kazy.mekl Trojaner

cosinus · 09.05.2011, 11:02

Wer hat dich angewiesen einen OTL-Fix zu machen? Irgendwie hab ich den EIndruck du hast es nicht so mit dem Lesen und Verstehen...

Pacitus · 09.05.2011, 14:38

Ich habe in meinem ersten Posting darauf hingewiesen, dass ich auf eigene Initiative hin am 23.4. versucht habe, den Trojaner loszuwerden, deshalb habe ich geschrieben, dass ich gegen die 1. Forenregel verstossen habe.Ich wusste nicht, dass jede Infizierung durch einen Trojaner eine individuelle Vorgehensweise erfordert. Hier der Link zu der Vorgehensweise, die ich gewählt habe; demgemäß habe ich otl-fix ausgeführt.

http://www.trojaner-board.de/97795-t...azy-mekml.html

Gruß
Pacitus

cosinus · 09.05.2011, 15:36

Nagut, hatte ich wohl aus meiner Erinnerung gestrichen...

Mach bitte ein frisches OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Pacitus · 09.05.2011, 18:44

Hier die logfiles.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.05.2011 19:10:59 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Public
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,25 Gb Total Space | 48,52 Gb Free Space | 34,11% Space Free | Partition Type: NTFS
Drive D: | 6,80 Gb Total Space | 1,70 Gb Free Space | 24,96% Space Free | Partition Type: NTFS
 
Computer Name: PACITUS-PC | User Name: Pacitus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Public\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Pacitus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Napster\napster.exe (Napster)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\Cleverlearn\CleverTrainer\CleverTrainer Desktop Tool\CLTDesktopTool.exe (Cleverlearn, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Public\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVENG.SYS (Symantec Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com?o=41648036&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.search-results.com?o=41648036&l=dis"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {C3947F4E-8894-4C04-98E0-DF182C706DDF}:1.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.0.15935
FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=3E583D17-BE1E-4466-B700-361FBE572F8A&apn_ptnrs=96&apn_sauid=91C5242D-C615-40F1-B4B0-539F5FF03DD9&apn_dtid=YYYYYYYYDE&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.19 16:09:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.30 00:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.30 00:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 23:51:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 23:51:15 | 000,000,000 | ---D | M]
 
