| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: FakeAlert!fakealert-REP virusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.05.2011, 23:48
| #1 |
 |  FakeAlert!fakealert-REP virus Hallo! Es gibt zu diesem Trojaner zwar bereits ein Thema, was genau meine Problematik beinhaltet, aber ich will einfach nur 100% sicher gehen, dass ich mir da nicht doch einen Schädling eingefangen habe. Hier das schon vorhandene Thema: http://www.trojaner-board.de/99261-f...ep-trojan.html Bei mir ist es genau wie im beschriebenen Fall. Das Programm Stinger hat bei mir den oben genannten Trojaner entdeckt. Malwarebytes und Avira finden ihn nicht. Hier nun das Logfile von Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6678 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.05.2011 00:39:14 mbam-log-2011-05-26 (00-39-14).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158149 Laufzeit: 2 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Der Scan mit OTL [Extras.txt]:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.05.2011 00:40:34 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = F:\Firefox Download
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free
7,98 Gb Paging File | 5,88 Gb Available in Paging File | 73,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,48 Gb Total Space | 170,13 Gb Free Space | 72,25% Space Free | Partition Type: NTFS
Drive E: | 5,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 214,67 Gb Total Space | 201,04 Gb Free Space | 93,65% Space Free | Partition Type: NTFS
Computer Name: BUNDESHORST-PC | User Name: Bundeshorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{7B487697-A041-A601-5CC1-E87A29C42FAA}" = ATI AVIVO64 Codecs
"{7C8D4E26-7A34-2038-8763-2D689236CA83}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9D05540B-559D-CE93-C5FF-22A74B2491E1}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A3D6084-2F69-C794-7298-5E2AF03C743F}" = CCC Help Danish
"{11788990-CAE8-F48D-9297-4FCAD8C6B6CE}" = CCC Help Norwegian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19C21D2D-8A78-CBF7-89BB-CF4E43F61FC4}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{1FD6B02F-A065-A24A-254C-402A2F61ABE0}" = CCC Help Polish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2800948E-6B3E-CCA4-7CCE-2662810DA12C}" = Catalyst Control Center Core Implementation
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B94922D-0897-7D27-EF6C-2C231ED7A7B5}" = CCC Help Czech
"{2BBC5287-A288-3CA6-1266-2C358837933B}" = CCC Help Chinese Standard
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{436D79C8-F01B-8C72-F75D-BFCC7F7AFF3D}" = CCC Help Dutch
"{4854DBF6-D51F-C15F-6E4C-37D835FF256B}" = CCC Help Turkish
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C6BC364-BE78-D565-9945-25ED7F11455C}" = CCC Help French
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{506E3E0F-F465-04E9-E8B3-C9F177CA2778}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C9CD87F-987B-6A16-B7D5-9D3A64C69898}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64451AE2-695C-AF53-0C77-888588AA2E30}" = CCC Help German
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{689FC9DE-8703-FF96-605F-6580ADB32ACF}" = CCC Help Swedish
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7272CB6D-FAD3-F8E4-1747-0EEE676BFB75}" = CCC Help Chinese Traditional
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76C03BC0-F22F-C64A-B7A2-E0D84DFDCF70}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77279674-D034-FFD9-BFCD-A22D0E0E3C9D}" = CCC Help Korean
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer Wird Millionär? Party Edition
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92E650E1-0A18-2722-2048-135539D04BA1}" = ccc-core-static
"{949D8200-E178-47B1-471A-441920549F48}" = CCC Help Russian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9B790AED-4E67-595A-0CA0-1ED08C593DD3}" = Catalyst Control Center Localization All
"{A0F31F33-289F-6131-C324-55554C0918F8}" = Catalyst Control Center Graphics Full New
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8E4FE4B-895C-F090-2D5A-675683C88743}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA372444-CEB2-56DC-842F-80CD5F0883B4}" = CCC Help Thai
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAF70A87-AFF6-A935-3801-86E219B58505}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DB1E01D6-84CE-C7A3-2ED4-45D9895537DB}" = Catalyst Control Center InstallProxy
"{DB29FC4B-4A5B-45AC-805D-A1A449DD136A}" = Acer Arcade Instant On
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF68FB1B-B43F-5C1A-71CA-FB5AABC7B525}" = Catalyst Control Center Graphics Light
"{F06ECC9F-8334-0817-57F8-EFC93D28D231}" = CCC Help English
"{F083DD72-824B-3B7D-DB77-3F21B4B174D6}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA4ABFEA-76AF-AAA2-D343-B778063DD8FF}" = CCC Help Hungarian
"{FF7B9579-BA65-3512-8B10-7BBF6F4354A9}" = CCC Help Japanese
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mass Effect 2 German_is1" = Mass Effect 2 German
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.05.2011 14:03:27 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2011 06:21:35 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.05.2011 06:22:43 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 04.05.2011 06:23:18 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.05.2011 06:23:23 | Computer Name = Bundeshorst-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 24.05.2011 08:59:30 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 24.05.2011 08:59:30 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 24.05.2011 08:59:31 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 24.05.2011 08:59:31 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 24.05.2011 13:52:19 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 24.05.2011 13:52:19 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 25.05.2011 14:00:05 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 25.05.2011 14:00:05 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 25.05.2011 14:00:06 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 25.05.2011 14:00:06 | Computer Name = Bundeshorst-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Der Scan mit OTL [OTL.txt]:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 00:40:34 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = F:\Firefox Download 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free 7,98 Gb Paging File | 5,88 Gb Available in Paging File | 73,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,48 Gb Total Space | 170,13 Gb Free Space | 72,25% Space Free | Partition Type: NTFS Drive E: | 5,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 214,67 Gb Total Space | 201,04 Gb Free Space | 93,65% Space Free | Partition Type: NTFS Computer Name: BUNDESHORST-PC | User Name: Bundeshorst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Firefox Download\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () ========== Modules (SafeList) ========== MOD - F:\Firefox Download\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Ltn_stk7070P) -- C:\Windows\SysNative\drivers\Ltn_stk7070P.sys (LiteOn) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 22:29:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 22:29:56 | 000,000,000 | ---D | M] [2010.07.07 23:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bundeshorst\AppData\Roaming\mozilla\Extensions [2011.03.27 21:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bundeshorst\AppData\Roaming\mozilla\Firefox\Profiles\td9bz4nv.default\extensions [2011.05.19 00:16:14 | 000,001,056 | ---- | M] () -- C:\Users\Bundeshorst\AppData\Roaming\Mozilla\Firefox\Profiles\td9bz4nv.default\searchplugins\icqplugin.xml [2010.12.07 13:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.07 13:25:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.04.30 22:29:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.30 22:29:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.30 22:29:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.30 22:29:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.30 22:29:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.24 05:45:20 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.09.04 05:34:49 | 000,227,256 | R--- | M] (2K Sports) O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell - "" = AutoRun O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell - "" = AutoRun O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell\AutoRun\command - "" = D:\AutoPlay.exe -auto O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell - "" = AutoRun O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.25 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\Bundeshorst\AppData\Roaming\Malwarebytes [2011.05.25 22:44:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.25 22:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.25 22:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.25 22:44:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.25 22:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.23 13:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.05.18 11:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.05.18 11:43:18 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.11 20:14:10 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.05.11 20:14:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.05.11 20:14:08 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.11 20:14:07 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.11 20:14:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.11 20:14:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.05.11 20:14:06 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.05.07 04:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2011.05.07 04:25:34 | 000,000,000 | ---D | C] -- C:\Users\Bundeshorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2011.05.07 04:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2011.04.28 11:43:28 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.28 11:43:28 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.28 11:43:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.28 11:43:26 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.28 11:43:13 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.28 11:43:12 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.28 11:43:12 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.28 11:43:11 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.28 11:43:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.28 11:43:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.28 11:43:11 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.28 11:43:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.28 11:43:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2009.08.27 03:37:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.05.26 00:13:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.25 22:44:55 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.25 20:07:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.25 20:07:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.25 20:04:31 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.25 20:04:31 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.25 20:04:31 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.25 20:04:31 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.25 20:04:31 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.25 20:00:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.25 20:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.25 20:00:00 | 3213,967,360 | -HS- | M] () -- C:\hiberfil.sys [2011.05.18 11:43:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.04.30 23:20:28 | 000,005,878 | ---- | M] () -- C:\Users\Bundeshorst\.recently-used.xbel ========== Files Created - No Company Name ========== [2011.05.25 22:44:55 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.30 23:20:28 | 000,005,878 | ---- | C] () -- C:\Users\Bundeshorst\.recently-used.xbel [2010.12.07 13:33:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.27 23:50:09 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.05 05:50:15 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.09.05 05:50:14 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.05 05:50:13 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.07.30 16:21:01 | 000,000,000 | ---- | C] () -- C:\Users\Bundeshorst\AppData\Roaming\wklnhst.dat [2010.07.07 23:29:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.08 09:01:46 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.11.08 09:01:46 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.11.08 09:01:46 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.11.08 09:01:46 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.08.27 03:17:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.07.07 23:05:22 | 000,000,000 | -HSD | M] -- C:\Users\Bundeshorst\AppData\Roaming\.# [2010.10.08 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\2K Sports [2010.10.04 19:53:08 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Auslogics [2011.03.15 23:19:09 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Canneverbe Limited [2010.07.11 06:02:58 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\DAEMON Tools Lite [2011.03.27 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.15 23:43:34 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\freac [2011.03.15 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\FreeFLVConverter [2010.07.07 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\GameConsole [2011.04.30 23:12:52 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\gtk-2.0 [2011.05.25 22:02:52 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\ICQ [2010.10.04 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Need for Speed World [2011.03.16 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\PowerCinema [2010.09.09 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\SoftDMA [2010.10.29 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\Steinberg [2010.09.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\temp [2010.10.29 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Bundeshorst\AppData\Roaming\VST3 Presets [2011.04.17 04:04:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Ich hoffe ich habe bei der Erstellung des Themas alles richtig gemacht und bedanke mich schonmal im Vorraus für jede folgende Hilfe. |
|
26.05.2011, 11:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | FakeAlert!fakealert-REP virusZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
26.05.2011, 13:33
| #3 |
| | FakeAlert!fakealert-REP virus Ältere Scans habe ich leider nicht mehr.
__________________Hier nun der Vollständige Suchlauf: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6683 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.05.2011 14:32:01 mbam-log-2011-05-26 (14-32-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Durchsuchte Objekte: 287395 Laufzeit: 36 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
26.05.2011, 13:59
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.24 05:45:20 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.09.04 05:34:49 | 000,227,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\Shell\AutoRun\command - "" = D:\AutoPlay.exe -auto
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\Shell\AutoRun\command - "" = G:\Autorun.exe
[2010.07.07 23:05:22 | 000,000,000 | -HSD | M] -- C:\Users\Bundeshorst\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2011, 14:27
| #5 |
| | FakeAlert!fakealert-REP virus Ich habe das ganze zwei mal gemacht, da ich beim ersten mal vergessen hatte den Avira zu deaktivieren. Ich hoffe das war nicht weiter schlimm .. Hier das Ergebnis: ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. E:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2995056b-cc33-11de-b24b-806e6f6e6963}\ not found. File move failed. E:\setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0ed851-a155-11df-a796-0022fbcb40c0}\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d66252-bcdd-11df-97b1-002622827c1a}\ not found. File D:\AutoPlay.exe -auto not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63aaf-8ca0-11df-a40b-002622827c1a}\ not found. File G:\Autorun.exe not found. Folder C:\Users\Bundeshorst\AppData\Roaming\.#\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 05262011_152318 Files\Folders moved on Reboot... File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\setup.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
26.05.2011, 15:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> FakeAlert!fakealert-REP virus |
|
26.05.2011, 21:17
| #7 |
| | FakeAlert!fakealert-REP virus Mal kurz zwischendurch: Dieses Forum ist der Hammer!! So und hier der Report: 2011/05/26 22:14:01.0581 3340 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/05/26 22:14:01.0800 3340 ================================================================================ 2011/05/26 22:14:01.0800 3340 SystemInfo: 2011/05/26 22:14:01.0800 3340 2011/05/26 22:14:01.0800 3340 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/26 22:14:01.0800 3340 Product type: Workstation 2011/05/26 22:14:01.0800 3340 ComputerName: BUNDESHORST-PC 2011/05/26 22:14:01.0800 3340 UserName: Bundeshorst 2011/05/26 22:14:01.0800 3340 Windows directory: C:\Windows 2011/05/26 22:14:01.0800 3340 System windows directory: C:\Windows 2011/05/26 22:14:01.0800 3340 Running under WOW64 2011/05/26 22:14:01.0800 3340 Processor architecture: Intel x64 2011/05/26 22:14:01.0800 3340 Number of processors: 8 2011/05/26 22:14:01.0800 3340 Page size: 0x1000 2011/05/26 22:14:01.0800 3340 Boot type: Normal boot 2011/05/26 22:14:01.0800 3340 ================================================================================ 2011/05/26 22:14:02.0548 3340 Initialize success 2011/05/26 22:14:19.0256 0144 ================================================================================ 2011/05/26 22:14:19.0256 0144 Scan started 2011/05/26 22:14:19.0256 0144 Mode: Manual; 2011/05/26 22:14:19.0256 0144 ================================================================================ 2011/05/26 22:14:20.0005 0144 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/26 22:14:20.0161 0144 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/26 22:14:20.0348 0144 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/26 22:14:20.0566 0144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/26 22:14:20.0785 0144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/26 22:14:20.0956 0144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/26 22:14:21.0175 0144 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/26 22:14:21.0424 0144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/26 22:14:21.0674 0144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/26 22:14:21.0846 0144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/26 22:14:21.0970 0144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/26 22:14:22.0173 0144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/26 22:14:22.0329 0144 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/26 22:14:22.0516 0144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/26 22:14:22.0704 0144 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/26 22:14:22.0906 0144 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/26 22:14:23.0109 0144 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/26 22:14:23.0281 0144 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/26 22:14:23.0499 0144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/26 22:14:23.0655 0144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/26 22:14:24.0108 0144 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/26 22:14:24.0513 0144 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/26 