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.04.05 22:38:05 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.03.23 07:53:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.03.23 07:53:18 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2010.10.05 14:59:13 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65} [2009.10.31 18:58:34 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9} [2011.03.11 08:59:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.11.18 12:56:03 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.03.18 09:58:44 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} [2011.03.23 07:53:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.26 11:36:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.01.26 11:36:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.03 15:15:31 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2011.03.14 15:58:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2011.01.30 03:35:38 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2011.03.03 15:15:37 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0elrfldo.default\extensions\firebug@software.joehewitt.com [2011.03.07 14:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.05.18 06:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.27 08:23:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 08:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.06 17:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 14:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.13 22:15:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.13 22:15:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.13 22:15:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.13 22:15:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.13 22:15:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKCU..\Run: [ABIT uGuruIII] C:\Program Files (x86)\U-ABIT\uGuru\uGuru.exe (abit Computer Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Eraser RiskMonitor] C:\Program Files (x86)\East-Tec Eraser 2010\Launch.exe () O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell - "" = AutoRun O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell\readit\command - "" = notepad readme.doc O33 - MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\Shell - "" = AutoRun O33 - MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\Shell\AutoRun\command - "" = F:\start.exe O33 - MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\Shell - "" = AutoRun O33 - MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\Shell - "" = AutoRun O33 - MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell - "" = AutoRun O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell\readit\command - "" = notepad readme.doc O33 - MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\Shell - "" = AutoRun O33 - MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\Shell - "" = AutoRun O33 - MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\Shell - "" = AutoRun O33 - MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\Shell - "" = AutoRun O33 - MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\Shell - "" = AutoRun O33 - MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 180 Days ========== [2011.03.25 11:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.03.25 11:39:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2011.03.25 11:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.03.25 11:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\SUPERAntiSpyware [2011.03.25 11:38:55 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.03.25 09:55:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.25 08:30:25 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2011.03.18 19:22:46 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2011.03.18 19:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PC Inspector File Recovery [2011.03.18 19:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2011.03.16 19:48:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.03.16 19:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.03.15 08:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Office [2011.03.15 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync [2011.03.15 08:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.03.15 08:45:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.03.09 09:27:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.09 09:27:41 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.09 09:27:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.03.09 09:27:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.03.09 09:27:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.03.09 09:27:40 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.09 09:27:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.03.09 09:27:39 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.09 09:27:39 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.09 09:27:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.09 09:27:39 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.09 09:27:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.09 09:27:37 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.09 09:27:37 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.09 09:27:37 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.09 09:27:37 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.07 14:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.07 14:32:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.03.07 14:32:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.03.07 14:32:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.03.05 12:17:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2011.03.05 12:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN [2011.03.03 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Jumping Bytes [2011.03.03 10:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PureSync [2011.03.03 10:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2011.03.03 10:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2011.03.01 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL [2011.03.01 00:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PokerTracker 3 [2011.02.28 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Luxology [2011.02.28 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAXON [2011.02.26 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\100NIKON [2011.02.23 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.02.23 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2011.02.23 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2011.02.23 08:00:41 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 08:00:41 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 08:00:41 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 08:00:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.19 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\dd 19.02.2011 [2011.02.16 21:16:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo [2011.02.16 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2011.02.16 21:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Zattoo4 [2011.02.16 21:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4 [2011.02.13 18:07:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\BlastFM.ch - dub it up - by smartdynamic.ch [2011.02.10 07:52:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.10 07:52:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.10 07:52:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.10 07:52:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.10 07:52:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.10 07:52:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.10 07:52:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.10 07:52:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.10 07:52:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.10 07:52:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.10 07:52:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.10 07:52:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.10 07:52:32 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.10 07:52:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.10 07:52:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.10 07:52:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.10 07:52:30 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.10 07:52:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.10 07:52:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.10 07:52:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.10 07:52:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.10 07:52:27 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.10 07:52:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.10 07:52:25 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.10 07:52:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.10 07:52:25 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.10 07:52:23 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.10 07:52:23 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.10 07:52:23 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.10 07:52:22 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.10 07:52:22 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.10 07:52:21 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.10 07:52:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.10 07:52:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.04 12:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\yWorks [2011.01.18 12:20:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\XMLmind [2011.01.18 12:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\XMLmind XML Editor [2011.01.18 12:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMLmind_XML_Editor [2011.01.12 09:20:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 09:20:37 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 09:20:36 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 09:20:36 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 09:20:36 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 09:20:35 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 09:20:35 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 09:20:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 09:20:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 09:20:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 09:20:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 09:20:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 09:20:35 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 09:20:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 09:20:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 09:20:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 09:20:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.01.12 09:20:31 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 09:20:31 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.06 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IETester [2011.01.06 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Core Services [2011.01.06 13:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2011.01.06 13:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2011.01.06 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2011.01.06 13:27:28 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2011.01.06 13:27:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.01.06 13:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Logitech [2011.01.06 13:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2011.01.06 13:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2011.01.06 13:26:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd [2011.01.06 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logitech [2011.01.06 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logishrd [2011.01.05 19:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Rechnungsverwaltung [2011.01.05 19:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Olympsoft [2011.01.05 19:35:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.01.04 17:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Skype [2011.01.04 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.16 13:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner [2010.12.16 13:28:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.15 11:45:53 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:45:53 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:45:53 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:45:53 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:45:53 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:45:53 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:45:53 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:45:53 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:45:43 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:45:43 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:45:43 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:45:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:45:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.14 13:00:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Frameworkx.com [2010.12.14 12:57:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frameworkx [2010.12.14 12:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frameworkx [2010.12.10 13:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.12.10 13:35:22 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.12.09 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2010.12.08 12:43:26 | 000,000,000 | ---D | C] -- C:\Downloads [2010.12.08 03:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Active@ UNERASER Demo [2010.12.08 03:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Active Data Recovery Software [2010.12.07 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2010.12.06 10:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PuTTY [2010.12.06 10:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PuTTY [2010.11.25 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TikGames [2010.11.25 19:44:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Zylom [2010.11.25 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zylom Games [2010.11.25 19:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx [2010.11.18 23:06:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010.11.18 23:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.11.10 20:27:13 | 000,000,000 | ---D | C] -- C:\CadiaFakturaFreeware [2010.11.10 19:58:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ProSaldo [2010.11.10 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ProSaldo [2010.11.03 21:50:28 | 001,580,368 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL [2010.10.30 15:52:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2010.10.28 10:43:22 | 000,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.10.28 10:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010.10.28 10:43:19 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.10.28 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2010.10.27 12:13:26 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.10.27 12:13:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.10.27 12:13:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.10.27 12:13:20 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010.10.20 16:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\AV Bros. Page Curl Pro 2.0 [2010.10.19 13:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal SQL Editor [2010.10.19 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Database Viewer-Editor [2010.10.19 13:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Visual Studio 2008 [2010.10.18 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Moyea [2010.10.18 19:59:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Leawo [2010.10.18 19:59:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leawo [2010.10.18 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\K-Lite Codec Pack [2010.10.18 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2010.10.18 19:58:48 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll [2010.10.18 19:58:48 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax [2010.10.18 19:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Moyea [2010.10.18 19:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2010.10.18 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2010.10.18 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Riva [2010.10.18 19:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Riva [2010.10.14 19:46:58 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.14 19:46:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.14 19:46:57 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.14 19:46:50 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.14 19:46:44 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.14 19:46:42 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.14 19:46:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.14 19:46:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.14 19:46:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.14 19:46:12 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.14 19:46:11 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.14 19:46:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.14 19:46:09 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.14 19:45:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.14 10:03:42 | 000,000,000 | ---D | C] -- C:\_AcroTemp [2010.10.08 14:11:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM [2010.10.08 14:07:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2010.10.08 14:07:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.10.08 14:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.10.05 19:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2010.10.05 19:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Active@ ISO Burner ========== Files - Modified Within 180 Days ========== [2011.03.25 19:23:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000UA.job [2011.03.25 17:12:32 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.25 17:12:32 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.25 17:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.25 17:05:00 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.03.25 14:39:39 | 000,249,477 | ---- | M] () -- C:\Users\***\Desktop\anleitung_web.pdf [2011.03.25 14:37:36 | 003,466,217 | ---- | M] () -- C:\Users\***\Desktop\anleitung.pdf [2011.03.25 12:23:03 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000Core.job [2011.03.25 11:44:33 | 001,612,698 | ---- | M] () -- C:\Users\***\Desktop\ts.pdf [2011.03.25 11:38:57 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.25 09:13:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.03.25 08:26:33 | 003,596,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.03.24 15:14:34 | 001,492,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.24 15:14:34 | 000,653,648 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.24 15:14:34 | 000,614,500 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.24 15:14:34 | 000,129,448 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.24 15:14:34 | 000,105,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.18 19:22:47 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.03.18 19:19:04 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2011.03.16 19:48:53 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.15 08:46:06 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI [2011.03.14 12:58:59 | 000,019,456 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.03.01 00:01:15 | 000,004,997 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf [2011.02.28 12:54:08 | 000,000,541 | ---- | M] () -- C:\Users\***\.lmmsrc.xml [2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.02.16 21:16:24 | 000,001,828 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk [2011.02.11 18:10:30 | 000,000,920 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2011.02.02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.02.02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.02.02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.02.02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.12 11:33:49 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2011.01.07 09:07:24 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.07 09:07:24 | 000,475,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.07 09:06:50 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.01.07 08:31:10 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.07 08:31:10 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.07 08:27:11 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.01.07 06:49:20 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.01.07 06:33:11 | 000,294,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.01.05 19:36:13 | 000,001,131 | ---- | M] () -- C:\Users\***\Desktop\Rechnungsverwaltung.lnk [2011.01.05 11:55:24 | 000,868,123 | ---- | M] () -- C:\Users\***\Desktop\microsite-doku.pdf [2011.01.05 07:20:30 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.01.05 07:16:55 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.01.05 06:34:32 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.12.23 07:07:50 | 001,118,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2010.12.23 07:07:49 | 000,961,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.12.23 07:07:49 | 000,723,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2010.12.23 07:02:33 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.12.23 06:28:29 | 000,850,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2010.12.23 06:28:28 | 000,642,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.12.23 06:28:28 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2010.12.23 06:24:02 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.12.21 07:16:27 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2010.12.21 07:16:16 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2010.12.21 07:15:55 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2010.12.21 07:15:31 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2010.12.21 07:10:22 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2010.12.21 06:38:24 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2010.12.21 06:38:19 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2010.12.21 06:38:16 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2010.12.21 06:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 07:12:28 | 003,138,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2010.12.18 07:12:18 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.18 07:12:14 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.18 07:11:41 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.18 07:11:16 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.18 07:08:15 | 001,097,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2010.12.18 07:08:11 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.18 06:30:20 | 002,690,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2010.12.18 06:30:10 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.18 06:30:07 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.18 06:29:40 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.18 06:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.18 06:26:55 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2010.12.18 06:26:52 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.18 05:55:03 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.18 05:20:55 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.16 13:28:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.14 12:57:53 | 000,003,095 | ---- | M] () -- C:\Users\***\Desktop\Shortcut Manager.lnk [2010.12.14 12:39:45 | 000,001,484 | ---- | M] () -- C:\Users\***\Desktop\Downs.lnk [2010.12.09 12:05:41 | 000,000,808 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2010.12.09 11:17:27 | 000,000,637 | ---- | M] () -- C:\Users\***\Desktop\Work.lnk [2010.12.09 01:22:30 | 000,000,466 | ---- | M] () -- C:\Users\***\Desktop\Zeug.lnk [2010.12.09 01:22:27 | 000,000,466 | ---- | M] () -- C:\Users\***\Desktop\Data.lnk [2010.12.09 00:29:00 | 000,001,062 | ---- | M] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk [2010.12.06 11:12:47 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2010.11.25 19:36:26 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat [2010.11.22 12:51:16 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.11.04 07:31:15 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.11.04 06:48:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.11.03 21:50:28 | 001,580,368 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL [2010.11.02 06:18:59 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2010.11.02 06:18:17 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.11.02 06:17:38 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.11.02 06:17:38 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.11.02 06:12:08 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2010.11.02 06:12:07 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2010.11.02 06:12:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2010.11.02 06:10:47 | 000,464,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.11.02 06:10:32 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.11.02 05:41:36 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2010.11.02 05:40:36 | 000,496,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.11.02 05:40:36 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.11.02 05:35:35 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2010.11.02 05:35:34 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2010.11.02 05:35:34 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2010.11.02 05:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.10.30 14:28:57 | 001,003,520 | ---- | M] () -- C:\Users\***\AppData\Local\filesync.metadata [2010.10.29 07:58:47 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.10.27 06:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.10.27 06:16:01 | 001,739,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.10.27 05:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.10.27 05:43:37 | 003,957,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.10.19 14:00:06 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2010.10.19 14:00:05 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2010.10.18 19:58:48 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Moyea Video4Web Converter.lnk [2010.10.16 06:23:13 | 000,112,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.10.16 06:19:41 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.10.16 06:17:44 | 000,720,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2010.10.16 05:36:10 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.10.16 05:34:37 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2010.10.08 14:11:02 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.10.05 19:44:45 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.09.29 11:55:05 | 000,346,890 | ---- | M] () -- C:\Users\***\Documents\backup-2010-09-28_11-30-38.sql ========== Files Created - No Company Name ========== [2011.03.25 11:38:57 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.18 19:22:47 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.03.18 19:19:05 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD [2011.03.18 19:19:04 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2011.03.16 19:48:53 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.01 14:55:58 | 000,001,598 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online Poker Bot.lnk [2011.03.01 00:01:15 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.02.28 12:54:08 | 000,000,541 | ---- | C] () -- C:\Users\***\.lmmsrc.xml [2011.02.16 21:16:27 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.02.16 21:16:24 | 000,001,828 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk [2011.02.11 18:10:32 | 000,000,920 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk [2011.02.03 20:49:43 | 000,001,801 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.01.05 19:36:13 | 000,001,131 | ---- | C] () -- C:\Users\***\Desktop\Rechnungsverwaltung.lnk [2011.01.05 11:55:12 | 000,868,123 | ---- | C] () -- C:\Users\***\Desktop\microsite-doku.pdf [2010.12.16 13:28:51 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.14 12:57:53 | 000,003,095 | ---- | C] () -- C:\Users\***\Desktop\Shortcut