[2009.03.31 10:25:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Extensions
[2011.05.09 15:23:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.19 16:10:41 | 000,000,000 | -H-D | M] (Webblog) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}
[2011.04.19 16:10:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\moveplayer@movenetworks.com
[2011.04.23 01:06:20 | 000,000,000 | -H-D | M] (@@toolbarname@@) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\toolbar@ask.com
[2010.09.12 21:16:39 | 000,001,115 | -H-- | M] () -- C:\Users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\searchplugins\rapidshare-filefinder.xml
[2011.04.19 23:18:39 | 000,003,367 | -H-- | M] () -- C:\Users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\searchplugins\search-results.xml
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.15 18:23:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.30 09:15:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.12.30 00:54:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.30 00:54:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.08.30 09:15:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.19 16:09:56 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.09 18:03:46 | 000,000,000 | -H-D | M] (No name found) -- C:\USERS\PACITUS\PROGRAM FILES\DNA
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.30 06:22:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.30 06:22:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.30 06:22:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.08 23:21:24 | 000,002,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webblog.xml
[2010.10.30 06:22:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.30 06:22:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Programme\wbtooltb\wbtoolDx.dll ()
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Programme\wbtooltb\wbtoolDx.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Pacitus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.23 01:38:51 | 000,000,000 | ---D | C] -- C:\Users\Pacitus\AppData\Roaming\Malwarebytes
[2011.04.23 01:38:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 01:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 01:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 01:38:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.23 01:38:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.23 00:47:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.23 00:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tweaker
[2011.04.23 00:16:50 | 000,000,000 | ---D | C] -- C:\Programme\Advanced PC Tweaker
[2011.04.20 00:15:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\MFAData
[2011.04.19 20:11:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.04.19 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard 5.0.1 Demo
[2011.04.19 20:09:33 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS
[2011.04.19 20:08:42 | 003,856,864 | -H-- | C] (EASEUS                                                      ) -- C:\Users\Pacitus\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.04.11 20:55:12 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.09 18:18:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.09 18:10:54 | 000,000,428 | ---- | M] () -- C:\Users\Pacitus\Desktop\OTL - Verknüpfung.lnk
[2011.05.09 18:05:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.05.09 18:04:47 | 000,000,150 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.05.09 18:03:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.09 18:03:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.09 18:03:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.09 18:02:57 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Pacitus-Startup.job
[2011.05.09 18:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.09 18:02:29 | 2134,945,792 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.07 12:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2011.05.05 17:15:11 | 000,016,672 | ---- | M] () -- C:\Users\Pacitus\Documents\Lat.pdf
[2011.05.05 17:13:40 | 000,014,784 | ---- | M] () -- C:\Users\Pacitus\Documents\la-fachlhinw280806.pdf
[2011.05.05 17:13:03 | 000,022,661 | ---- | M] () -- C:\Users\Pacitus\Documents\la-o-uebersicht.pdf
[2011.05.05 17:06:19 | 000,112,378 | ---- | M] () -- C:\Users\Pacitus\Documents\en-o-uebersicht.pdf
[2011.04.30 20:20:15 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.04.29 19:34:27 | 001,775,514 | ---- | M] () -- C:\Users\Pacitus\Desktop\hb.pdf
[2011.04.23 01:38:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 00:39:36 | 000,103,424 | ---- | M] () -- C:\Users\Pacitus\Documents\otl txt.wps
[2011.04.23 00:16:53 | 000,000,926 | ---- | M] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker.lnk
[2011.04.23 00:16:53 | 000,000,881 | ---- | M] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011.04.21 15:39:29 | 002,421,015 | ---- | M] () -- C:\Users\Pacitus\Documents\4775960.pdf
[2011.04.21 15:38:45 | 002,269,123 | ---- | M] () -- C:\Users\Pacitus\Documents\4774676.pdf
[2011.04.19 20:09:37 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.0.1 Demo.lnk
[2011.04.19 20:08:51 | 003,856,864 | -H-- | M] (EASEUS                                                      ) -- C:\Users\Pacitus\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.04.19 15:13:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.19 15:13:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.19 15:13:24 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.19 15:13:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 11:02:46 | 022,127,057 | -H-- | M] () -- C:\Users\Pacitus\Documents\selectionsfromla00gardrich.pdf
[2011.04.18 10:51:58 | 014,141,013 | -H-- | M] () -- C:\Users\Pacitus\Documents\fablesdephedreav00phae.pdf