22:14:24.0716 0144 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/26 22:14:24.0872 0144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/26 22:14:25.0044 0144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/26 22:14:25.0231 0144 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/26 22:14:25.0434 0144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/26 22:14:25.0574 0144 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/26 22:14:25.0730 0144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/26 22:14:25.0855 0144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/26 22:14:26.0073 0144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/26 22:14:26.0214 0144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/26 22:14:26.0370 0144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/26 22:14:26.0557 0144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/26 22:14:26.0760 0144 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/05/26 22:14:26.0900 0144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/26 22:14:27.0196 0144 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/26 22:14:27.0399 0144 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys 2011/05/26 22:14:27.0633 0144 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/26 22:14:27.0820 0144 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys 2011/05/26 22:14:27.0992 0144 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 2011/05/26 22:14:28.0164 0144 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys 2011/05/26 22:14:28.0335 0144 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/05/26 22:14:28.0460 0144 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/05/26 22:14:28.0600 0144 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/26 22:14:28.0788 0144 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/26 22:14:28.0928 0144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/26 22:14:29.0053 0144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/26 22:14:29.0271 0144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/26 22:14:29.0412 0144 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/26 22:14:29.0568 0144 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/26 22:14:29.0724 0144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/26 22:14:29.0864 0144 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/26 22:14:30.0020 0144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/26 22:14:30.0207 0144 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/26 22:14:30.0457 0144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/26 22:14:30.0628 0144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/26 22:14:30.0753 0144 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys 2011/05/26 22:14:30.0972 0144 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/26 22:14:31.0174 0144 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/26 22:14:31.0533 0144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/26 22:14:31.0845 0144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/26 22:14:31.0986 0144 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys 2011/05/26 22:14:32.0157 0144 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\Windows\system32\DRIVERS\enecirhid.sys 2011/05/26 22:14:32.0266 0144 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys 2011/05/26 22:14:32.0438 0144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/26 22:14:32.0688 0144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/26 22:14:32.0875 0144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/26 22:14:33.0015 0144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/26 22:14:33.0202 0144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/26 22:14:33.0358 0144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/26 22:14:33.0530 0144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/26 22:14:33.0686 0144 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/26 22:14:33.0826 0144 FPSensor (44c86363d4673688e61f3c096b511811) C:\Windows\system32\Drivers\FPSensor.sys 2011/05/26 22:14:33.0951 0144 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/26 22:14:34.0123 0144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/26 22:14:34.0232 0144 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/26 22:14:34.0388 0144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/26 22:14:34.0591 0144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/26 22:14:34.0825 0144 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/26 22:14:34.0996 0144 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/26 22:14:35.0152 0144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/26 22:14:35.0308 0144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/26 22:14:35.0480 0144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/26 22:14:35.0620 0144 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/26 22:14:35.0854 0144 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/26 22:14:35.0995 0144 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/26 22:14:36.0151 0144 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/26 22:14:36.0307 0144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/26 22:14:36.0494 0144 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/26 22:14:36.0650 0144 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/26 22:14:36.0853 0144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/26 22:14:37.0180 0144 IntcAzAudAddService (11b392d117217a4caec7440d28cb1178) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/26 22:14:37.0368 0144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/26 22:14:37.0524 0144 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/26 22:14:37.0633 0144 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/26 22:14:37.0773 0144 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/26 22:14:37.0898 0144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/26 22:14:38.0007 0144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/26 22:14:38.0148 0144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/26 22:14:38.0304 0144 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/26 22:14:38.0444 0144 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys 2011/05/26 22:14:38.0600 0144 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys 2011/05/26 22:14:38.0756 0144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/26 22:14:38.0928 0144 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/26 22:14:39.0193 0144 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/26 22:14:39.0302 0144 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/26 22:14:39.0427 0144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/26 22:14:39.0598 0144 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/26 22:14:39.0739 0144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/26 22:14:39.0848 0144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/26 22:14:40.0004 0144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/26 22:14:40.0129 0144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/26 22:14:40.0254 0144 Ltn_stk7070P (9d48f75c237f972e8cdea3f5bcff74d5) C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys 2011/05/26 22:14:40.0425 0144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/26 22:14:40.0550 0144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/26 22:14:40.0722 0144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/26 22:14:40.0878 0144 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/26 22:14:41.0049 0144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/26 22:14:41.0190 0144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/26 22:14:41.0314 0144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/26 22:14:41.0470 0144 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/26 22:14:41.0595 0144 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/26 22:14:41.0720 0144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/26 22:14:41.0845 0144 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/26 22:14:41.0970 0144 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/26 22:14:42.0110 0144 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/26 22:14:42.0266 0144 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/26 22:14:42.0406 0144 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/26 22:14:42.0547 0144 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/26 22:14:42.0687 0144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/26 22:14:42.0812 0144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/26 22:14:42.0968 0144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/26 22:14:43.0093 0144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/26 22:14:43.0218 0144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/26 22:14:43.0358 0144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/26 22:14:43.0467 0144 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/26 22:14:43.0592 0144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/26 22:14:43.0748 0144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/26 22:14:43.0966 0144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/26 22:14:44.0154 0144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/26 22:14:44.0278 0144 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 2011/05/26 22:14:44.0403 0144 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 2011/05/26 22:14:44.0590 0144 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 2011/05/26 22:14:44.0778 0144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/26 22:14:45.0012 0144 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/26 22:14:45.0152 0144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/26 22:14:45.0324 0144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/26 22:14:45.0464 0144 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/26 22:14:45.0636 