Manager.lnk [2010.12.14 12:38:56 | 000,001,484 | ---- | C] () -- C:\Users\***\Desktop\Downs.lnk [2010.12.09 11:17:29 | 000,000,637 | ---- | C] () -- C:\Users\***\Desktop\Work.lnk [2010.12.09 01:22:30 | 000,000,466 | ---- | C] () -- C:\Users\***\Desktop\Zeug.lnk [2010.12.09 01:22:27 | 000,000,466 | ---- | C] () -- C:\Users\***\Desktop\Data.lnk [2010.12.06 10:07:23 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2010.11.25 19:36:26 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2010.10.18 19:59:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.10.18 19:58:48 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Moyea Video4Web Converter.lnk [2010.10.08 14:11:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.03 15:00:16 | 001,591,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.03.28 14:11:04 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.03.16 03:13:42 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.02.13 10:22:18 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msnscmoad.dll [2010.01.19 14:23:34 | 001,003,520 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata [2010.01.01 20:36:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010.01.01 20:36:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010.01.01 20:36:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2009.10.28 19:35:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.28 19:35:08 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT [2009.10.28 19:28:25 | 000,000,808 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.10.28 19:28:25 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.10.28 19:22:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2009.10.28 19:22:38 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2009.10.28 19:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.10.28 19:22:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.10.28 19:22:33 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2009.10.27 18:34:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.11.30 15:35:37 | 000,009,849 | ---- | C] () -- C:\Windows\SysWow64\mswsnmoae.dll [2005.07.12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2004.03.23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2003.03.14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071 @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:C97C8631 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:ECF54A0E < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.03.2011 19:32:12 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 19,68 Gb Free Space | 25,23% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 129,34 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
Drive E: | 192,31 Gb Total Space | 90,18 Gb Free Space | 46,89% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.20
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DDB66EE-7EDB-83A6-669E-DA98666DE200}" = Fireworks-AutoBackup
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C571B2-2451-5B3C-726A-9EE6960B1586}" = emCalculator
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = MFC-7840W
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" = Moyea Video4Web Converter Version 3.0.0.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCE0D148-D6FD-4F2A-A631-748DC7727613}" = Universal SQL Editor 1.2.5
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB7D6F0D-B5BB-4E69-83BA-E238178C08A9}" = ODF Add-in für Microsoft Excel
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BAD936-F6FB-482F-9012-F3E089CA1F53}" = PureSync
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"Active@ UNERASER Demo" = Active@ UNERASER Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Box Shot 3D" = Box Shot 3D
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.webcreate.open.emCalculator.D332A7B670A68A217C34D45EFF4A55029236AF6A.1" = emCalculator
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"East-Tec Eraser 2010_is1" = East-Tec Eraser 2010 Version 9.9
"ElsterFormular 11.5.1.4843" = ElsterFormular
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fiddler2" = Fiddler2
"FileZilla Client" = FileZilla Client 3.2.4.1
"Fireworks-AutoBackup.5CF6F99B1CB29F052B0CE9E8F0A7D569474F8AC2.1" = Fireworks-AutoBackup
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HijackThis" = HijackThis 2.0.2
"Hugin_release_is1" = Hugin 2009.4.0
"IETester" = IETester v0.4.8 (remove only)
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"IsoBuster_is1" = IsoBuster 2.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Miranda IM" = Miranda IM 0.8.9
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Opera 11.01.1190" = Opera 11.01
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PureSync" = PureSync 2.8.5
"PuTTY_is1" = PuTTY version 0.60
"Rechnungsverwaltung_is1" = Rechnungsverwaltung 1.1.3
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Unlocker" = Unlocker 1.8.9
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"XMLmind XML Editor_is1" = XMLmind XML Editor Personal Edition 4.6.0 (2010-05-31)
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"yEd Graph Editor" = yEd Graph Editor
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.03.2011 03:24:16 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 24.03.2011 03:24:59 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 24.03.2011 03:25:04 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 25.03.2011 06:26:42 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.8328.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10bc Startzeit:
01cbead68775881e Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Berichts-ID:
58212c27-56ca-11e0-8a20-00508db62f41
Error - 25.03.2011 06:49:35 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.03.2011 06:49:35 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.03.2011 06:49:37 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.03.2011 08:21:25 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.03.2011 08:22:29 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.03.2011 08:22:36 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ System Events ]
Error - 25.03.2011 12:05:16 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 12:05:28 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 12:05:29 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:25:43 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:25:43 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:59:19 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:59:19 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:59:19 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:59:20 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.03.2011 13:59:22 | Computer Name = *** | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
|
|
26.03.2011, 21:26
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mehrere Trojaner und Sonstiges im RecyclerZitat:
__________________ |
|
27.03.2011, 11:01
| #3 |
| | Mehrere Trojaner und Sonstiges im Recycler MBAM:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6165
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25.03.2011 11:37:06
mbam-log-2011-03-25 (11-37-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 675304
Laufzeit: 1 Stunde(n), 15 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
Avira AntiVir Premium
Erstellungsdatum der Reportdatei: Samstag, 26. März 2011 14:03
Es wird nach 2533833 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : ***
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***
Versionsinformationen:
BUILD.DAT : 10.0.0.667 35932 Bytes 07.03.2011 11:55:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 08.12.2010 10:52:11
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:17
LUKE.DLL : 10.0.3.2 104296 Bytes 08.12.2010 10:52:11
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:57:42
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:11:49
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:47:45
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 15:47:45
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 15:47:45
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 15:47:45
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 15:47:45
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 15:47:45
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 15:47:45
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 15:47:45
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 15:47:45
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 15:47:45
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 15:47:45
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 13:18:41
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 11:37:58
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 15:04:20
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 19:04:26
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 18:59:51
VBASE018.VDF : 7.11.3.251 159232 Bytes 28.02.2011 17:33:10
VBASE019.VDF : 7.11.4.33 148992 Bytes 02.03.2011 19:43:09
VBASE020.VDF : 7.11.4.73 150016 Bytes 06.03.2011 16:23:23
VBASE021.VDF : 7.11.4.108 122880 Bytes 08.03.2011 09:59:12
VBASE022.VDF : 7.11.4.150 133120 Bytes 10.03.2011 15:19:34
VBASE023.VDF : 7.11.4.183 122368 Bytes 14.03.2011 09:36:13
VBASE024.VDF : 7.11.4.228 123392 Bytes 16.03.2011 18:01:36
VBASE025.VDF : 7.11.5.8 246272 Bytes 21.03.2011 14:58:38
VBASE026.VDF : 7.11.5.38 137216 Bytes 23.03.2011 12:48:09
VBASE027.VDF : 7.11.5.39 2048 Bytes 23.03.2011 12:48:09
VBASE028.VDF : 7.11.5.40 2048 Bytes 23.03.2011 12:48:09
VBASE029.VDF : 7.11.5.41 2048 Bytes 23.03.2011 12:48:09
VBASE030.VDF : 7.11.5.42 2048 Bytes 23.03.2011 12:48:09
VBASE031.VDF : 7.11.5.79 142848 Bytes 25.03.2011 18:05:15
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 04.08.2010 07:43:20
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 17.03.2011 13:46:39
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 11:51:15
AESBX.DLL : 8.1.3.2 254324 Bytes 22.11.2010 11:51:15
AERDL.DLL : 8.1.9.9 639347 Bytes 25.03.2011 11:26:48
AEPACK.DLL : 8.2.4.13 524662 Bytes 25.03.2011 11:26:48
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 25.03.2011 11:26:48
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 25.03.2011 11:26:47
AEHELP.DLL : 8.1.16.1 246134 Bytes 03.02.2011 23:16:58
AEGEN.DLL : 8.1.5.3 397684 Bytes 17.03.2011 13:46:38
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 11:51:11
AECORE.DLL : 8.1.19.2 196983 Bytes 20.01.2011 13:56:32
AEBB.DLL : 8.1.1.0 53618 Bytes 04.08.2010 07:43:16
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:56:59
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:56:55
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 02.11.2010 11:21:23
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08.12.2010 10:52:11
AVARKT.DLL : 10.0.22.6 231784 Bytes 08.12.2010 10:52:10
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:54:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:00:40
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:39:11
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:41:51
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 01.04.2010 11:57:40
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.11.2010 11:21:23
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Samstag, 26. März 2011 14:03
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\paths
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
c:\program files (x86)\east-tec eraser 2010\eteraser.exe
c:\program files (x86)\east-tec eraser 2010\eteraser.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\program files (x86)\east-tec eraser 2010\eteraser.exe
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'plugin-container.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'etRiskMon.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'UnlockerAssistant.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'brccMCtl.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PureSyncTray.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '716' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c640e19-26d97401
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.7
--> a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.7
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6944009f-143d460a
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.JH
--> plugin/adobe.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.JH
--> plugin/ping.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.AB
--> plugin/sportGame.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.JG
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-61483fc0
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Small.Z
--> vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Small.Z
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\45def130-2a95399e
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
--> vuln/Huvasi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\466be9b3-45538aef
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
--> vuln/Huvasi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2d1077b9-3731dcf5
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.43
--> bbox/Runner.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.43
Beginne mit der Suche in 'D:\' <D>
Beginne mit der Suche in 'E:\' <E>
Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2d1077b9-3731dcf5
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.43
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f0b5fa0.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\466be9b3-45538aef
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57e171d1.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\45def130-2a95399e
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.48
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '058c2b38.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-61483fc0
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Small.Z
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '63ba64ff.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6944009f-143d460a
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.JG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '260f49f8.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c640e19-26d97401
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.F.7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59167a73.qua' verschoben!