[2011.04.17 10:34:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.17 10:34:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.17 10:34:13 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.16 10:16:50 | 000,321,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 23:06:15 | 000,023,552 | -H-- | M] () -- C:\Users\Pacitus\Documents\Politische Entwicklungslinien nach Cäsars Tod.wps
[2011.04.11 22:41:47 | 000,009,728 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2b.wps
[2011.04.11 22:34:28 | 000,009,216 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2.wps
[2011.04.10 13:00:21 | 001,673,544 | -H-- | M] () -- C:\Users\Pacitus\Documents\Milo.wps
[2011.04.10 12:44:11 | 015,493,087 | -H-- | M] () -- C:\Users\Pacitus\Documents\protanniomilonea00ciceuoft.pdf
[2011.04.09 23:59:32 | 000,070,996 | -H-- | M] () -- C:\Users\Pacitus\Desktop\tropen_und_figuren.pdf
[2011.04.09 23:28:13 | 001,206,582 | -H-- | M] () -- C:\Users\Pacitus\Desktop\hilfsbuch.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.09 18:10:54 | 000,000,428 | ---- | C] () -- C:\Users\Pacitus\Desktop\OTL - Verknüpfung.lnk
[2011.05.05 17:15:11 | 000,016,672 | ---- | C] () -- C:\Users\Pacitus\Documents\Lat.pdf
[2011.05.05 17:13:40 | 000,014,784 | ---- | C] () -- C:\Users\Pacitus\Documents\la-fachlhinw280806.pdf
[2011.05.05 17:13:03 | 000,022,661 | ---- | C] () -- C:\Users\Pacitus\Documents\la-o-uebersicht.pdf
[2011.05.05 17:06:19 | 000,112,378 | ---- | C] () -- C:\Users\Pacitus\Documents\en-o-uebersicht.pdf
[2011.04.29 19:34:20 | 001,775,514 | ---- | C] () -- C:\Users\Pacitus\Desktop\hb.pdf
[2011.04.23 01:38:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 00:39:36 | 000,103,424 | ---- | C] () -- C:\Users\Pacitus\Documents\otl txt.wps
[2011.04.23 00:17:04 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\One-Click Tweak.job
[2011.04.23 00:16:53 | 000,000,926 | ---- | C] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker.lnk
[2011.04.23 00:16:53 | 000,000,881 | ---- | C] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011.04.21 15:39:29 | 002,421,015 | ---- | C] () -- C:\Users\Pacitus\Documents\4775960.pdf
[2011.04.21 15:38:45 | 002,269,123 | ---- | C] () -- C:\Users\Pacitus\Documents\4774676.pdf
[2011.04.19 20:09:37 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.0.1 Demo.lnk
[2011.04.18 11:02:44 | 022,127,057 | -H-- | C] () -- C:\Users\Pacitus\Documents\selectionsfromla00gardrich.pdf
[2011.04.18 10:51:57 | 014,141,013 | -H-- | C] () -- C:\Users\Pacitus\Documents\fablesdephedreav00phae.pdf
[2011.04.17 10:34:13 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.13 23:06:15 | 000,023,552 | -H-- | C] () -- C:\Users\Pacitus\Documents\Politische Entwicklungslinien nach Cäsars Tod.wps
[2011.04.11 22:41:47 | 000,009,728 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2b.wps
[2011.04.11 22:34:28 | 000,009,216 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2.wps
[2011.04.11 20:59:31 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011.04.10 12:56:56 | 001,673,544 | -H-- | C] () -- C:\Users\Pacitus\Documents\Milo.wps
[2011.04.10 12:44:10 | 015,493,087 | -H-- | C] () -- C:\Users\Pacitus\Documents\protanniomilonea00ciceuoft.pdf
[2011.04.09 23:59:32 | 000,070,996 | -H-- | C] () -- C:\Users\Pacitus\Desktop\tropen_und_figuren.pdf
[2011.04.09 23:28:13 | 001,206,582 | -H-- | C] () -- C:\Users\Pacitus\Desktop\hilfsbuch.pdf
[2010.11.15 18:25:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.15 16:44:50 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.08.19 22:28:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.19 22:28:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.18 11:42:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.04.18 11:42:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.04.18 11:42:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.04.18 11:42:41 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.04.18 11:42:41 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.04.18 11:42:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.04.18 11:42:41 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.04.18 11:42:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.04.18 11:42:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.04.18 11:42:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.04.18 11:42:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.04.18 11:42:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.04.18 11:42:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.04.18 11:42:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.04.18 11:42:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.04.18 11:42:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.04.18 11:42:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.04.18 11:42:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.04.18 11:42:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.14 10:58:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.16 22:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.12.16 22:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008.08.21 19:53:45 | 000,000,680 | -H-- | C] () -- C:\Users\Pacitus\AppData\Local\d3d9caps.dat
[2008.07.10 15:27:08 | 000,001,639 | ---- | C] () -- C:\Windows\wininit.ini
[2008.07.10 15:23:01 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.01.22 15:36:37 | 000,162,304 | -H-- | C] () -- C:\Users\Pacitus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.17 20:34:42 | 000,005,972 | -H-- | C] () -- C:\Users\Pacitus\AppData\Roaming\wklnhst.dat
[2007.07.04 19:12:44 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.05.31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.05.31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.05.31 12:01:22 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,321,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll
 