0144 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/26 22:14:45.0745 0144 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/26 22:14:45.0901 0144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/26 22:14:46.0026 0144 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/26 22:14:46.0353 0144 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys 2011/05/26 22:14:46.0665 0144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/26 22:14:46.0821 0144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/26 22:14:46.0946 0144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/26 22:14:47.0149 0144 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/26 22:14:47.0352 0144 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 2011/05/26 22:14:47.0476 0144 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/26 22:14:47.0601 0144 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/26 22:14:47.0757 0144 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/26 22:14:47.0898 0144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/26 22:14:48.0054 0144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/26 22:14:48.0288 0144 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/26 22:14:48.0475 0144 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/26 22:14:48.0631 0144 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/26 22:14:48.0740 0144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/26 22:14:48.0880 0144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/26 22:14:49.0005 0144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/26 22:14:49.0161 0144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/26 22:14:49.0411 0144 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/26 22:14:49.0536 0144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/26 22:14:49.0723 0144 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/26 22:14:49.0941 0144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/26 22:14:50.0331 0144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/26 22:14:50.0440 0144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/26 22:14:50.0565 0144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/26 22:14:50.0862 0144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/26 22:14:51.0002 0144 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/26 22:14:51.0142 0144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/26 22:14:51.0252 0144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/26 22:14:51.0392 0144 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/26 22:14:51.0548 0144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/26 22:14:51.0751 0144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/26 22:14:51.0876 0144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/26 22:14:52.0000 0144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/26 22:14:52.0110 0144 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/26 22:14:52.0297 0144 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/26 22:14:52.0500 0144 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/26 22:14:52.0671 0144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/26 22:14:52.0843 0144 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys 2011/05/26 22:14:53.0061 0144 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/26 22:14:53.0186 0144 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/26 22:14:53.0342 0144 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 2011/05/26 22:14:53.0482 0144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/26 22:14:53.0623 0144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/26 22:14:53.0810 0144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/26 22:14:53.0997 0144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/26 22:14:54.0122 0144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/26 22:14:54.0231 0144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/26 22:14:54.0340 0144 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/26 22:14:54.0465 0144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/26 22:14:54.0621 0144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/26 22:14:54.0746 0144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/26 22:14:54.0886 0144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/26 22:14:55.0074 0144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/26 22:14:55.0401 0144 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/05/26 22:14:55.0401 0144 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/05/26 22:14:55.0401 0144 sptd - detected LockedFile.Multi.Generic (1) 2011/05/26 22:14:55.0542 0144 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/26 22:14:55.0698 0144 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/26 22:14:55.0854 0144 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/26 22:14:56.0025 0144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/26 22:14:56.0150 0144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/26 22:14:56.0259 0144 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/26 22:14:56.0431 0144 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/26 22:14:56.0618 0144 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/26 22:14:56.0743 0144 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/26 22:14:56.0883 0144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/26 22:14:57.0024 0144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/26 22:14:57.0164 0144 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/26 22:14:57.0273 0144 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/26 22:14:57.0414 0144 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/26 22:14:57.0538 0144 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/26 22:14:57.0648 0144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/26 22:14:57.0757 0144 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 2011/05/26 22:14:57.0913 0144 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/26 22:14:58.0069 0144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/26 22:14:58.0178 0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/26 22:14:58.0350 0144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/26 22:14:58.0537 0144 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/26 22:14:58.0646 0144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/26 22:14:58.0786 0144 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/26 22:14:58.0927 0144 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/26 22:14:59.0067 0144 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 2011/05/26 22:14:59.0223 0144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/26 22:14:59.0332 0144 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/26 22:14:59.0442 0144 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 2011/05/26 22:14:59.0582 0144 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2011/05/26 22:14:59.0738 0144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/26 22:14:59.0878 0144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/26 22:14:59.0988 0144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/26 22:15:00.0097 0144 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/26 22:15:00.0222 0144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/26 22:15:00.0331 0144 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/26 22:15:00.0487 0144 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/26 22:15:00.0674 0144 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/26 22:15:00.0892 0144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/26 22:15:01.0033 0144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/26 22:15:01.0173 0144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/26 22:15:01.0298 0144 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/26 22:15:01.0329 0144 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/26 22:15:01.0454 0144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/26 22:15:01.0610 0144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/26 22:15:01.0813 0144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/26 22:15:01.0922 0144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/26 22:15:02.0140 0144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/26 22:15:02.0312 0144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/26 22:15:02.0499 0144 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/26 22:15:02.0624 0144 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/26 22:15:02.0811 0144 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 2011/05/26 22:15:02.0936 0144 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl 2011/05/26 22:15:02.0952 0144 MBR (0x1B8) (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0 2011/05/26 22:15:03.0716 0144 ================================================================================ 2011/05/26 22:15:03.0716 0144 Scan finished 2011/05/26 22:15:03.0716 0144 ================================================================================ 2011/05/26 22:15:03.0747 4744 Detected object count: 1 2011/05/26 22:15:03.0747 4744 Actual detected object count: 1 2011/05/26 22:15:12.0218 4744 LockedFile.Multi.Generic(sptd) - User select action: Skip ps: Probleme auf meine eigenen Dateien zuzugreifen habe ich nicht. |
|
27.05.2011, 08:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2011, 11:11
| #9 |
| | FakeAlert!fakealert-REP virus Wiedermal ist mir die Deaktivierung des Virenscanners durch die Lappen gegangen und ich musste das Programm 2x durchlaufen lassen. .. und wieder mal hoffe ich es ist nicht all zu wild Hier das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-26.02 - Bundeshorst 27.05.2011 12:00:44.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4087.2574 [GMT 2:00]
ausgeführt von:: c:\users\Bundeshorst\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-27 bis 2011-05-27 ))))))))))))))))))))))))))))))
.
.