Ende des Suchlaufs: Samstag, 26. März 2011 15:39
Benötigte Zeit: 1:35:04 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
68714 Verzeichnisse wurden überprüft
1103772 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1103764 Dateien ohne Befall
23433 Archive wurden durchsucht
0 Warnungen
6 Hinweise
716406 Objekte wurden beim Rootkitscan durchsucht
5 Versteckte Objekte wurden gefunden
Code:
ATTFilter Exportierte Ereignisse:
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\45def130-2
a95399e'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0094.F.48'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '058c2b38.qua'
verschoben!
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\466be9b3-4
5538aef'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0094.F.48'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57e171d1.qua'
verschoben!
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2d1077b9-3
731dcf5'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0094.F.43'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f0b5fa0.qua'
verschoben!
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-6
1483fc0'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Small.Z' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '63ba64ff.qua'
verschoben!
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c640e19-2
6d97401'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0094.F.7'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59167a73.qua'
verschoben!
26.03.2011 15:39 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6944009f-1
43d460a'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Agent.JG' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '260f49f8.qua'
verschoben!
25.03.2011 13:44 [Scanner] Malware gefunden
Die Datei
'E:\$RECYCLE.BIN\S-1-5-21-681877900-919319930-2659170955-1000\$RVKI8JM.rar'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bdf2acc.qua'
verschoben!
25.03.2011 13:44 [Scanner] Malware gefunden
Die Datei
'E:\$RECYCLE.BIN\S-1-5-21-681877900-919319930-2659170955-1000\$RHY0KZ3.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '537e056b.qua'
verschoben!
25.03.2011 09:46 [Guard] Malware gefunden
In der Datei
'E:\$RECYCLE.BIN\S-1-5-21-681877900-919319930-2659170955-1000\$R75JXL2\tinymce\e
xamples\skins.html'
wurde ein Virus oder unerwünschtes Programm 'BDS/Pcclient.HP.56' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 09:27 [Guard] Malware gefunden
In der Datei
'E:\$RECYCLE.BIN\S-1-5-21-681877900-919319930-2659170955-1000\$R078GZL.3-full\mo
dules\ThemeManager\lang\ext\pl_PL.php'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.ahz.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 09:22 [Guard] Malware gefunden
In der Datei
'E:\$RECYCLE.BIN\S-1-5-21-681877900-919319930-2659170955-1000\$R078GZL.3-full\in
dex.php:a'
wurde ein Virus oder unerwünschtes Programm 'TR/Renos.abxa' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 09:04 [Guard] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-681877900-919319930-2659170955-1000\$RT8DMFO\installat
ion_old\language\fr-FR\fr-FR.ini'
wurde ein Virus oder unerwünschtes Programm 'SPR/OSMonitor.A' [riskware]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 08:54 [Guard] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-681877900-919319930-2659170955-1000\$RT8DMFO\administr
ator\language\en-GB\en-GB.ini'
wurde ein Virus oder unerwünschtes Programm 'BDS/Pcclient.HP.56' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 08:52 [Guard] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-681877900-919319930-2659170955-1000\$RT8DMFO\administr
ator\components\com_sections\admin.sections.php'
wurde ein Virus oder unerwünschtes Programm 'WORM/Bagle.DU.4' [worm] gefunden.
Ausgeführte Aktion: Zugriff erlauben
25.03.2011 08:48 [Guard] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-681877900-919319930-2659170955-1000\$RT8DMFO\administr
ator\components\com_jce\config.php'
wurde ein Virus oder unerwünschtes Programm 'TR/Delf.tbtb' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
|
|
27.03.2011, 20:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im Recycler Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:C97C8631
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:ECF54A0E
[2011.03.01 00:01:15 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell - "" = AutoRun
O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\Shell - "" = AutoRun
O33 - MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell - "" = AutoRun
O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\Shell - "" = AutoRun
O33 - MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\Shell - "" = AutoRun
O33 - MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\Shell - "" = AutoRun
O33 - MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\Shell - "" = AutoRun
O33 - MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.03.2011, 08:19
| #5 |
| | Mehrere Trojaner und Sonstiges im Recycler Hier das Fix-Log: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:C97C8631 deleted successfully.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
C:\ProgramData\bltofzsb.qlf moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6217b6b2-2a3b-11df-8a5e-00508db62f41}\ not found.
File notepad readme.doc not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63531cb4-c26a-11de-a5ea-00508db62f41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63531cb4-c26a-11de-a5ea-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63531cb4-c26a-11de-a5ea-00508db62f41}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c1862-00ac-11d6-a2b7-00221589f0c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c1862-00ac-11d6-a2b7-00221589f0c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c1862-00ac-11d6-a2b7-00221589f0c0}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c1864-00ac-11d6-a2b7-00221589f0c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c1864-00ac-11d6-a2b7-00221589f0c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c1864-00ac-11d6-a2b7-00221589f0c0}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{870ca3ca-cbc8-11de-a6d3-00508db62f41}\ not found.
File notepad readme.doc not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c18263b-f45e-11de-90c7-00508db62f41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c18263b-f45e-11de-90c7-00508db62f41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c18263b-f45e-11de-90c7-00508db62f41}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec35086f-009d-11d6-b919-f5dcbdbe7440}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec350876-009d-11d6-b919-f5dcbdbe7440}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec350876-009d-11d6-b919-f5dcbdbe7440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec350876-009d-11d6-b919-f5dcbdbe7440}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1fffbd1-00a1-11d6-aa59-00221589f0c0}\ not found.