========== LOP Check ==========
 
[2011.04.19 16:10:38 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\BitTorrent
[2011.05.09 19:13:54 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\DNA
[2010.11.15 16:47:07 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Leadertech
[2010.12.30 00:54:55 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Local
[2007.12.17 20:34:43 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Template
[2011.04.19 16:31:10 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\UseNeXT
[2011.05.07 12:00:00 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2011.05.08 01:25:14 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.09 18:02:57 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Pacitus-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.06 21:12:38 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Adobe
[2011.04.19 16:10:38 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\BitTorrent
[2007.12.19 13:06:05 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\CyberLink
[2010.12.30 00:55:52 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\DivX
[2011.05.09 19:13:54 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\DNA
[2011.04.19 16:10:38 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\dvdcss
[2007.12.17 23:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Google
[2007.12.17 20:01:20 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Hewlett-Packard
[2007.12.19 13:06:00 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\HP
[2010.06.26 14:52:24 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\HpUpdate
[2007.12.17 20:08:05 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Identities
[2009.04.18 11:42:34 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\InstallShield
[2010.11.15 16:47:07 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Leadertech
[2010.12.30 00:54:55 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Local
[2007.12.17 20:01:54 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Macromedia
[2011.04.23 01:38:51 | 000,000,000 | ---D | M] -- C:\Users\Pacitus\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Media Center Programs
[2011.04.11 21:01:55 | 000,000,000 | --SD | M] -- C:\Users\Pacitus\AppData\Roaming\Microsoft
[2011.01.11 12:55:42 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Mozilla
[2010.03.25 20:04:13 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Real
[2009.12.23 03:09:00 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Roxio
[2011.05.09 19:05:47 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Skype
[2011.05.09 18:05:54 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\skypePM
[2007.12.17 20:34:43 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Template
[2011.04.19 16:31:10 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\UseNeXT
[2011.04.19 16:10:44 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\vlc
[2009.04.18 12:00:06 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.09 19:05:07 | 003,236,328 | ---- | M] (Search-Results) -- C:\Users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2010.05.28 18:03:39 | 000,443,912 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\Pacitus\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011.01.30 16:51:59 | 000,510,120 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\Pacitus\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2010.12.02 15:29:50 | 000,092,328 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\Pacitus\AppData\Roaming\Real\Update\setup3.13\ui_data\vista.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.07.04 19:24:20 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.07.04 19:24:20 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.07.04 19:24:20 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.12.19 13:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.12.19 13:41:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.12.19 13:41:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.22 02:58:56 | 000,304,920 | -H-- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\HDD\iastor.sys
[2007.03.22 02:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.22 02:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.22 02:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.04 18:20:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.07.04 18:20:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.17 10:34:14 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 10:34:14 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011.04.17 10:34:05 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
 
<   >

< End of report >

--- --- ---

cosinus · 09.05.2011, 19:24

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Pacitus · 09.05.2011, 21:20

Hallo Arne,
ich hoffe, das ist alles,was du brauchst

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pacitus
->Temp folder emptied: 165187228 bytes
->Temporary Internet Files folder emptied: 1881263 bytes
->Java cache emptied: 367375 bytes
->FireFox cache emptied: 48814399 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 16948 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1185684 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8865035 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 216,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_220244

Files\Folders moved on Reboot...
File move failed. C:\Users\Pacitus\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 10.05.2011, 10:04

