Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


Plagegeister aller Art und deren Bekämpfung: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.05.2011, 09:26   #1
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


Guten morgen allerseits.

win7 64bit, sp1, updates frisch, kein silverlight
mozilla 4, avg free, adaware free, aktuell
eingeschränktes benutzerkonto

Ich hatte gestern mittag beim surfen einen Kontakt, den avg als Blackhole Exploit Kit indentizfiezierte. es wurde dabei nach der authorisierung durch den admin für eine flashplayer.exe gefragt, die sofort wieder kam wenn man sie schloss. ich habe daraufhin über den tm den browser geschlossen, worauf sich schon das optisch wirklich gut gefakte windows 7 recovery tool öffnete und mir diverse fehler mit IDE/SATA-Platten und heißem überlastetem Ram ausgab.
Ich wär fast drauf reingefallen... hab aber zur Vorsicht AdAware angeschmissen, die mir auch 11 Fehler ausliest, so dass ich wusste woher der wind weht. Mitten im Scanprozess startete der Rechner neu. Ich hab ihn dann vom Netz genommen. Im tm konnte ich nach dem zweiten ungewollten reboot durch beenden des prozesses des win7recovery programms und mehrerer attrib.exen die neustarts eliminieren. Jetzt hatte ich allerdings auch schon den schwarzen Desktop ohne meine Dateien und Verknüpfungen, sowie fehlende Einträge im Startmenü.

Ich hab mich heute nacht vom lappi aus durch ähnliche Threats gekämpft
http://www.trojaner-board.de/99361-f...va-ubtate.html
http://www.trojaner-board.de/99343-d...erkannt-2.html

zusätzlich infos zu Exploit Kit (etwas älter):
https://www.info-point-security.com/security-themen/malware-viren-spam-phishing/item/6120-symantec-security-labs-analyse-des-blackhole-exploit-toolkits.html
hxxp://www.com-magazin.de/fileadmin/download/leseprobe/leseprobe-01-2011.pdf

meine bisherige Vorgehensweise:
CCleaner - alle Browserdaten gelöscht
CarberpRemovalTool von bitdefender ohne Erfolg
kapersky tdsskiller - 1 fund - neustart
mbam quickscan nach update (dafür kurz online mit infiziertem rechner) - 4 funde (TrojanFakeMS.Gen, Trojan Agent, Rogue WindowsRecoveryConsole, Hijack Homepage) - gelöscht - neustart - desktop hintergrund wiederhergestellt, ide/sata meldungen weg, icons im schnellstartbereich alle weiß
unhide - desktop dateien und verknüpfungen wieder da (papierkorb fehlt)
mbam vollständiger scan - 9 funde - tw.gelöscht da davon nur einer mit dieser problematik verbunden (TrojanFakeMS.Gen), der rest keygens etc.
OTL

Ich werde jetzt die logs von mbam und OTL posten.
Könnte bitte jemand rübergucken und mir sagen ob ich schnell genug war und wieder "clean" bin? Wo war/ist die Schwachstelle? Danke.

Alt 23.05.2011, 09:30   #2
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


mbam quickscan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6645

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.05.2011 03:20:49
mbam-log-2011-05-23 (03-20-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187154
Laufzeit: 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\kjocbjshlcalp.exe (Trojan.FakeMS.Gen) -> 3300 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (hxxp://www.wz123.com/?lxy) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\kjocbjshlcalp.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programdata\38526712.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\Users\cid\AppData\Local\Temp\0.6858125333789065.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\cid\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________
Alt 23.05.2011, 09:31   #3
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


mbam vollständiger scan (editiert)
Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6645