File I:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1fffbd3-00a1-11d6-aa59-00221589f0c0}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 355900666 bytes
->Java cache emptied: 106449231 bytes
->FireFox cache emptied: 108390738 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 3076789 bytes
->Flash cache emptied: 1208 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530086 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 19660481 bytes
Total Files Cleaned = 567,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03282011_091203
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
28.03.2011, 10:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im Recycler Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Mehrere Trojaner und Sonstiges im Recycler |
|
28.03.2011, 11:49
| #7 |
| | Mehrere Trojaner und Sonstiges im Recycler Combofix-Log: Code:
ATTFilter ComboFix 11-03-27.02 - *** 28.03.2011 12:33:56.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2769 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-28 ))))))))))))))))))))))))))))))
.
.
2011-03-28 10:38 . 2011-03-28 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-28 09:51 . 2011-03-28 09:53 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-03-28 09:51 . 2011-03-28 09:51 -------- d-----w- c:\windows\PCHEALTH
2011-03-28 09:48 . 2011-03-28 09:48 -------- d-----r- C:\MSOCache
2011-03-28 07:12 . 2011-03-28 07:12 -------- d-----w- C:\_OTL
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\VDLL.DLL
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\rundll16.exe
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\logo1_.exe
2011-03-26 17:00 . 2011-03-26 17:00 -------- d---a-w- c:\windows\logo_1.exe
2011-03-26 16:41 . 2011-03-26 16:41 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-03-26 16:41 . 2011-03-26 16:41 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-03-26 16:41 . 2011-03-26 16:41 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2011-03-26 16:41 . 2011-03-26 16:41 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2011-03-26 16:41 . 2011-03-26 16:41 -------- d-----w- c:\programdata\MicroWorld
2011-03-26 15:52 . 2011-03-26 15:52 -------- d-----w- c:\program files (x86)\Advanced Port Scanner
2011-03-26 10:11 . 2011-03-26 10:11 -------- d-----w- c:\programdata\CA
2011-03-26 10:11 . 2011-03-26 10:11 -------- d-----w- c:\program files (x86)\Common Files\Scanner
2011-03-26 10:11 . 2011-03-26 10:11 -------- d-----w- c:\program files (x86)\CA
2011-03-26 09:39 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12F06164-8137-4651-A3DB-83E0120962EB}\mpengine.dll
2011-03-25 10:39 . 2011-03-25 10:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-25 10:39 . 2011-03-25 10:39 -------- d-----w- c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2011-03-25 10:38 . 2011-03-25 10:38 -------- d-----w- c:\programdata\!SASCORE
2011-03-25 10:38 . 2011-03-25 10:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-25 07:30 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-18 18:22 . 2011-03-18 18:22 -------- d-----w- c:\program files\Recuva
2011-03-18 18:19 . 2002-02-18 17:40 6200 ----a-w- c:\windows\SysWow64\INT13EXT.VXD
2011-03-18 18:19 . 2011-03-18 18:19 -------- d-----w- c:\program files (x86)\PC Inspector File Recovery
2011-03-18 18:18 . 2002-12-05 13:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-18 18:18 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-18 18:18 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-18 18:18 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-18 18:18 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-18 18:18 . 2011-03-18 18:18 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-18 18:18 . 2011-03-18 18:18 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-16 18:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-07 13:33 . 2011-03-07 13:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-05 11:17 . 2011-03-26 14:52 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2011-03-03 09:48 . 2011-03-03 09:48 -------- d-----w- c:\users\***\AppData\Roaming\Jumping Bytes
2011-03-03 09:47 . 2011-03-03 09:47 -------- d-----w- c:\program files (x86)\PureSync
2011-03-03 09:47 . 2011-03-03 09:47 -------- d-----w- c:\program files (x86)\Common Files\Jumping Bytes
2011-02-28 23:07 . 2011-03-01 09:02 -------- d-----w- c:\users\postgres
2011-02-28 23:05 . 2011-02-28 23:05 -------- d-----w- c:\program files (x86)\PostgreSQL
2011-02-28 11:54 . 2011-02-28 11:55 -------- d-----w- c:\users\***\AppData\Roaming\Luxology
2011-02-28 11:52 . 2011-02-28 11:52 -------- d-----w- c:\users\***\AppData\Roaming\MAXON
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 16:44 . 2011-03-26 16:43 17147138 ----a-w- c:\windows\REGBK00.ZIP
2011-02-02 20:40 . 2010-05-18 05:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 17:11 . 2009-10-27 09:00 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-10 06:52 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-10 06:52 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-10 06:52 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-12 10:33 . 2011-01-06 12:27 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-07 08:07 . 2011-02-23 07:00 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 07:00 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-10 06:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 07:00 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 07:00 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 06:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 06:52 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 06:52 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-06 12:27 . 2011-01-06 12:27 53248 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-05 06:20 . 2011-02-10 06:52 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-10 06:52 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-10 06:52 3127808 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="c:\program files (x86)\U-ABIT\uGuru\uGuru.exe" [2007-11-07 425984]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-30 136176]
"Eraser RiskMonitor"="c:\program files (x86)\East-Tec Eraser 2010\Launch.exe" [2008-11-03 44192]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-02-24 825408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2988488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-28 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CaISSDT"="c:\program files (x86)\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files (x86)\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2011-03-26 258048]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-27 1038088]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 09:06]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681877900-919319930-2659170955-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 09:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0elrfldo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: lori (Life-of-request info): {6dfc4f52-26f0-4e5f-89c7-31d6de480db9} - %profile%\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Unlocker - c:\program files (x86)\Unlocker\uninst.exe
AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-681877900-919319930-2659170955-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7DFEAAB-B149-8279-CF20-28AE5333E3FD}*]
"magelclknfagkifnlmopdcahme"=hex:6b,61,6a,6b,65,6c,6d,6d,6e,65,6c,64,62,69,61,
65,69,68,68,6b,65,6b,00,6b
"namffnidlpbogeainkhgjnjcmhmm"=hex:6b,61,6a,6b,65,6c,6d,6d,6e,65,6c,64,62,69,
61,65,69,68,68,6b,65,6b,00,6b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-28 12:40:11
ComboFix-quarantined-files.txt 2011-03-28 10:40
.
Vor Suchlauf: 16 Verzeichnis(se), 22.626.017.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 22.259.163.136 Bytes frei
.