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Pacitus · 10.05.2011, 18:45

Hi Arne,
kann die Dateien öffnen, schonmal

und

Nur der Desktop ist noch schwarz.
Hier die log files

2011/05/10 19:36:28.0708 5816 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 19:36:29.0176 5816 ================================================================================
2011/05/10 19:36:29.0176 5816 SystemInfo:
2011/05/10 19:36:29.0176 5816
2011/05/10 19:36:29.0176 5816 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/10 19:36:29.0176 5816 Product type: Workstation
2011/05/10 19:36:29.0176 5816 ComputerName: PACITUS-PC
2011/05/10 19:36:29.0176 5816 UserName: Pacitus
2011/05/10 19:36:29.0176 5816 Windows directory: C:\Windows
2011/05/10 19:36:29.0176 5816 System windows directory: C:\Windows
2011/05/10 19:36:29.0176 5816 Processor architecture: Intel x86
2011/05/10 19:36:29.0176 5816 Number of processors: 2
2011/05/10 19:36:29.0176 5816 Page size: 0x1000
2011/05/10 19:36:29.0176 5816 Boot type: Normal boot
2011/05/10 19:36:29.0176 5816 ================================================================================
2011/05/10 19:36:30.0549 5816 Initialize success
2011/05/10 19:36:33.0529 4508 ================================================================================
2011/05/10 19:36:33.0529 4508 Scan started
2011/05/10 19:36:33.0529 4508 Mode: Manual;
2011/05/10 19:36:33.0529 4508 ================================================================================
2011/05/10 19:36:34.0527 4508 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/10 19:36:34.0699 4508 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 19:36:34.0870 4508 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 19:36:35.0073 4508 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/10 19:36:35.0213 4508 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 19:36:35.0447 4508 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/10 19:36:35.0541 4508 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/10 19:36:35.0650 4508 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/10 19:36:35.0775 4508 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/10 19:36:36.0056 4508 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/10 19:36:36.0352 4508 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/10 19:36:36.0477 4508 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/10 19:36:36.0805 4508 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 19:36:37.0257 4508 ApfiltrService (44d66b0212d19825ef5cbf2918d0717c) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/10 19:36:37.0413 4508 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/10 19:36:37.0553 4508 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 19:36:37.0819 4508 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 19:36:38.0006 4508 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/10 19:36:38.0271 4508 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/10 19:36:38.0536 4508 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/10 19:36:38.0645 4508 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/10 19:36:38.0926 4508 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/10 19:36:39.0020 4508 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/10 19:36:39.0316 4508 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/10 19:36:39.0644 4508 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 19:36:39.0706 4508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/10 19:36:39.0909 4508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/10 19:36:40.0065 4508 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/10 19:36:40.0205 4508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/10 19:36:40.0315 4508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/10 19:36:40.0564 4508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/10 19:36:40.0673 4508 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 19:36:40.0970 4508 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 19:36:41.0079 4508 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 19:36:41.0391 4508 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/10 19:36:41.0765 4508 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/10 19:36:41.0999 4508 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/10 19:36:42.0202 4508 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 19:36:42.0436 4508 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/05/10 19:36:42.0608 4508 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/10 19:36:42.0811 4508 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 19:36:42.0920 4508 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/10 19:36:43.0263 4508 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 19:36:43.0450 4508 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/10 19:36:43.0575 4508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 19:36:43.0809 4508 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 19:36:43.0965 4508 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/05/10 19:36:44.0074 4508 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/10 19:36:44.0308 4508 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/05/10 19:36:44.0527 4508 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/10 19:36:44.0761 4508 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/10 19:36:45.0041 4508 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 19:36:45.0275 4508 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/10 19:36:45.0494 4508 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 19:36:45.0603 4508 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/10 19:36:45.0853 4508 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 19:36:45.0962 4508 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 19:36:46.0243 4508 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/10 19:36:46.0523 4508 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 19:36:46.0664 4508 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 19:36:46.0882 4508 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 19:36:47.0319 4508 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/05/10 19:36:47.0569 4508 HdAudAddService (743e5199a34101a3ee444df5f74d0311) C:\Windows\system32\drivers\CHDART.sys
2011/05/10 19:36:47.0990 4508 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/10 19:36:48.0395 4508 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 19:36:48.0629 4508 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/10 19:36:48.0770 4508 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/05/10 19:36:48.0926 4508 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/10 19:36:49.0113 4508 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/10 19:36:49.0378 4508 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/10 19:36:49.0799 4508 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/10 19:36:50.0127 4508 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 19:36:50.0377 4508 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/10 19:36:50.0626 4508 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/10 19:36:51.0047 4508 ialm (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/10 19:36:51.0359 4508 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/10 19:36:51.0469 4508 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/10 19:36:51.0765 4508 IDSvix86 (67070d3859bde8ef7dbc995ebd49227e) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys
2011/05/10 19:36:52.0061 4508 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/10 19:36:52.0280 4508 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 19:36:52.0436 4508 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/10 19:36:52.0592 4508 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/10 19:36:52.0810 4508 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 19:36:53.0029 4508 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/10 19:36:53.0325 4508 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/10 19:36:53.0497 4508 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/10 19:36:53.0575 4508 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 19:36:53.0762 4508 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/10 19:36:54.0027 4508 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/10 19:36:54.0089 4508 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/10 19:36:54.0370 4508 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/10 19:36:54.0651 4508 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/10 19:36:54.0947 4508 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 19:36:55.0181 4508 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 19:36:55.0415 4508 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 19:36:55.0665 4508 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 19:36:55.0946 4508 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 19:36:56.0195 4508 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/10 19:36:56.0289 4508 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/10 19:36:56.0570 4508 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\Windows\system32\DRIVERS\lvrs.sys
2011/05/10 19:36:56.0835 4508 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
2011/05/10 19:36:57.0974 4508 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/05/10 19:36:58.0613 4508 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/10 19:36:58.0832 4508 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/10 19:36:59.0066 4508 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/10 19:36:59.0409 4508 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 19:36:59.0534 4508 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 19:36:59.0752 4508 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/05/10 19:37:00.0111 4508 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 19:37:00.0283 4508 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/10 19:37:00.0439 4508 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 19:37:00.0688 4508 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/10 19:37:01.0078 4508 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 19:37:01.0219 4508 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 19:37:01.0328 4508 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 19:37:01.0499 4508 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 19:37:01.0593 4508 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/10 19:37:01.0905 4508 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 19:37:02.0108 4508 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 19:37:02.0248 4508 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 19:37:02.0389 4508 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 19:37:02.0498 4508 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 19:37:02.0591 4508 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 19:37:02.0669 4508 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 19:37:02.0794 4508 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/10 19:37:02.0966 4508 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 19:37:03.0028 4508 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/10 19:37:03.0184 4508 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 19:37:03.0403 4508 NAVENG (7d4472a6d350f083acf7316216e14acd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070430.018\NAVENG.SYS
2011/05/10 19:37:03.0512 4508 NAVEX15 (72278e81ec294ba2dbfee646c0b17a8a) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070430.018\NAVEX15.SYS
2011/05/10 19:37:03.0730 4508 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/10 19:37:03.0824 4508 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 19:37:03.0980 4508 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 19:37:04.0073 4508 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 19:37:04.0214 4508 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 19:37:04.0370 4508 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 19:37:04.0463 4508 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 19:37:04.0729 4508 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/10 19:37:05.0009 4508 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/10 19:37:05.0353 4508 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 19:37:05.0696 4508 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 19:37:05.0914 4508 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 19:37:06.0257 4508 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 19:37:06.0569 4508 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/10 19:37:06.0788 4508 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/10 19:37:07.0209 4508 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 19:37:07.0474 4508 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 19:37:07.0958 4508 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 19:37:08.0831 4508 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/10 19:37:09.0065 4508 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/10 19:37:09.0346 4508 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 19:37:09.0596 4508 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/10 19:37:09.0814 4508 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/10 19:37:09.0939 4508 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/10 19:37:10.0204 4508 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/10 19:37:10.0657 4508 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/10 19:37:11.0203 4508 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 19:37:11.0296 4508 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/10 19:37:11.0483 4508 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 19:37:11.0577 4508 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/10 19:37:11.0717 4508 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 19:37:11.0827 4508 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 19:37:11.0967 4508 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 19:37:12.0045 4508 