2011-05-27 10:03 . 2011-05-27 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-27 09:44 . 2011-05-27 09:55 -------- d-----w- C:\cofi
2011-05-25 23:05 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 20:45 . 2011-05-25 20:45 -------- d-----w- c:\users\Bundeshorst\AppData\Roaming\Malwarebytes
2011-05-25 20:44 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-25 20:44 . 2011-05-25 20:44 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 20:44 . 2011-05-25 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-25 20:44 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 13:05 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43B489D2-B2AF-4AF3-A94B-A0C7B37F9A99}\mpengine.dll
2011-05-18 09:43 . 2011-05-18 09:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 18:14 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 18:14 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 18:14 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:14 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:14 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:14 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:14 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:14 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:14 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:14 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:14 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:14 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-07 02:25 . 2011-05-07 02:25 -------- d-----w- c:\program files (x86)\SopCast
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 06:19 . 2011-04-14 08:45 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 08:45 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 08:45 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:40 . 2011-04-14 08:45 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:14 . 2011-04-14 08:44 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-14 08:44 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-28 09:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-28 09:43 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-14 08:44 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-14 08:44 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-14 08:44 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-14 08:45 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-27_09.51.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-05-27 09:43 38716 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-27 09:53 38716 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-07 13:28 . 2011-05-27 09:53 10244 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2092904018-1444182634-3070834641-1000_UserData.bin
+ 2010-07-19 17:47 . 2011-05-27 09:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-19 17:47 . 2011-05-27 09:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-19 17:47 . 2011-05-27 09:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-19 17:47 . 2011-05-27 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-07 13:28 . 2011-05-27 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-07 13:28 . 2011-05-27 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-07 13:28 . 2011-05-27 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-07 13:28 . 2011-05-27 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-05-27 09:48 624776 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-27 09:56 624776 c:\windows\system32\perfh009.dat
+ 2009-11-08 15:45 . 2011-05-27 09:56 664634 c:\windows\system32\perfh007.dat
- 2009-11-08 15:45 . 2011-05-27 09:48 664634 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-05-27 09:56 110414 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-27 09:48 110414 c:\windows\system32\perfc009.dat
- 2009-11-08 15:45 . 2011-05-27 09:48 134770 c:\windows\system32\perfc007.dat
+ 2009-11-08 15:45 . 2011-05-27 09:56 134770 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3567616]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-27 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/11/08 08:17];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-10-05 17:15 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-19 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-18 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3450368]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-17 8061984]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-18 496160]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5940&r=27360710w955l0394z115t48m2w076
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Bundeshorst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Bundeshorst\AppData\Roaming\Mozilla\Firefox\Profiles\td9bz4nv.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-27 12:05:43
ComboFix-quarantined-files.txt 2011-05-27 10:05
ComboFix2.txt 2011-05-27 09:55
.
Vor Suchlauf: 16 Verzeichnis(se), 191.862.063.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 191.618.637.824 Bytes frei
.
- - End Of File - - 0043CEC921D953452EDED62B5879744E
|
|
27.05.2011, 14:12
| #10 |
| | FakeAlert!fakealert-REP virus Kleine Info zwischendurch: Gerade hat sich das System urplötzzlich mit nem Bluescreen verabschiedet. Der Laptop hat neu gestartet und nun läuft wieder alles. Außerdem zeigt mir Windows seit Neustem beim Runterfahren gelegentlich an, dass im Hintergrund noch ein Programm läuft .. |
|
27.05.2011, 15:44
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2011, 16:39
| #12 |
| | FakeAlert!fakealert-REP virus Das GMER Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-27 17:38:09
Windows 6.1.7600
Running: 09xgcpdk.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a78224
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????????????????????{00000000-0000-0000-ffff-ffffffffffff}??????8&205264f3&0?6????t??????4??????????????????????????????????????Microsoft?????????????????????????????????????P??????????????????????????????????????????????????????????????i??????????????????????????{745a17a0-74d3-11d0-b6fe-00a0c90f57da}??????????????????2\????????????????????,??????????????????????????????????????????????????????????5?????????753???????? ??????????????e????????????????????????????????????????????????????????????????????????N????????????D????? ????????????????????????????$???????????????s??/??? ???????????????????Z????????"??????????f?????????????????????????????? ???!???????????$???%???????????(???)???????????,???-???????????0???1???????????4???5???????????8???9???????????<???=??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???? ?????????????CC0?????????????? ?????????$?????????(?????????,?????????0??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???k?k??LegacyDriver??????N??l??????????????????????????t???????????????? ??@circlass.inf,%microsoft%;Microsoft?????PEAUTH??????????????*pnp0c02????????????????????? ???????j?????k?????k?????????????????????C??????N???????????D?{4??? ???????k??????????????????????Z????????????????k???e??sy?????????????????????k?&??LegacyDriver?3??????De????N??k????????D??????????????????k??????d??????????????g????*6to4mp??????????????????????l?l53????N??k?????????3?3??? ^?????????????????gendisk??????????????l?l?l???????j???3???i???k???????????????????u???????2??? ???????j?????k?????j???????????????????????E???????k???$?????????k?&??? ???????k???????????k??????????b???????????LegacyDriver????1&841921d&0??6???k???k???????????k?l?2???????????????????????????????k?????k?&???k??? ???????j?????k?????k????????????&? ???????V???? ???????k??????????????????????\????????????????????o?????s?3???????????e???????????????D?????s\c???????????k???l?l?????k???????????D??ic????N??k??????????????Volume??????PrinterBusEnumerator?????????k?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???j????\\?\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i7_CPU_______Q_720__@_1.60GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}???ACPI\GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel(R)_Core(TM)_i7_CPU_______Q_720__@_1.60GHz\_6??????????????? ??????????? ???j??????????s?????N??h???o?????D????PNP_TDI?????cpu.inf?????????????????????????kbdclass?????h???????h???C???h???g?g????????????????????????????? ??0???????????????????keyboard.inf?M??? $??h???d???????\??HID_Keyboard_Inst???? ???@??????????t????????@???????????????????@??????????????? ???f??????????????HID-Tastatur????? ???h??????????n???6.1.7600.16385????????X??????.???.??LegacyDriver?c??? ???j??????????Tc???????????D???E??Microsoft????????j??????????????(I??.NTAMD64? ???@?@?@?@?@?@????????? ???????@???????????????????? ?6???????dl??1:Brightness=0.0,Contrast=1.0,Saturation=1.0,Gamma=0.0,Hue=0.0;2:Brightness=-3.0,Contrast=1.16,Saturation=1.25,Gamma=0.0,Hue=0.0;3:Brightness=-3.0,Contrast=1.07,Saturation=1.10,Gamma=0.0,Hue=0.0;4:Bright