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.05.2011 04:15:34
mbam-log-2011-05-23 (04-15-34).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|P:\|W:\|)
Objects scanned: 477912
Time elapsed: 35 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\cid\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29\5cce129d-432d51db (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
d:\software\xxxxx\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\software\xxxxx\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\software\xxxxx\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
d:\software\xxxxx(PUP.Hacktool.Patcher) -> Not selected for removal.
d:\software\xxxxx(PUP.Hacktool.Patcher) -> Not selected for removal.
d:\software\xxxxx(PUP.Hacktool.Patcher) -> Not selected for removal.
d:\software\xxxxx(PUP.Hacktool.Patcher) -> Not selected for removal.
d:\software\xxxxx_crk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________
Alt 23.05.2011, 09:32   #4
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


otl
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.05.2011 08:59:35 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\cid\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,13% Memory free
7,98 Gb Paging File | 6,52 Gb Available in Paging File | 81,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44,93 Gb Total Space | 4,37 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive D: | 205,98 Gb Total Space | 15,63 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,04% Space Free | Partition Type: FAT32
Drive P: | 19,53 Gb Total Space | 6,26 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive W: | 195,32 Gb Total Space | 53,48 Gb Free Space | 27,38% Space Free | Partition Type: NTFS
 
Computer Name: LIANLI | User Name: cgid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 08:54:19 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\cid\AppData\Local\Temp\SolidWorksLicTemp.0001
PRC - [2011.05.23 02:14:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cid\Desktop\OTL.exe
PRC - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.05.13 11:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG10\avgtray.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG10\avgwdsvc.exe
PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- P:\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.04.06 15:50:23 | 000,079,360 | ---- | M] (SolidWorks) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
PRC - [2010.03.29 21:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- P:\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.02.09 11:26:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.12.17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008.09.15 21:34:16 | 007,218,472 | R--- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
PRC - [2008.09.09 07:01:34 | 000,841,000 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2008.04.04 19:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 02:14:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cid\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.08 15:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- P:\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.04.06 15:50:23 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.09.09 07:01:32 | 000,079,144 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- P:\SolidWorks2009\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008.04.04 19:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.01.21 07:36:02 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.12.03 11:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.24 14:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009.09.21 15:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.02.16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.02.04 16:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com/
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 D8 A9 AE DE A1 CA 01  [binary data]
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 02 CF 48 64 D7 CB 01  [binary data]
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {b3f91530-1905-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/route/?d=4cdeda67&v=6.103.018.001&i=27&tp=ab&iy=&ychte=de&lng=de&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: P:\AVG10\Toolbar\Firefox\avg@igeared [2011.05.17 10:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: P:\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.11.18 13:24:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: P:\AVG10\Firefox4\ [2011.05.11 10:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 23:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 23:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: P:\Mozilla Firefox\components [2011.02.26 13:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: P:\Mozilla Firefox\plugins [2010.12.10 13:39:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: P:\Mozilla Thunderbird\components [2011.04.29 12:26:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: P:\Mozilla Thunderbird\plugins [2010.12.10 13:39:28 | 000,000,000 | ---D | M]
 