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 19:37:12.0154 4508 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 19:37:12.0310 4508 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 19:37:12.0435 4508 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 19:37:12.0544 4508 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 19:37:12.0653 4508 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 19:37:12.0778 4508 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/10 19:37:12.0872 4508 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 19:37:12.0997 4508 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 19:37:13.0199 4508 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 19:37:13.0324 4508 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/10 19:37:13.0433 4508 RTSTOR (59b8716084597c9d6d7165835c8479c1) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/10 19:37:13.0589 4508 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 19:37:13.0761 4508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 19:37:13.0855 4508 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/10 19:37:14.0151 4508 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/10 19:37:14.0494 4508 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 19:37:14.0791 4508 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 19:37:15.0181 4508 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 19:37:15.0383 4508 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 19:37:15.0664 4508 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 19:37:15.0851 4508 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/10 19:37:15.0992 4508 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/10 19:37:16.0335 4508 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 19:37:16.0709 4508 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 19:37:17.0068 4508 SPBBCDrv (0fde4b4895d4691c4482ca67fa532be0) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/10 19:37:17.0396 4508 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/10 19:37:17.0770 4508 SRTSP (ed5e9f3bf11d0bb770f652b22ec26465) C:\Windows\system32\Drivers\SRTSP.SYS
2011/05/10 19:37:18.0160 4508 SRTSPL (c70a2581e35e03c85f29aa1bc723659a) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/05/10 19:37:18.0425 4508 SRTSPX (05f2db228922e6b8a001ed83ee4d1153) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/05/10 19:37:18.0706 4508 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 19:37:19.0018 4508 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 19:37:19.0299 4508 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 19:37:19.0455 4508 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/10 19:37:19.0689 4508 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/10 19:37:19.0970 4508 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/10 19:37:20.0360 4508 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/10 19:37:20.0656 4508 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/05/10 19:37:20.0999 4508 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/05/10 19:37:21.0280 4508 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/10 19:37:21.0452 4508 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/10 19:37:21.0998 4508 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 19:37:22.0388 4508 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 19:37:22.0575 4508 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 19:37:22.0793 4508 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 19:37:23.0230 4508 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 19:37:23.0495 4508 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 19:37:23.0620 4508 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/10 19:37:24.0010 4508 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 19:37:24.0431 4508 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/10 19:37:24.0681 4508 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 19:37:24.0915 4508 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 19:37:25.0367 4508 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 19:37:25.0617 4508 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 19:37:25.0835 4508 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/10 19:37:26.0132 4508 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/10 19:37:26.0475 4508 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/10 19:37:26.0709 4508 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 19:37:27.0099 4508 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/10 19:37:27.0536 4508 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 19:37:27.0723 4508 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 19:37:27.0879 4508 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/10 19:37:28.0129 4508 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/10 19:37:28.0238 4508 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 19:37:28.0503 4508 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/10 19:37:28.0643 4508 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/10 19:37:28.0924 4508 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 19:37:29.0236 4508 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/10 19:37:29.0501 4508 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/10 19:37:29.0704 4508 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/10 19:37:29.0876 4508 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 19:37:30.0188 4508 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/10 19:37:30.0391 4508 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/10 19:37:30.0469 4508 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/10 19:37:30.0593 4508 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/10 19:37:30.0718 4508 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 19:37:30.0968 4508 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 19:37:31.0155 4508 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 19:37:31.0217 4508 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 19:37:31.0529 4508 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 19:37:31.0670 4508 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 19:37:31.0732 4508 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 19:37:31.0873 4508 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/10 19:37:32.0216 4508 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 19:37:32.0590 4508 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/10 19:37:32.0887 4508 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/10 19:37:33.0277 4508 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 19:37:33.0682 4508 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 19:37:33.0994 4508 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/10 19:37:34.0197 4508 ================================================================================
2011/05/10 19:37:34.0197 4508 Scan finished
2011/05/10 19:37:34.0197 4508 ================================================================================