- - End Of File - - 123806A0B07592E9A86A85B8CE7A9EB4
|
|
28.03.2011, 13:13
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im Recycler Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2011, 15:00
| #9 |
| | Mehrere Trojaner und Sonstiges im Recycler TDSS rootkit Log: Code:
ATTFilter 2011/03/28 15:57:04.0494 4292 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/28 15:57:04.0937 4292 ================================================================================
2011/03/28 15:57:04.0937 4292 SystemInfo:
2011/03/28 15:57:04.0937 4292
2011/03/28 15:57:04.0937 4292 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/28 15:57:04.0937 4292 Product type: Workstation
2011/03/28 15:57:04.0937 4292 ComputerName: ***
2011/03/28 15:57:04.0937 4292 UserName: ***
2011/03/28 15:57:04.0937 4292 Windows directory: C:\Windows
2011/03/28 15:57:04.0937 4292 System windows directory: C:\Windows
2011/03/28 15:57:04.0937 4292 Running under WOW64
2011/03/28 15:57:04.0937 4292 Processor architecture: Intel x64
2011/03/28 15:57:04.0937 4292 Number of processors: 2
2011/03/28 15:57:04.0937 4292 Page size: 0x1000
2011/03/28 15:57:04.0937 4292 Boot type: Normal boot
2011/03/28 15:57:04.0937 4292 ================================================================================
2011/03/28 15:57:06.0355 4292 Initialize success
2011/03/28 15:57:09.0248 7036 ================================================================================
2011/03/28 15:57:09.0248 7036 Scan started
2011/03/28 15:57:09.0248 7036 Mode: Manual;
2011/03/28 15:57:09.0248 7036 ================================================================================
2011/03/28 15:57:10.0632 7036 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/28 15:57:10.0669 7036 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/28 15:57:10.0698 7036 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/28 15:57:10.0743 7036 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
2011/03/28 15:57:10.0797 7036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/28 15:57:10.0837 7036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/28 15:57:10.0864 7036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/28 15:57:10.0899 7036 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/28 15:57:10.0929 7036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/28 15:57:10.0950 7036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/28 15:57:10.0970 7036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/28 15:57:11.0004 7036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/28 15:57:11.0020 7036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/28 15:57:11.0056 7036 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/28 15:57:11.0080 7036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/28 15:57:11.0098 7036 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/28 15:57:11.0166 7036 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/28 15:57:11.0250 7036 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/28 15:57:11.0268 7036 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/28 15:57:11.0294 7036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/28 15:57:11.0313 7036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/28 15:57:11.0344 7036 athrusb (fc75a6a215e1f1a228864853d55783aa) C:\Windows\system32\DRIVERS\athrxusb.sys
2011/03/28 15:57:11.0401 7036 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/28 15:57:11.0422 7036 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/28 15:57:11.0459 7036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/28 15:57:11.0484 7036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/28 15:57:11.0518 7036 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/28 15:57:11.0557 7036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/28 15:57:11.0578 7036 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/28 15:57:11.0597 7036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/28 15:57:11.0614 7036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/28 15:57:11.0645 7036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/28 15:57:11.0666 7036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/28 15:57:11.0678 7036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/28 15:57:11.0696 7036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/28 15:57:11.0722 7036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/28 15:57:11.0752 7036 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/28 15:57:11.0772 7036 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/28 15:57:11.0801 7036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/28 15:57:11.0834 7036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/28 15:57:11.0907 7036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/28 15:57:11.0926 7036 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/28 15:57:11.0983 7036 cmnsusbser (2b3b8cbea1ba1bce5700607fbdb31034) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/03/28 15:57:12.0016 7036 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/28 15:57:12.0041 7036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/28 15:57:12.0064 7036 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/28 15:57:12.0087 7036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/28 15:57:12.0135 7036 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/03/28 15:57:12.0190 7036 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/28 15:57:12.0215 7036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/28 15:57:12.0246 7036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/28 15:57:12.0295 7036 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/28 15:57:12.0345 7036 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/28 15:57:12.0453 7036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/28 15:57:12.0555 7036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/28 15:57:12.0589 7036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/28 15:57:12.0625 7036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/28 15:57:12.0650 7036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/28 15:57:12.0678 7036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/28 15:57:12.0704 7036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/28 15:57:12.0720 7036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/28 15:57:12.0758 7036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/28 15:57:12.0788 7036 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/28 15:57:12.0825 7036 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/28 15:57:12.0850 7036 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/28 15:57:12.0887 7036 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/28 15:57:12.0916 7036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/28 15:57:12.0940 7036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/28 15:57:12.0983 7036 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/28 15:57:13.0009 7036 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/28 15:57:13.0029 7036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/28 15:57:13.0050 7036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/28 15:57:13.0069 7036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/28 15:57:13.0095 7036 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/28 15:57:13.0128 7036 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/28 15:57:13.0167 7036 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/28 15:57:13.0226 7036 hwdatacard (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/03/28 15:57:13.0251 7036 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/28 15:57:13.0275 7036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/28 15:57:13.0296 7036 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/28 15:57:13.0340 7036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/28 15:57:13.0426 7036 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/28 15:57:13.0491 7036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/28 15:57:13.0510 7036 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/28 15:57:13.0547 7036 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/28 15:57:13.0567 7036 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/28 15:57:13.0591 7036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/28 15:57:13.0619 7036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/28 15:57:13.0642 7036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/28 15:57:13.0670 7036 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/28 15:57:13.0712 7036 JRAID (86cfef6dc6de51aab0c10384fe98f48f) C:\Windows\system32\DRIVERS\jraid.sys
2011/03/28 15:57:13.0745 7036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/28 15:57:13.0779 7036 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/28 15:57:13.0802 7036 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/28 15:57:13.0831 7036 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/28 15:57:13.0857 7036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/28 15:57:13.0890 7036 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/03/28 15:57:13.0993 7036 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/03/28 15:57:14.0030 7036 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/03/28 15:57:14.0080 7036 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/03/28 15:57:14.0109 7036 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/28 15:57:14.0139 7036 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/03/28 15:57:14.0170 7036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/28 15:57:14.0188 7036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/28 15:57:14.0210 7036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/28 15:57:14.0237 7036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/28 15:57:14.0266 7036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/28 15:57:14.0295 7036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/28 15:57:14.0325 7036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/28 15:57:14.0360 7036 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/28 15:57:14.0382 7036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/28 15:57:14.0403 7036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/28 15:57:14.0432 7036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/28 15:57:14.0453 7036 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/28 15:57:14.0483 7036 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/28 15:57:14.0509 7036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/28 15:57:14.0538 7036 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/28 15:57:14.0582 7036 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/28 15:57:14.0606 7036 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/28 15:57:14.0660 7036 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/28 15:57:14.0686 7036 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/28 15:57:14.0709 7036 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/28 15:57:14.0749 7036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/28 15:57:14.0776 7036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/28 15:57:14.0794 7036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/28 15:57:14.0833 7036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/28 15:57:14.0848 7036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/28 15:57:14.0869 7036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/28 15:57:14.0895 7036 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/28 15:57:14.0969 7036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/28 15:57:15.0250 7036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/28 15:57:15.0268 7036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/28 15:57:15.0299 7036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/28 15:57:15.0339 7036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/28 15:57:15.0401 7036 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/28 15:57:15.0451 7036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/28 15:57:15.0482 7036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/28 15:57:15.0509 7036 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/28 15:57:15.0539 7036 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/28 15:57:15.0573 7036 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/28 15:57:15.0596 7036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/28 15:57:15.0622 7036 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/28 15:57:15.0726 7036 