[2010.01.30 22:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Extensions
[2010.01.30 22:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions
[2010.03.28 16:43:45 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.08.23 16:11:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.30 22:46:40 | 000,000,000 | ---D | M] ("Vfox3-Basic") -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{b3f91530-1905-11de-8c30-0800200c9a66}
[2011.05.13 09:41:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\cgid\AppData\Roaming\mozilla\Firefox\Profiles\o8vqe8w8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.04 23:48:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.05.04 23:48:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.02.09 11:26:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010.11.18 13:24:54 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- P:\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011.05.11 10:20:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- P:\AVG10\FIREFOX4
[2011.05.17 10:30:17 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="hxxp://www.avg.com" >) -- P:\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011.05.02 13:00:41 | 000,000,000 | ---D | M] (Skype extension) -- P:\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.21 11:30:12 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 16:10:46 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 12:18:14 | 000,000,000 | ---D | M] (Java Console) -- P:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.11.26 16:29:24 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - P:\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - P:\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - P:\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - P:\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] P:\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] P:\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] P:\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] P:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [Eraser] P:\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003..\Run: [Adobe Acrobat Synchronizer] P:\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1979673327-2303432056-1945064426-1003..\Run: [kJoCBjsHlcALP]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\cgid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk = P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = P:\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O4 - Startup: C:\Users\cid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Engine.lnk = P:\SolidWorks2009\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Enviar a OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - P:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Enviar a OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - P:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - P:\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 03:14:36 | 000,000,000 | ---D | C] -- C:\Users\cgid\AppData\Roaming\Malwarebytes
[2011.05.23 03:14:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.23 03:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 03:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.23 03:14:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.23 03:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011.05.18 10:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011.05.18 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\cgid\AppData\Local\ABBYY
[2011.05.18 10:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2011.05.18 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2011.05.18 10:25:23 | 000,204,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\esintad.dll
[2011.05.18 10:25:23 | 000,181,248 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxuinad.dll
[2011.05.18 10:25:23 | 000,167,936 | ---- | C] (Seiko Epson Corporation.) -- C:\Windows\SysNative\esxw2_ad.dll
[2011.05.18 10:25:23 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011.05.18 10:25:23 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2011.05.18 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011.05.18 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011.05.17 19:19:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.11 11:07:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.11 11:07:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.11 10:18:40 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 10:18:39 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 10:18:38 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 10:18:37 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 10:18:37 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.05 00:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011.05.02 13:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.05.02 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.02 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.04.27 17:57:09 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 17:57:08 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.27 17:57:08 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 17:57:08 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.27 17:56:59 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.27 17:56:59 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.27 17:56:59 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.27 17:56:59 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.27 17:56:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.27 17:56:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.27 17:56:59 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.27 17:56:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.27 17:56:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.23 09:00:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 09:00:20 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 08:53:18 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.23 08:53:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 08:53:05 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.22 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.05.22 12:34:30 | 000,000,336 | ---- | M] () -- C:\ProgramData\38526712
[2011.05.21 13:02:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.21 13:02:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.18 10:52:56 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Perfection V33_V330 Handbuch.lnk
[2011.05.18 10:52:48 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.05.17 19:19:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.16 21:32:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 21:32:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 21:32:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 21:32:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 21:32:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.23 04:25:02 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.05.22 15:15:12 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.05.22 12:34:30 | 000,000,336 | ---- | C] () -- C:\ProgramData\38526712
[2011.05.18 10:25:31 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Perfection V33_V330 Handbuch.lnk
[2011.05.18 10:25:23 | 000,065,793 | ---- | C] () -- C:\Windows\SysNative\esfwad.bin
[2011.05.18 10:25:23 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.04.27 09:06:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.27 09:06:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010.04.06 15:50:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.03.08 12:21:12 | 000,007,602 | ---- | C] () -- C:\Users\cgid\AppData\Local\Resmon.ResmonCfg
[2010.02.20 14:03:46 | 000,000,760 | ---- | C] () -- C:\Users\cgid\AppData\Roaming\setup_ldm.iss
[2010.02.10 10:11:15 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.02.09 11:35:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.02.09 11:24:22 | 000,019,494 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.01 20:05:20 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.01 12:02:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.01 12:02:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.01.31 00:24:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.01.30 23:57:15 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.01.30 23:41:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BongoSDK.10.v40.dll
[2010.01.30 20:45:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
 
