Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


Plagegeister aller Art und deren Bekämpfung: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.05.2011, 09:32   #4
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


otl
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.05.2011 08:59:35 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\cid\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,13% Memory free
7,98 Gb Paging File | 6,52 Gb Available in Paging File | 81,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44,93 Gb Total Space | 4,37 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive D: | 205,98 Gb Total Space | 15,63 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,04% Space Free | Partition Type: FAT32
Drive P: | 19,53 Gb Total Space | 6,26 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive W: | 195,32 Gb Total Space | 53,48 Gb Free Space | 27,38% Space Free | Partition Type: NTFS
 
Computer Name: LIANLI | User Name: cgid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 08:54:19 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\cid\AppData\Local\Temp\SolidWorksLicTemp.0001
PRC - [2011.05.23 02:14:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cid\Desktop\OTL.exe
PRC - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.05.13 11:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG10\avgtray.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG10\avgwdsvc.exe
PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- P:\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.04.06 15:50:23 | 000,079,360 | ---- | M] (SolidWorks) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
PRC - [2010.03.29 21:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- P:\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.02.09 11:26:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.12.17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008.09.15 21:34:16 | 007,218,472 | R--- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
PRC - [2008.09.09 07:01:34 | 000,841,000 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2008.04.04 19:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 02:14:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cid\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.08 15:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- P:\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.04.06 15:50:23 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.09.09 07:01:32 | 000,079,144 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- P:\SolidWorks2009\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008.04.04 19:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.01.21 07:36:02 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.12.03 11:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.24 14:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009.09.21 15:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.02.04 16:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com/
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 D8 A9 AE DE A1 CA 01  [binary data]
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 02 CF 48 64 D7 CB 01  [binary data]
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {b3f91530-1905-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/route/?d=4cdeda67&v=6.103.018.001&i=27&tp=ab&iy=&ychte=de&lng=de&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: P:\AVG10\Toolbar\Firefox\avg@igeared [2011.05.17 10:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: P:\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.11.18 13:24:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: P:\AVG10\Firefox4\ [2011.05.11 10:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 23:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 23:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: P:\Mozilla Firefox\components [2011.02.26 13:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: P:\Mozilla Firefox\plugins [2010.12.10 13:39:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: P:\Mozilla Thunderbird\components [2011.04.29 12:26:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: P:\Mozilla Thunderbird\plugins [2010.12.10 13:39:28 | 000,000,000 | ---D | M]
 
[2010.01.30 22:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Extensions
[2010.01.30 22:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions
[2010.03.28 16:43:45 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.08.23 16:11:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.30 22:46:40 | 000,000,000 | ---D | M] ("Vfox3-Basic") -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{b3f91530-1905-11de-8c30-0800200c9a66}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.04 23:48:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.05.04 23:48:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.02.09 11:26:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010.11.18 13:24:54 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- P:\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011.05.11 10:20:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- P:\AVG10\FIREFOX4
[2011.05.17 10:30:17 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="hxxp://www.avg.com" >) -- P:\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011.05.02 13:00:41 | 000,000,000 | ---D | M] (Skype extension) -- P:\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.21 11:30:12 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 16:10:46 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 12:18:14 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.11.26 16:29:24 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - P:\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - P:\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] P:\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] P:\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] P:\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] P:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [Eraser] P:\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003..\Run: [Adobe Acrobat Synchronizer] P:\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003..\Run: [kJoCBjsHlcALP]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\cgid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk = P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = P:\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk = P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Enviar a OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - P:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Enviar a OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - P:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - P:\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 03:14:36 | 000,000,000 | ---D | C] -- C:\Users\cgid\AppData\Roaming\Malwarebytes
[2011.05.23 03:14:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.23 03:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 03:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.23 03:14:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.23 03:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011.05.18 10:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011.05.18 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\cgid\AppData\Local\ABBYY
[2011.05.18 10:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2011.05.18 10:25:23 | 000,204,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\esintad.dll
[2011.05.18 10:25:23 | 000,181,248 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxuinad.dll
[2011.05.18 10:25:23 | 000,167,936 | ---- | C] (Seiko Epson Corporation.) -- C:\Windows\SysNative\esxw2_ad.dll
[2011.05.18 10:25:23 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011.05.18 10:25:23 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2011.05.18 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011.05.18 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011.05.17 19:19:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.11 11:07:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.11 11:07:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.11 10:18:40 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 10:18:39 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 10:18:38 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 10:18:37 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 10:18:37 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.05 00:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011.05.02 13:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.05.02 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.02 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.04.27 17:57:09 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 17:57:08 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.27 17:57:08 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 17:57:08 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.27 17:56:59 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.27 17:56:59 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.27 17:56:59 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.27 17:56:59 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.27 17:56:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.27 17:56:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.27 17:56:59 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.27 17:56:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.27 17:56:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.23 09:00:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 09:00:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 08:53:18 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.23 08:53:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 08:53:05 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.22 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.05.22 12:34:30 | 000,000,336 | ---- | M] () -- C:\ProgramData\38526712
[2011.05.21 13:02:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.21 13:02:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.18 10:52:56 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Perfection V33_V330 Handbuch.lnk
[2011.05.18 10:52:48 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.05.17 19:19:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.16 21:32:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 21:32:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 21:32:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 21:32:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 21:32:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.23 04:25:02 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.22 15:15:12 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.05.22 12:34:30 | 000,000,336 | ---- | C] () -- C:\ProgramData\38526712
[2011.05.18 10:25:31 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Perfection V33_V330 Handbuch.lnk
[2011.05.18 10:25:23 | 000,065,793 | ---- | C] () -- C:\Windows\SysNative\esfwad.bin
[2011.05.18 10:25:23 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.04.27 09:06:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.27 09:06:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010.04.06 15:50:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.03.08 12:21:12 | 000,007,602 | ---- | C] () -- C:\Users\cgid\AppData\Local\Resmon.ResmonCfg
[2010.02.20 14:03:46 | 000,000,760 | ---- | C] () -- C:\Users\cgid\AppData\Roaming\setup_ldm.iss
[2010.02.10 10:11:15 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.02.09 11:35:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.02.09 11:24:22 | 000,019,494 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.01 20:05:20 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.01 12:02:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.01 12:02:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.01.31 00:24:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.01.30 23:57:15 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.01.30 23:41:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BongoSDK.10.v40.dll
[2010.01.30 20:45:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== LOP Check ==========
 