cosinus · 10.05.2011, 18:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Pacitus · 10.05.2011, 19:02

Kleines Problem, die Dateien auf c sind wieder verschwunden...
unhide ausführen?

cosinus · 10.05.2011, 19:12

Nein erst CF.

Pacitus · 10.05.2011, 21:11

Hier die files

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-09.03 - Pacitus 10.05.2011  20:58:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1085 [GMT 2:00]
ausgeführt von:: c:\users\Pacitus\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pacitus\AppData\Roaming\Local
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\7bf3f5b5ec544dfcae0d03cc95e10bc2.avi.ddr
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\fockers_intro.avi.ddr
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\intro_mfukui.avi(2).ddr
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\intro_mfukui.avi.ddr
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\7bf3f5b5ec544dfcae0d03cc95e10bc2.avi.ddp
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\fockers_intro.avi.ddp
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_mfukui.avi(2).ddp
c:\users\Pacitus\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_mfukui.avi.ddp
c:\users\Public\AdvancedPCTweaker.exe
c:\users\Public\ccsetup306.exe
c:\users\Public\mbam-setup.exe
c:\users\Public\OTL.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 19:48 . 2011-05-10 19:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-10 18:37 . 2011-05-10 18:37	--------	d-----w-	c:\program files\CCleaner
2011-05-06 07:13 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{14ED2599-B90B-4F9B-B69C-B94982A9ED7B}\mpengine.dll
2011-04-27 08:58 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 08:58 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 08:58 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-22 23:38 . 2011-04-22 23:38	--------	d-----w-	c:\users\Pacitus\AppData\Roaming\Malwarebytes
2011-04-22 23:38 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 23:38 . 2011-04-22 23:38	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-22 23:38 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-22 23:38 . 2011-04-22 23:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-22 22:47 . 2011-04-22 23:15	--------	d-----w-	C:\_OTL
2011-04-22 22:16 . 2011-04-22 22:16	--------	d-----w-	c:\program files\Advanced PC Tweaker
2011-04-19 22:15 . 2011-04-19 22:16	--------	d--h--w-	c:\programdata\MFAData
2011-04-19 18:11 . 2011-04-22 23:06	--------	d-----w-	c:\program files\Ask.com
2011-04-19 18:09 . 2011-04-19 18:09	--------	d-----w-	c:\program files\EASEUS
2011-04-15 10:16 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-15 10:15 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 10:15 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 10:15 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-11 18:55 . 2011-04-11 18:58	--------	d-----w-	c:\program files\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-27 08:58	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 08:58	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 08:58	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 08:58	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 06:40	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 06:40	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 06:40	797696	----a-w-	c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-03-20 1492456]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02	86696	----a-w-	c:\program files\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-03-20 21:51	1492456	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-03-20 1492456]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-03-20 1492456]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BitTorrent DNA"="c:\users\Pacitus\Program Files\DNA\btdna.exe" [2009-10-07 323392]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 431752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-03 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2010-12-03 223400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CLTDesktopTool.exe.lnk - c:\program files\Cleverlearn\CleverTrainer\CleverTrainer Desktop Tool\CLTDesktopTool.exe [2004-12-9 1204224]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca2b10801d9958;Google Update Service (gupdate1ca2b10801d9958);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 133104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 133104]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-10 554616]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23	452136	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-15 14:27]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 14:28]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 14:28]
.
2011-05-07 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-04-22 09:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.search-results.com?o=41648036&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.search-results.com?o=41648036&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=3E583D17-BE1E-4466-B700-361FBE572F8A&apn_ptnrs=96&apn_sauid=91C5242D-C615-40F1-B4B0-539F5FF03DD9&apn_dtid=YYYYYYYYDE&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Webblog: {C3947F4E-8894-4C04-98E0-DF182C706DDF} - %profile%\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}
FF - Ext: @@toolbarname@@: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-tulox - c:\program files\tulox\Unwise32
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-10 21:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\TEMP\TMP0000001180896C40F2975424 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7356)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-10  22:07:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-10 20:07
.
Vor Suchlauf: 6 Verzeichnis(se), 53.501.296.640 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 52.495.020.032 Bytes frei
.
- - End Of File - - C454236E44130EC39DEA16EFF4F707CD

--- --- ---

cosinus · 10.05.2011, 21:20

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

09.05.2011, 11:02	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	kazy.mekl Trojaner Wer hat dich angewiesen einen OTL-Fix zu machen? Irgendwie hab ich den EIndruck du hast es nicht so mit dem Lesen und Verstehen... __________________ Logfiles bitte immer in CODE-Tags posten

10.05.2011, 19:12	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	kazy.mekl Trojaner Nein erst CF. __________________ Logfiles bitte immer in CODE-Tags posten

kazy.mekl Trojaner

Log-Analyse und Auswertung: kazy.mekl Trojaner