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/03/28 15:57:15.0809 7036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/28 15:57:15.0850 7036 nmwcdx64 (c9773ef9cbf2877725a45f07396d5da6) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/03/28 15:57:15.0877 7036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/28 15:57:15.0902 7036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/28 15:57:15.0949 7036 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/28 15:57:16.0018 7036 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/28 15:57:16.0284 7036 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/28 15:57:16.0581 7036 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/28 15:57:16.0607 7036 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/28 15:57:16.0658 7036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/28 15:57:16.0682 7036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/28 15:57:16.0740 7036 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/28 15:57:16.0766 7036 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/28 15:57:16.0796 7036 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/28 15:57:16.0816 7036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/28 15:57:16.0837 7036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/28 15:57:16.0867 7036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/28 15:57:16.0900 7036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/28 15:57:17.0010 7036 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/28 15:57:17.0039 7036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/28 15:57:17.0080 7036 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/28 15:57:17.0124 7036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/28 15:57:17.0199 7036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/28 15:57:17.0226 7036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/28 15:57:17.0246 7036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/28 15:57:17.0273 7036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/28 15:57:17.0301 7036 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/28 15:57:17.0332 7036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/28 15:57:17.0351 7036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/28 15:57:17.0383 7036 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/28 15:57:17.0418 7036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/28 15:57:17.0444 7036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/28 15:57:17.0480 7036 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/03/28 15:57:17.0510 7036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/28 15:57:17.0533 7036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/28 15:57:17.0562 7036 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/28 15:57:17.0591 7036 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/28 15:57:17.0637 7036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/28 15:57:17.0678 7036 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/28 15:57:17.0703 7036 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/28 15:57:17.0766 7036 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/03/28 15:57:17.0790 7036 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/03/28 15:57:17.0814 7036 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/28 15:57:17.0861 7036 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/28 15:57:17.0892 7036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/28 15:57:17.0930 7036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/28 15:57:17.0955 7036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/28 15:57:17.0978 7036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/28 15:57:18.0013 7036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/28 15:57:18.0031 7036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/28 15:57:18.0053 7036 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/28 15:57:18.0072 7036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/28 15:57:18.0107 7036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/28 15:57:18.0131 7036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/28 15:57:18.0166 7036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/28 15:57:18.0225 7036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/28 15:57:18.0306 7036 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/03/28 15:57:18.0306 7036 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/03/28 15:57:18.0311 7036 sptd - detected Locked file (1)
2011/03/28 15:57:18.0352 7036 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/28 15:57:18.0415 7036 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/28 15:57:18.0472 7036 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/28 15:57:18.0510 7036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/28 15:57:18.0553 7036 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/28 15:57:18.0592 7036 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/28 15:57:18.0624 7036 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/28 15:57:18.0644 7036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/28 15:57:18.0732 7036 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/28 15:57:18.0839 7036 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/28 15:57:18.0871 7036 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/28 15:57:18.0899 7036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/28 15:57:18.0923 7036 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/28 15:57:18.0957 7036 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/28 15:57:18.0983 7036 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/28 15:57:19.0052 7036 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/28 15:57:19.0090 7036 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/28 15:57:19.0118 7036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/28 15:57:19.0147 7036 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/28 15:57:19.0217 7036 UGURU (0fb030c397e97811ca141355541c8f41) C:\Windows\system32\drivers\uGuru.sys
2011/03/28 15:57:19.0254 7036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/28 15:57:19.0290 7036 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/28 15:57:19.0315 7036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/28 15:57:19.0342 7036 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/28 15:57:19.0371 7036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/28 15:57:19.0410 7036 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/28 15:57:19.0446 7036 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/28 15:57:19.0478 7036 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/28 15:57:19.0499 7036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/28 15:57:19.0523 7036 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/28 15:57:19.0544 7036 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/28 15:57:19.0576 7036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/28 15:57:19.0607 7036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/28 15:57:19.0631 7036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/28 15:57:19.0657 7036 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/28 15:57:19.0698 7036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/28 15:57:19.0727 7036 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/28 15:57:19.0751 7036 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/28 15:57:19.0774 7036 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/28 15:57:19.0799 7036 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/28 15:57:19.0836 7036 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/28 15:57:19.0888 7036 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/03/28 15:57:19.0935 7036 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/03/28 15:57:19.0963 7036 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/03/28 15:57:20.0023 7036 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
2011/03/28 15:57:20.0064 7036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/28 15:57:20.0092 7036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/28 15:57:20.0132 7036 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/28 15:57:20.0170 7036 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/03/28 15:57:20.0199 7036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/28 15:57:20.0236 7036 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/28 15:57:20.0269 7036 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/28 15:57:20.0315 7036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/28 15:57:20.0346 7036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/28 15:57:20.0411 7036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/28 15:57:20.0436 7036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/28 15:57:20.0539 7036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/28 15:57:20.0583 7036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/28 15:57:20.0618 7036 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/28 15:57:20.0651 7036 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/28 15:57:20.0776 7036 ================================================================================
2011/03/28 15:57:20.0776 7036 Scan finished
2011/03/28 15:57:20.0776 7036 ================================================================================
2011/03/28 15:57:20.0788 3536 Detected object count: 1
2011/03/28 15:58:14.0725 3536 Locked file(sptd) - User select action: Skip
|
|
28.03.2011, 18:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im Recycler Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2011, 08:03
| #11 |
| | Mehrere Trojaner und Sonstiges im Recycler GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-28 21:44:17
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x67 0x4E 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE6 0x07 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x67 0x4E 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE6 0x07 0x55 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7DFEAAB-B149-8279-CF20-28AE5333E3FD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7DFEAAB-B149-8279-CF20-28AE5333E3FD}@magelclknfagkifnlmopdcahme 0x6B 0x61 0x6A 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7DFEAAB-B149-8279-CF20-28AE5333E3FD}@namffnidlpbogeainkhgjnjcmhmm 0x6B 0x61 0x6A 0x6B ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: hxxp://www.abit.com.tw/
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: OEM
System Product Name: OEM
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 206):
0x0320C000 \SystemRoot\system32\ntoskrnl.exe
0x037E9000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00CB1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF5000 \SystemRoot\system32\PSHED.dll
0x00D09000 \SystemRoot\system32\CLFS.SYS
0x00E19000 \SystemRoot\system32\CI.dll
0x00ED9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0109E000 \SystemRoot\System32\Drivers\spkt.sys
0x011C4000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011CD000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8C000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D67000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FBF000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FD6000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DC3000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00E00000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C1E000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C6A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01210000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0141A000 \SystemRoot\System32\Drivers\msrpc.sys
0x01478000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01492000 \SystemRoot\System32\Drivers\cng.sys
0x01505000 \SystemRoot\System32\drivers\pcw.sys
0x01516000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0169F000 \SystemRoot\system32\drivers\ndis.sys
0x01791000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01520000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01685000 \SystemRoot\System32\Drivers\spldr.sys
0x0168D000 \SystemRoot\SysWOW64\speedfan.sys
0x0156C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015A6000 \SystemRoot\System32\Drivers\mup.sys
0x01694000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x013B3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00C7E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01200000 \SystemRoot\System32\Drivers\Null.SYS
0x01209000 \SystemRoot\System32\Drivers\Beep.SYS