========== LOP Check ==========
 
[2010.11.26 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG10
[2010.11.26 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IM
[2010.02.10 01:36:38 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Astroburn Lite
[2010.02.02 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Autodesk
[2010.11.13 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\AVG10
[2010.11.12 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\DAEMON Tools Lite
[2010.04.06 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\EDrawings
[2010.11.15 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\EssentialPIM
[2010.02.04 15:59:07 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\FileZilla
[2011.05.13 09:25:39 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\IM
[2010.09.14 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\IrfanView
[2010.02.10 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\JAM Software
[2010.02.20 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Leadertech
[2010.11.18 11:12:39 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\PACE Anti-Piracy
[2010.01.30 22:43:44 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Thunderbird
[2010.08.23 16:24:12 | 000,000,000 | ---D | M] -- C:\Users\cgid\AppData\Roaming\Tobit
[2010.05.17 10:52:07 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Autodesk
[2010.11.13 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\AVG10
[2011.05.05 00:31:56 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\bppenu11
[2010.02.04 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\DAEMON Tools Lite
[2010.11.19 13:54:51 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\DassaultSystemes
[2010.04.06 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\EDrawings
[2011.05.18 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Epson
[2010.02.05 12:39:57 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\FileZilla
[2011.05.23 08:54:19 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\IM
[2010.09.14 16:01:55 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\IrfanView
[2010.09.15 11:05:22 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\JAM Software
[2011.02.18 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\McNeel
[2010.02.01 10:10:42 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\OpenOffice.org
[2011.01.27 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.01.30 21:44:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Thunderbird
[2010.02.10 11:25:36 | 000,000,000 | ---D | M] -- C:\Users\cid\AppData\Roaming\Tobit
[2011.05.23 08:53:18 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.05.22 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011.04.23 10:04:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/code]

Alt 23.05.2011, 09:34   #5
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


otl extras
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2011 08:59:35 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\cid\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,13% Memory free
7,98 Gb Paging File | 6,52 Gb Available in Paging File | 81,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44,93 Gb Total Space | 4,37 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
Drive D: | 205,98 Gb Total Space | 15,63 Gb Free Space | 7,59% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,86 Gb Free Space | 99,04% Space Free | Partition Type: FAT32
Drive P: | 19,53 Gb Total Space | 6,26 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive W: | 195,32 Gb Total Space | 53,48 Gb Free Space | 27,38% Space Free | Partition Type: NTFS
 
Computer Name: LIANLI | User Name: cgid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "P:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- W:\AdobeCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- W:\AdobeCS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{24BF088E-8F3F-442E-A569-D5A5007E35A2}" = Autodesk Alias 2010 Documentation (64-bit)
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46354B58-E766-4B73-9367-DDE46F829401}" = Autodesk Alias 2010 (64-bit)
"{52DB1D16-C1EF-4794-845D-B35046F47F91}" = SolidWorks Motion 2009 SP0 x64 Edition
"{54A6545B-70EF-415D-BF7E-E25FCD2A564E}" = SolidWorks Simulation 2009 SP0 x64 Edition
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BEA574B4-9B91-4109-9593-F012D94801D5}" = SolidWorks 2009 x64 Edition SP0
"{C7A8BBA7-F638-4A74-AD81-ED49D68978B9}" = Autodesk StudioViewer 2010 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DC7333D1-596A-404D-876D-446E6D27BA20}" = AVG 2011
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB284EF-3043-4A65-A94D-9F96F342FAB1}" = SolidWorks Explorer 2009 sp0 x64 Edition
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06379784-4648-46BF-9426-0B10817F0AF5}" = PhotoView 360
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{19B98EFB-9493-4651-96DD-A6768A5024E3}_is1" = DfontSplitter 0.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}" = Rhinoceros 4.0 SR5b
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = 
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A9ECB2-9FF5-436C-821A-1FF5B2AAC7D5}" = V-Ray for Rhinoceros
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2015F57-C940-4B49-AE56-6AC1DFCFFA1D}" = Business Plan Pro 11.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D576CC98-B3C5-4221-A5F4-4A0026FE1186}" = V-Ray for Rhinoceros
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EAAFAED2-0597-42A5-B907-1BC0969CDEAC}" = V-Ray for Rhinoceros
"{EE1671E1-ECB2-446B-A278-E8C56CFC839E}" = DWGeditor
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}" = Epson Event Manager
"7-Zip" = 7-Zip 4.65
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AmoK Playlist Copy" = AmoK Playlist Copy 2.04
"Astroburn Lite" = Astroburn Lite
"Audiograbber" = Audiograbber 1.83 SE 
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBCD" = EasyBCD 1.7.2
"EPSON Perfection V33_V330 Manual" = EPSON Perfection V33/V330 Handbuch
"EPSON Scanner" = EPSON Scan
"Eraser" = Eraser
"EssentialPIM" = EssentialPIM
"FileZilla Client" = FileZilla Client 3.2.7.1
"GamersFirst War Rock" = War Rock
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Penguin 2.0" = Penguin 2.0
"RealPlayer 12.0" = RealPlayer
"Rhino RDK" = Rhino RDK
"SolidWorks Installation Manager 20090-40000-1100-100" = SolidWorks 2009 x64 Edition SP0
"SpeedFan" = SpeedFan (remove only)
"TreeSize Free_is1" = TreeSize Free V2.3.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.6
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1979673327-2303432056-1945064426-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1979673327-2303432056-1945064426-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >


Alt 23.05.2011, 09:42   #6
kcarloney
 
Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Standard

Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


onlinebanking - nein
ebay, paypal, amazon, etc - ja
wichtigste kennwörter geändert, war seit dem mbam update mit dem rechner nicht mehr online. was kann die sau ausgelesen haben? muss ich sämtliche mail-provider passwörter und logins für foren, shops, etc auch ändern?

gerade nochmal mbam durchlaufen lassen, ohne neue ergebnisse.

sorry - bin mir gerade bewusst geworden, dass die Art zu posten nicht korrekt war - edit-versuch zu spät
Geändert von kcarloney (23.05.2011 um 10:33 Uhr)

Antwort

Themen zu Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen
agent, avg, beenden, bitdefender, blackhole, browser, dateien, defender, desktop, diverse, fake, fehler, free, hijack, hintergrund, homepage, icons, online, prozess, ram, rechner, recovery, surfen, trojan agent, ungewollte, updates, windows


« Yahoo Account versendet ungefragt Mails an alle Kontakte | Nach wie vor Probleme mit Windows Recovery »


Ähnliche Themen: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen


  1. Angeblicher Adobe-Reader-Exploit vermutlich ein Fake
    Nachrichten - 23.08.2013 (0)
  2. Exploit Shield zu Malwarebytes Anti-Exploit
    Antiviren-, Firewall- und andere Schutzprogramme - 09.07.2013 (4)
  3. Sophos Sicherheitsbericht 2013 - Blackhole wird Malware-Marktführer
    Nachrichten - 05.12.2012 (0)
  4. Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky?
    Log-Analyse und Auswertung - 29.10.2012 (9)
  5. Exploit-CVE2012-1723.f und Exploit-PDF!Blacole.o gefunden
    Log-Analyse und Auswertung - 02.10.2012 (11)
  6. EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  7. Blackhole Exploit Kit - Virusinfektion ja oder nein
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  8. SMART Repair Virus (Fake HDD Fehlermeldungen, Taskmanager deaktiviert, Dateien versteckt)
    Log-Analyse und Auswertung - 05.04.2012 (22)
  9. Fehlermeldungen, dann Sytem-Check Fake angeblich von Windows, alle Daten weg!
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (3)
  10. AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (11)
  11. Homepage Blackhole Exploit Kit Type 1889
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (0)
  12. Fehlermeldung Blackhole.Exploit Kit
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (7)
  13. SSD vs SATA
    Netzwerk und Hardware - 15.05.2011 (10)
  14. Trojaner TR/Fake.CX.172544, TR/Fake.bpp.174592, TR/buzus.ealr
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (10)
  15. SATA | oder SATA ||
    Netzwerk und Hardware - 04.12.2007 (1)
  16. infekt mit: exploit.wmf + exploit.java.ByteVerify + sploit[1].anr
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (15)
  17. exploit-byteVerify,JS/Exploit-DialogArg.b,Exploit-mhtRedir.gen. logfile auswerten
    Log-Analyse und Auswertung - 29.10.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen - Guten morgen allerseits. win7 64bit, sp1, updates frisch, kein silverlight mozilla 4, avg free, adaware free, aktuell eingeschränktes benutzerkonto Ich hatte gestern mittag beim surfen einen Kontakt, den avg als - Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen...
Archiv
Du betrachtest: Blackhole Exploit Kit platziert fake Win7Recovery IDE/SATA Fehlermeldungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131