[2010.11.26 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG10
[2010.11.26 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IM
[2010.02.10 01:36:38 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Astroburn Lite
[2010.02.02 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Autodesk
[2010.11.13 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\AVG10
[2010.11.12 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\DAEMON Tools Lite
[2010.04.06 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\EDrawings
[2010.11.15 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\EssentialPIM
[2010.02.04 15:59:07 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\FileZilla
[2011.05.13 09:25:39 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\IM
[2010.09.14 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\IrfanView
[2010.02.10 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\JAM Software
[2010.02.20 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Leadertech
[2010.11.18 11:12:39 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\PACE Anti-Piracy
[2010.01.30 22:43:44 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Thunderbird
[2010.08.23 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Tobit
[2010.05.17 10:52:07 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Autodesk
[2010.11.13 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\AVG10
[2011.05.05 00:31:56 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\bppenu11
[2010.02.04 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\DAEMON Tools Lite
[2010.11.19 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\DassaultSystemes
[2010.04.06 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\EDrawings
[2011.05.18 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Epson
[2010.02.05 12:39:57 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\FileZilla
[2011.05.23 08:54:19 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\IM
[2010.09.14 16:01:55 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\IrfanView
[2010.09.15 11:05:22 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\JAM Software
[2011.02.18 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\McNeel
[2010.02.01 10:10:42 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\OpenOffice.org
[2011.01.27 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.01.30 21:44:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Thunderbird
[2010.02.10 11:25:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Tobit
[2011.05.23 08:53:18 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.05.22 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011.04.23 10:04:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/code]

 

Themen zu Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen
agent, avg, beenden, bitdefender, blackhole, browser, dateien, defender, desktop, diverse, fake, fehler, free, hijack, hintergrund, homepage, icons, online, prozess, ram, rechner, recovery, surfen, trojan agent, ungewollte, updates, windows


« Yahoo Account versendet ungefragt Mails an alle Kontakte | Nach wie vor Probleme mit Windows Recovery »


Ähnliche Themen: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


  1. Angeblicher Adobe-Reader-Exploit vermutlich ein Fake
    Nachrichten - 23.08.2013 (0)
  2. Exploit Shield zu Malwarebytes Anti-Exploit
    Antiviren-, Firewall- und andere Schutzprogramme - 09.07.2013 (4)
  3. Sophos Sicherheitsbericht 2013 - Blackhole wird Malware-Marktführer
    Nachrichten - 05.12.2012 (0)
  4. Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky?
    Log-Analyse und Auswertung - 29.10.2012 (9)
  5. Exploit-CVE2012-1723.f und Exploit-PDF!Blacole.o gefunden
    Log-Analyse und Auswertung - 02.10.2012 (11)
  6. EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  7. Blackhole Exploit Kit - Virusinfektion ja oder nein
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  8. SMART Repair Virus (Fake HDD Fehlermeldungen, Taskmanager deaktiviert, Dateien versteckt)
    Log-Analyse und Auswertung - 05.04.2012 (22)
  9. Fehlermeldungen, dann Sytem-Check Fake angeblich von Windows, alle Daten weg!
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (3)
  10. AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (11)
  11. Homepage Blackhole Exploit Kit Type 1889
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (0)
  12. Fehlermeldung Blackhole.Exploit Kit
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (7)
  13. SSD vs SATA
    Netzwerk und Hardware - 15.05.2011 (10)
  14. Trojaner TR/Fake.CX.172544, TR/Fake.bpp.174592, TR/buzus.ealr
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (10)
  15. SATA | oder SATA ||
    Netzwerk und Hardware - 04.12.2007 (1)
  16. infekt mit: exploit.wmf + exploit.java.ByteVerify + sploit[1].anr
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (15)
  17. exploit-byteVerify,JS/Exploit-DialogArg.b,Exploit-mhtRedir.gen. logfile auswerten
    Log-Analyse und Auswertung - 29.10.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - otl OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 23.05.2011 08:59:35 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\cid\Desktop 64bit- An unknown product - Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen...
Archiv
Du betrachtest: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19