0x00E0B000 \SystemRoot\System32\drivers\vga.sys
0x02C26000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C4B000 \SystemRoot\System32\drivers\watchdog.sys
0x02C5B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C64000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C6D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C76000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C81000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C92000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CB0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CBD000 \SystemRoot\system32\drivers\afd.sys
0x02D47000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D8C000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02D97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DA0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DC6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ACA000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03B21000 \SystemRoot\system32\drivers\uGuru.sys
0x03B25000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
0x03B65000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B79000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03B83000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03B8D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BDE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A00000 \SystemRoot\System32\drivers\discache.sys
0x03A0F000 \SystemRoot\system32\drivers\csc.sys
0x03A92000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AB0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C58000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03C7A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03CA0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FEAA000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10B3C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CB6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10B3E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10B84000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x10B91000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10BE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0FE24000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0FE63000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03DAA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03DB7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03DD5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03DE4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0FEA1000 \SystemRoot\system32\DRIVERS\serscan.sys
0x10BF8000 \SystemRoot\system32\drivers\ksthunk.sys
0x03C00000 \SystemRoot\system32\drivers\ks.sys
0x042E0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x042F6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0431A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04326000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04355000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04370000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04391000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043AB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x043B6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043C5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x043C7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x043D9000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x04200000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x0420F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04211000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x0424D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042A7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x042B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05209000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05697000 \SystemRoot\system32\drivers\portcls.sys
0x056D4000 \SystemRoot\system32\drivers\drmk.sys
0x056F6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05713000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05721000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0572D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05736000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x05749000 \SystemRoot\System32\drivers\Dxapi.sys
0x05755000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05772000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05780000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05799000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x057A2000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x057B9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x057C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x057D4000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x057DC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x057EA000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05600000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x05614000 \SystemRoot\system32\drivers\luafv.sys
0x05637000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05654000 \SystemRoot\system32\drivers\WudfPf.sys
0x05675000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06AEA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06B3D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06B50000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06A00000 \SystemRoot\system32\drivers\HTTP.sys
0x06AC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06B68000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06B80000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06BAD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x072FA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0731D000 \SystemRoot\System32\Drivers\adfs.SYS
0x07335000 \SystemRoot\system32\drivers\peauth.sys
0x073DB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0722D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0723F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07674000 \SystemRoot\System32\DRIVERS\srv.sys
0x0777B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76E60000 \Windows\System32\ntdll.dll
0x481E0000 \Windows\System32\smss.exe
0xFF180000 \Windows\System32\apisetschema.dll
0xFFF30000 \Windows\System32\autochk.exe
0x76D60000 \Windows\System32\user32.dll
0xFF0F0000 \Windows\System32\shlwapi.dll
0xFF0A0000 \Windows\System32\Wldap32.dll
0xFF090000 \Windows\System32\nsi.dll
0xFF080000 \Windows\System32\lpk.dll
0xFEFA0000 \Windows\System32\advapi32.dll
0xFED90000 \Windows\System32\ole32.dll
0x77030000 \Windows\System32\normaliz.dll
0xFECB0000 \Windows\System32\oleaut32.dll
0xFEC90000 \Windows\System32\imagehlp.dll
0xFEB60000 \Windows\System32\wininet.dll
0xFDDD0000 \Windows\System32\shell32.dll
0xFDD00000 \Windows\System32\usp10.dll
0xFDCD0000 \Windows\System32\imm32.dll
0xFDB50000 \Windows\System32\urlmon.dll
0xFDAB0000 \Windows\System32\comdlg32.dll
0xFD8D0000 \Windows\System32\setupapi.dll
0xFD830000 \Windows\System32\msvcrt.dll
0x77020000 \Windows\System32\psapi.dll
0x76C40000 \Windows\System32\kernel32.dll
0xFD7B0000 \Windows\System32\difxapi.dll
0xFD710000 \Windows\System32\clbcatq.dll
0xFD600000 \Windows\System32\msctf.dll
0xFD3A0000 \Windows\System32\iertutil.dll
0xFD270000 \Windows\System32\rpcrt4.dll
0xFD220000 \Windows\System32\ws2_32.dll
0xFD200000 \Windows\System32\sechost.dll
0xFD190000 \Windows\System32\gdi32.dll
0xFD120000 \Windows\System32\KernelBase.dll
0xFD0E0000 \Windows\System32\wintrust.dll
0xFD0C0000 \Windows\System32\devobj.dll
0xFD080000 \Windows\System32\cfgmgr32.dll
0xFCFE0000 \Windows\System32\comctl32.dll
0xFCE70000 \Windows\System32\crypt32.dll
0xFCE60000 \Windows\System32\msasn1.dll
Processes (total 65):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
416 csrss.exe
476 C:\Windows\System32\wininit.exe
492 csrss.exe
548 C:\Windows\System32\services.exe
572 C:\Windows\System32\winlogon.exe
592 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\audiodg.exe
864 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\nvvsvc.exe
1144 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\spoolsv.exe
1388 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1408 C:\Windows\System32\svchost.exe
1524 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1572 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1604 C:\xampp\xampp\apache\bin\httpd.exe
1676 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1696 C:\Windows\System32\conhost.exe
1908 C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
1316 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2072 C:\xampp\xampp\apache\bin\httpd.exe
2832 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
2968 C:\Windows\System32\svchost.exe
1872 C:\Program Files\Windows Media Player\wmpnetwk.exe
820 C:\Windows\System32\SearchIndexer.exe
3244 C:\Windows\System32\taskhost.exe
3332 C:\Windows\System32\dwm.exe
3356 C:\Windows\explorer.exe
3508 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3532 C:\Program Files\Logitech\SetPointP\SetPoint.exe
3548 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3572 C:\Program Files (x86)\PureSync\PureSyncTray.exe
3580 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3604 C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
3896 C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
4012 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
4032 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4048 C:\Program Files (x86)\Winamp\winampa.exe
4080 C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
2860 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3112 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1236 C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
4608 C:\Program Files (x86)\East-Tec Eraser 2010\etRiskMon.exe
4988 C:\Windows\System32\svchost.exe
4712 C:\Windows\System32\svchost.exe
3888 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5044 C:\Program Files (x86)\Winamp\winamp.exe
4768 C:\Program Files (x86)\Streamripper\wstreamripper.exe
4764 C:\Program Files (x86)\Winamp\Elevator.exe
3824 C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
1912 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
3560 C:\Windows\System32\dllhost.exe
3712 E:\Downs\MBRCheck.exe
2884 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000044`5c01dc00 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AAKS-22A7B2, Rev: 01.03B01
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
29.03.2011, 15:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im Recycler Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2011, 22:08
| #13 |
| | Mehrere Trojaner und Sonstiges im Recycler MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6205
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29.03.2011 21:44:58
mbam-log-2011-03-29 (21-44-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 710952
Laufzeit: 1 Stunde(n), 6 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/29/2011 at 10:46 PM
Application Version : 4.50.1002
Core Rules Database Version : 6702
Trace Rules Database Version: 4514
Scan type : Complete Scan
Total Scan Time : 00:57:54
Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 13798
Registry threats detected : 0
File items scanned : 109345
File threats detected : 3
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\konsument@content.yieldmanager[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\konsument@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\konsument@atdmt[2].txt
Noch zwei Fragen: Gibt es irgendwo eine Doku darüber, wie man Logs von OTL, GMER, etc.. deuten kann? Wieso schlägt Coverflow öfters die Verwendung von HijackThis vor? Und am Ende noch ein fettes Danke für den Support! |
|
30.03.2011, 11:43
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner und Sonstiges im RecyclerZitat:
Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mehrere Trojaner und Sonstiges im Recycler |
| 0x00000001, alternate, analytics, antivir, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, data recovery, downloader, eraser, error, excel, firefox, flash player, google, google analytics, google chrome, hijack, hijackthis, home, hängen, install.exe, langs, location, locker, logfile, mozilla thunderbird, oldtimer, otl.exe, pixel, plug-in, programdata, realtek, recycle, registry, richtlinie, safer networking, saver, scan, sched.exe, searchplugins, security, server, shell32.dll, shortcut, software, sptd.sys, start menu, studio, super, syswow64, total commander, trojaner, user agent, visual studio, webcheck, windows, windows xp, youtube downloader |
Linear-Darstellung