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????{4d36e967-e325-11ce-bfc1-08002be10318}\0001?Se??????????????????????????????????????Root\*6TO4MP\0022???? ??????????????????????74??pt??????~2??????X???????????? ??????????????????????????????????????????????????????????? ?????????????????????,????????N???????????? ????????????????????N?????????????{2995055f-cc33-11de-b24b-806e6f6e6963}??????????????????????? ???????????????????????????????????????f??????????????? ?????????????????????0??L????????? ???????????????????????????????? ?????????????????????0????????????&????????????????????0??? ?????????????????????0????????????????????? ?????????????????????0????????$????????????????????????????????????????????????????|??????%m??????????????????? ?????????????????????0????????????&????????????????????f???????????0??? ?????????????????????0????????????????????? ?????????????????????0????????????????????disk.inf:disk_device.NTamd64:disk_install:6.1.7600.16385:gendisk????????????????????????????????????????st??????????? ?????????????????????0???????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???k?????????3???m?m??????????????????????X??????????????????k???5??s???{00000000-0000-0000-0000-000000000000}??????Security Processor Loader Driver????Root\*6TO4MP\0008???6????????????????????????????????????????????????????????5?????s?5??????????? ???????j?????k?????k?????????????? ???????D???? b?????????????????? ???????k??????????????????????N???????????????????????????????????6-21-2006??????k?&??LegacyDriver? ??????????????????????LegacyDriver????LegacyDriver??????N??l?????????D??????V??u?????????e??????$??k???8???????v???l?l?l???????f??????s?????N??l????????D??????l??????????????????????? ???????j?????k?????k???????????????????????????????????????????.??? ???????k???????????p??????????N???????????? ??1???n????? 2????????????k?l85?????k?&??? ???????k??????????????????????`????????????????????a??an???????????v??_N???k?k????{8ECC055D-047F-11D1-A537-0000F8753ED1}?md6??? ???????j?????k?????k????????????0??????????????????????????????????????k???????e??volsnap??????????????????????k?k?k?k?k?k????{71a27cdd-8
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???j?|??????????? ??k???.?????mp???????????????????LegacyDriver????LegacyDriver?-?????????????????????????????????s???????? $????????N??j????????D??????????j???e???e???????????k???p???????????????????????????????6??????Boot File System???????????????????s?????k?k?k???l?m?????????????????d?????????????? ??????????s????LegacyDriver?????????j??????s????????????n??????1.??TCP/IP Registry Compatibility???System32\drivers\tcpipreg.sys???????????mrxsmb??????6-7-2009?????j?j????????????????????????t????????????????????F??PF???j???????????????????j??????s????????t????????????????????????????????h????????g????????????p???Pr??LegacyDriver????????????????????????3-???j?j????????????LegacyDriver?????????c???e?e?j?j?j?j?j???j?k?????k?k?k??????????????????os???????????????????????????????????????e???????e??????????????????????????????????? J??????????????3???????????????????k?kos??t???????????LegacyDriver?????????????D?????s\a???????????????????????j??????????????????????t???????????????t????????????????????????????o?????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0xA0 0x30 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCF 0xAC 0x07 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x6A 0x22 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3C 0x5B 0x31 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a78224 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???b?k??STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#0000000000007E00???????????T???????????????????h??????p????????T???????????????????/??????s?????N??g???4?????Dec??PCI\VEN_1002&DEV_9480&SUBSYS_03111025&REV_00\4&19611653&0&0018???????????T???????????????????T???????????????????????T??????????? ???h???o?????eDo????X??????0???0??\\?\IDE#CdRomHL-DT-ST_BDDVDRW_CT10N__________________WA03____#4&363997c0&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?E6??STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E04BD000?????????d?p????????????X??e??????????????*6to4mp?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?"???STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E6ABE800??????\\?\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}???????????T?????????????????????????????????s?????????2??????s????????????e?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?????k???k?????k????? ???????k?????k???????0????????????&??????????????????????????k???k????? ???????k?????k???????0???????????????????????k????? ???????k???????????k?0????????????????????composite_battery????????????????????k?????k????? ???????k?????k???????0???????????????????????k?????k??? ???????k???????????k?0????????????????????? ???????k???????????j?0?????????????????????k?l?k?????k????? ???????k?????k???????0????????????????????battery.inf??????k??? ???????k???????????k?0????????2???????????? ???????j?????k???????0???????????????????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????k?0????????"????????????????????????????????????????????????????????????v?v?v???k?????k????? ???????k?????k???????0??????????????????????$??k???????????????k??????????? ???????k???????????k?0????????(???????????? ???????j???????????k?0????????8????????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????k?0????????????????????? ???????j?????k???????0???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?????????????e??????iv???????????y???k???????k???k???????????????j?j?j?k?k?k?????????????????????3??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????F??????????????LegacyDriver?????k???????????2???????????????????&???????u????N???????????D??????k???????k???????????l?k?2??? ???????j?????k?????k?????????????? ???????L????????2???????e???k??? ???????k???????????k??????????^????????????h?j?l???????f?g?j?j?k??????VgaSave?????????????????11???????k?k?k???l?l????? R??k??????????s??????k?&????N??k????????D??????????????*???*???????????h???o????6??t????????h?????DiskDrive????????y???k???????????k?k?l???l?l?l??PNP_TDI??????????k??????s????????m???k?l?k???????k???????k??????s?????:??m?????g?????k?k?k???k?l?k?????????????????s????int?????????????????????????????????????????????LegacyDriver?????????????D??????\s??????????????????Microsoft?????N??k????????D??????? ??2???v???e????N??l?????????D??????N??m???p????D?????11??????????????gencdrom?6???????k???p??03??Microsoft????????????H????????N??l???i????D1.7?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???d?p????????????X??e??????????????*6to4mp?????\\?\SCSI#CdRom&Ven_YTU&Prod_2ZOXYFCHMZSD&Rev_1.03#5&36e5972&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?"???STORAGE\Volume\{2995055f-cc33-11de-b24b-806e6f6e6963}#00000003E6ABE800??????\\?\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}???????????T?????????????????????????????????s?????????2??????s????????????e??????????????????????????????????System??????NTIDrvr??????????????????i???????????<??????????????????????????????? ????????????????????????$????????? ???????e???????????????mnmsrvc????????A????????????????????? ????????????????????????????L?????????????????%ProgramData%\Microsoft\Windows\WER\* /s??????h?????????????????%systemroot%\Minidump\* /s?%systemroot%\memory.dmp??????????????????????????\hiberfil.sys????????&J?????????????????????????????C:\Windows\System32\MSDTC\MSDTC.Log???????L????????A????%windir%\softwaredistribution\*.* /s??????6?????????????%SystemRoot%\netlogon.chg???????%TEMP%\* /s?????? x?????????????????\System Volume Informat
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???m?o??Microsoft??????????????????m????? ???????m?????m???????0????????????????????? ???????c??????sC??Imaging?????? ???????m???????????l?0????????"???????????0000.001d.0000.001.004.000.000.000.000?4???????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????N??m???4???????????????l?????????????????????????m????????????? ?????s?4???m??????????????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????6???????????h??????j?j?l?v?{???????m?????m????? ???????m?????m???????0????????????????????? ?m???m???m???m???m???m???m???m???m???m????????? ???????m???????????l?0??????????????????????N??????c?????DSC?????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????4??m????????h??????????s???u??Net????????m????? ???????m?????m???????0????????????????????? ???????m???????????l?0??????????????????????*??m???????????????????????4???{?????????m????? ???????j?????m??????????????????c?????????? ???????m?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???mo??????.0???5???{4d36e972-e325-11ce-bfc1-08002be10318}\0000??e??{00000000-0000-0000-0000-000000000000}???????l??????????UMB??????????????o??????{71a27cdd-812a-11d0-bec7-08002be2092f}\0002???????<??m???~?g?2???l?l?????k?????l???l?????????h????????????R??s?????????n????STORAGE\VolumeSnapshot??????Net??p???????????????h???3??????{4d36e97d-e325-11ce-bfc1-08002be10318}\0003?????STORAGE\VolumeSnapshot???????????????e??????ot??*pnp0c0c?????????????????????????????k???l????????$??l???????????????????d???????\???????l???????t???????????????????l??? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????k?0?????????????????????l?l???????l????? ???????l?????l???????0???????????????????????l???l????? ???????l???????????k?0?????????????????????????k???????6??netrasa.inf?? ???k?l????? ???????j?????l?????k????????????D?????????????*6to4mp?????????????? ???????l??????????????????????N??????????????????????????????????????????????l?&??{4d36e972-e325-11ce
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0xA0 0x30 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCF 0xAC 0x07 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x6A 0x22 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3C 0x5B 0x31 0xB1 ...
---- EOF - GMER 1.0.15 ----
Der Download von MBRCheck.exe war mir leider nicht möglich. Die verlinkte Seite scheint offline zu sein. |
|
27.05.2011, 16:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Falls mbrcheck noch down sein sollte, hier ein Ersatzlink => http://download.bleepingcomputer.com...l/MBRCheck.exe Edit: hehe wir haben fast zeitgleich gepostet 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2011, 16:48
| #14 |
| | FakeAlert!fakealert-REP virus .. die Minute hat gereicht um mich verzweifeln zu lassen Wahah  Das Logfile von MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Acer System Manufacturer: Acer System Product Name: Aspire 5940 Logical Drives Mask: 0x0000007c Kernel Drivers (total 197): 0x0324A000 \SystemRoot\system32\ntoskrnl.exe 0x03201000 \SystemRoot\system32\hal.dll 0x00BB9000 \SystemRoot\system32\kdcom.dll 0x00CFD000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D41000 \SystemRoot\system32\PSHED.dll 0x00D55000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00E92000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F36000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x010B0000 \SystemRoot\System32\Drivers\spsp.sys 0x011D6000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F45000 \SystemRoot\system32\DRIVERS\pci.sys 0x011DF000 \SystemRoot\System32\drivers\partmgr.sys 0x011F4000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x0109D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00F78000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00F8D000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys 0x01273000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x0138F000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01398000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x013C2000 \SystemRoot\system32\drivers\amdxata.sys 0x01200000 \SystemRoot\system32\drivers\fltmgr.sys 0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys 0x0142F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x00E1A000 \SystemRoot\System32\Drivers\msrpc.sys 0x015D1000 \SystemRoot\System32\Drivers\ksecdd.sys 0x016B6000 \SystemRoot\System32\Drivers\cng.sys 0x01729000 \SystemRoot\System32\drivers\pcw.sys 0x0173A000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x018C5000 \SystemRoot\system32\drivers\ndis.sys 0x01800000 \SystemRoot\system32\drivers\NETIO.SYS 0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01744000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0188B000 \SystemRoot\System32\Drivers\spldr.sys 0x019B7000 \SystemRoot\System32\drivers\rdyboost.sys 0x01893000 \SystemRoot\System32\Drivers\mup.sys 0x018A5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01790000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x018AE000 \SystemRoot\system32\DRIVERS\disk.sys 0x017CA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x02D45000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x02D6F000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys 0x02D78000 \SystemRoot\System32\Drivers\Null.SYS 0x02D81000 \SystemRoot\System32\Drivers\Beep.SYS 0x02D88000 \SystemRoot\System32\drivers\vga.sys 0x02D96000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x02DBB000 \SystemRoot\System32\drivers\watchdog.sys 0x02DCB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x02DD4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x02DDD000 \SystemRoot\system32\drivers\rdprefmp.sys 0x02DE6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x02C00000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04000000 \SystemRoot\System32\drivers\tcpip.sys 0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0164A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x02DF1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x04228000 \SystemRoot\system32\drivers\afd.sys 0x042B2000 \SystemRoot\System32\DRIVERS\netbt.sys 0x042F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04300000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04326000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04335000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04350000 \SystemRoot\system32\DRIVERS\termdd.sys 0x04364000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x043B5000 \SystemRoot\system32\drivers\nsiproxy.sys 0x043C1000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys 0x043D4000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys 0x043DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x043E7000 \SystemRoot\System32\drivers\discache.sys 0x04200000 \SystemRoot\System32\Drivers\dfsc.sys 0x01668000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01679000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x01400000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04459000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x04817000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x044A9000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0514B000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05191000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x051B5000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0459D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04400000 \SystemRoot\system32\DRIVERS\k57nd60a.sys 0x05636000 \SystemRoot\system32\DRIVERS\netw5v64.sys 0x05BD6000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x05BDB000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x05600000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys 0x0560C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x00DB3000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x0561B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0561D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0562C000 \??\C:\Windows\system32\drivers\UBHelper.sys 0x051C6000 \??\C:\Windows\system32\drivers\NTIDrvr.sys 0x05C6D000 \SystemRoot\System32\Drivers\afqdds1c.SYS 0x05CB2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x05CBB000 \SystemRoot\system32\DRIVERS\enecir.sys 0x05CD8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x05CEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x05CFE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x05D14000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x05D38000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05D44000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x05D73000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x05D8E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x05DAF000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x05DC9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x05C00000 \SystemRoot\system32\DRIVERS\ks.sys 0x05C43000 \SystemRoot\system32\DRIVERS\circlass.sys 0x05C55000 \SystemRoot\system32\DRIVERS\umbus.sys 0x060E9000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x06143000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x06158000 \SystemRoot\system32\drivers\RtHDMIVX.sys 0x06189000 \SystemRoot\system32\drivers\portcls.sys 0x061C6000 \SystemRoot\system32\drivers\drmk.sys 0x061E8000 \SystemRoot\system32\drivers\ksthunk.sys 0x06418000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x06400000 \SystemRoot\system32\DRIVERS\hidir.sys 0x06000000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06019000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06022000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x06030000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0603D000 \SystemRoot\System32\Drivers\FPSensor.sys 0x06049000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x06066000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x06074000 \SystemRoot\System32\drivers\Dxapi.sys 0x06080000 \SystemRoot\System32\Drivers\usbvideo.sys 0x060AE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00470000 \SystemRoot\System32\TSDDD.dll 0x00600000 \SystemRoot\System32\cdd.dll 0x02C11000 \SystemRoot\system32\DRIVERS\udfs.sys 0x060BC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x026DF000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x02600000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x02613000 \SystemRoot\system32\drivers\luafv.sys 0x02636000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x02653000 \SystemRoot\system32\drivers\WudfPf.sys 0x02674000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02689000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x060CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x05DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02C65000 \SystemRoot\system32\drivers\HTTP.sys 0x051CE000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05DE3000 \SystemRoot\System32\drivers\mpsdrv.sys 0x013CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0289B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x028E9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0290C000 \SystemRoot\system32\drivers\peauth.sys 0x029B2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x029BD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x029EA000 \SystemRoot\System32\drivers\tcpipreg.sys 0x02800000 \??\C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl 0x0282B000 \SystemRoot\System32\DRIVERS\srv2.sys 0x03CEA000 \SystemRoot\System32\DRIVERS\srv.sys 0x76CD0000 \Windows\System32\ntdll.dll 0x47F20000 \Windows\System32\smss.exe 0xFEFF0000 \Windows\System32\apisetschema.dll 0xFF840000 \Windows\System32\autochk.exe 0xFEF60000 \Windows\System32\shlwapi.dll 0xFEEC0000 \Windows\System32\comdlg32.dll 0xFEDE0000 \Windows\System32\oleaut32.dll 0xFEC60000 \Windows\System32\urlmon.dll 0xFEB50000 \Windows\System32\msctf.dll 0x76EA0000 \Windows\System32\psapi.dll 0xFEB40000 \Windows\System32\nsi.dll 0xFEA70000 \Windows\System32\usp10.dll 0xFE990000 \Windows\System32\advapi32.dll 0xFE730000 \Windows\System32\iertutil.dll 0xFE600000 \Windows\System32\rpcrt4.dll 0xFE560000 \Windows\System32\msvcrt.dll 0xFE510000 \Windows\System32\Wldap32.dll 0xFD780000 \Windows\System32\shell32.dll 0xFD760000 \Windows\System32\sechost.dll 0xFD730000 \Windows\System32\imm32.dll 0xFD690000 \Windows\System32\clbcatq.dll 0xFD4B0000 \Windows\System32\setupapi.dll 0xFD380000 \Windows\System32\wininet.dll 0xFD310000 \Windows\System32\gdi32.dll 0xFD290000 \Windows\System32\difxapi.dll 0xFD240000 \Windows\System32\ws2_32.dll 0x76BB0000 \Windows\System32\kernel32.dll 0xFD030000 \Windows\System32\ole32.dll 0xFD010000 \Windows\System32\imagehlp.dll 0x76E90000 \Windows\System32\normaliz.dll 0xFD000000 \Windows\System32\lpk.dll 0x76AB0000 \Windows\System32\user32.dll 0xFCFC0000 \Windows\System32\cfgmgr32.dll 0xFCE50000 \Windows\System32\crypt32.dll 0xFCDE0000 \Windows\System32\KernelBase.dll 0xFCDA0000 \Windows\System32\wintrust.dll 0xFCD00000 \Windows\System32\comctl32.dll 0xFCCE0000 \Windows\System32\devobj.dll 0xFCCD0000 \Windows\System32\msasn1.dll 0x75660000 \Windows\SysWOW64\normaliz.dll Processes (total 72): 0 System Idle Process 4 System 376 C:\Windows\System32\smss.exe 548 csrss.exe 624 C:\Windows\System32\wininit.exe 648 csrss.exe 692 C:\Windows\System32\services.exe 708 C:\Windows\System32\lsass.exe 716 C:\Windows\System32\lsm.exe 820 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\atiesrxx.exe 132 C:\Windows\System32\winlogon.exe 432 C:\Windows\System32\svchost.exe 428 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 1140 C:\Windows\System32\svchost.exe 1260 C:\Windows\System32\atieclxx.exe 1268 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\spoolsv.exe 1512 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1520 C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe 1540 C:\Windows\System32\svchost.exe 1660 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1696 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 1736 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 1816 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 1848 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 1904 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1912 C:\Windows\System32\conhost.exe 1960 C:\Program Files (x86)\Acer Bio Protection\BASVC.exe 2036 C:\Windows\System32\taskhost.exe 1252 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe 1716 C:\Windows\System32\dwm.exe 2064 C:\Windows\explorer.exe 2228 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 2304 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2312 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2328 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe 2376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2500 C:\Windows\PLFSetI.exe 2612 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2636 C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe 2644 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2768 C:\Windows\SysWOW64\PnkBstrA.exe 2792 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 2872 C:\Program Files\Acer\Acer Updater\UpdaterService.exe 2904 C:\Windows\System32\svchost.exe 2932 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 3140 C:\Windows\System32\SearchIndexer.exe 3400 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3416 C:\Program Files (x86)\Launch Manager\LManager.exe 3428 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe 3436 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe 3492 C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe 3516 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe 3572 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe 3580 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3612 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3632 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 3976 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe 712 C:\Windows\System32\wbem\unsecapp.exe 1000 WmiPrvSE.exe 2120 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe 4016 C:\Windows\System32\svchost.exe 1120 C:\Program Files\Windows Media Player\wmpnetwk.exe 3300 C:\Windows\System32\SearchProtocolHost.exe 3060 C:\Windows\System32\SearchFilterHost.exe 1280 dllhost.exe 1336 dllhost.exe 4532 C:\Users\Bundeshorst\Desktop\MBRCheck.exe 2028 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`e6abe800 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x0000003e`c5b00000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001J Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F67775E30322C8C2E8473AF5533ABD011BA4C929 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: |
|
27.05.2011, 16:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!fakealert-REP virus Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert? Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu FakeAlert!fakealert-REP virus |
| 64-bit, 7-zip, avira, bho, c:\windows\system32\rundll32.exe, converter, cubase, desktop, ebay, error, excel, extras.txt, fehler, firefox, flash player, google, google chrome, home, install.exe, jdownloader, launch, logfile, microsoft office word, mozilla, mp3, nicht gefunden, office 2007, oldtimer, otl.txt, programm, realtek, registry, richtlinie, sched.exe, schädling, searchplugins, security, security update, server, shell32.dll, shortcut, software, sptd.sys, start menu, syswow64, trojaner, virus, webcheck |
Linear-Darstellung
