Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten (https://www.trojaner-board.de/104503-svchost-exe-ping-exe-firefox-exe-iexplore-exe-oeffnen-schadhafte-webseiten.html)

thawkins 26.10.2011 09:52
svchost.exe, ping.exe, firefox.exe + iexplore.exe öffnen schadhafte Webseiten
 
Hallo,
nachdem mein Laptop am 14.10. mit einem Fakealert-Trojaner/Virus infiziert wurde habe ich nach dessen Beseitigung
anscheinend immer noch weitere Infektionen oder Reste, die sich nicht beseitigen lassen.

Die Symptome sind, dass nach der Anmeldung des Benutzers direkt die ping.exe aufgeht und Kontakt mit Schadseiten aufnimmt.
Der Prozess der ping.exe wächst mit der Zeit auf mehrere hundert MB an und verbraucht zunehmend mehr Rechenzeit...
Über die ping.exe werden anscheinend ganze Webseiten auf meinen Rechner geladen, die dann im Internet-Explorer-Cache und
Temp-Verzeichnis landen ohne dass die iexplore.exe geöffnet wurde. Weiterhin versuchen auch Firefox.exe, svchost.exe und
iexplore.exe (falls der IE mal benutzt wird) Kontakt mit Schadseiten aufzunehmen.
Malwarebytes blockiert die meisten dieser Zugriffe. Die Scanner, die ich benutzt habe (McAffee, Stinger, Malwarebytes)
finden alle keine infizierten Dateien.

Die Anleitung für Hilfesuchende konnte ich leider nicht komplett befolgen, da ich leider keinen Administrator-Account auf dem System (64 bit) habe.
Defogger konnte deshalb nicht gestartet werden.
Die OTL-Logs habe ich unten gepostet bzw. angehängt. (Firmen- und User/Rechnername sind per *** maskiert)

Code:
OTL logfile created on: 10/26/2011 9:36:44 AM - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 64.41% Memory free
7.73 Gb Paging File | 6.05 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.70 Gb Total Space | 93.55 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
Drive D: | 78.88 Gb Total Space | 57.72 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 3.00 Gb Total Space | 1.41 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive R: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS
Drive V: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS
Drive Y: | 227.40 Gb Total Space | 51.05 Gb Free Space | 22.45% Space Free | Partition Type: NTFS
Drive Z: | 1847.64 Gb Total Space | 1455.70 Gb Free Space | 78.79% Space Free | Partition Type: NTFS
 
Computer Name: ***-E6410 | User Name: *** | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/26 09:34:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/07/14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/07/14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/13 01:44:04 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/13 01:44:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/06 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/02 20:33:54 | 000,035,328 | ---- | M] (*** Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\*** Software\Unified IP\InstallAssistant\***InstallAssistant.exe -- (***InstallAssistant)
SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2010/01/06 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/11/25 17:41:28 | 001,740,800 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2009/11/25 17:32:12 | 000,167,936 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2009/11/25 17:32:12 | 000,114,688 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/29 17:54:54 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files (x86)\*** Software\Uniphi Connect\UniphiAdapterSvc.exe -- (***UniphiAdapterSvc)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe -- (OracleMTSRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\D79.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/25 17:03:20 | 000,271,400 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2010/05/13 01:44:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/13 01:44:12 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2010/05/13 01:44:10 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/05/13 01:44:10 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/13 01:44:08 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/13 01:44:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/13 01:44:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010/05/13 01:44:06 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/05/13 01:44:06 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2010/05/13 01:44:06 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2010/05/13 01:44:04 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/13 01:44:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/05/13 01:44:00 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/05/12 12:30:06 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2010/04/27 11:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2010/04/27 11:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2010/04/27 11:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM)
DRV:64bit: - [2010/04/27 11:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2010/04/10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/03/03 12:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/03/03 12:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/01/25 21:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2010/01/25 21:17:04 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2010/01/18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2010/01/06 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/01/06 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/11/18 10:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc.                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..network.proxy.backup.ftp: "172.16.21.152"
FF - prefs.js..network.proxy.backup.ftp_port: 81
FF - prefs.js..network.proxy.backup.socks: "172.16.21.152"
FF - prefs.js..network.proxy.backup.socks_port: 81
FF - prefs.js..network.proxy.backup.ssl: "172.16.21.152"
FF - prefs.js..network.proxy.backup.ssl_port: 81
FF - prefs.js..network.proxy.ftp: "172.16.21.152"
FF - prefs.js..network.proxy.ftp_port: 81
FF - prefs.js..network.proxy.http: "172.16.21.152"
FF - prefs.js..network.proxy.http_port: 81
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.21.152"
FF - prefs.js..network.proxy.socks_port: 81
FF - prefs.js..network.proxy.ssl: "172.16.21.152"
FF - prefs.js..network.proxy.ssl_port: 81
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 22:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 11:04:29 | 000,000,000 | ---D | M]
 
[2011/02/24 13:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/09/28 10:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions
[2011/07/18 17:29:53 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\engine@plasmoo.com
[2011/02/28 12:46:28 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\imageblock@hemantvats.com
[2011/10/14 15:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/06 20:33:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/03 22:17:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/06 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011/09/23 03:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
Hosts file not found
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [perfpal] C:\Program Files (x86)\*** Software\Unified IP Shared\Tools\PerfPal\savelog.bat ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anmeldung.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O15:64bit: - ..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([autodiscover] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([bos1cas1] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([corpdev] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([corpdev] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([hr] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([hr] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([it] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([it] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([sales] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([sales] https in Trusted sites)
O15 - HKCU\..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([autodiscover] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([bos1cas1] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([corpdev] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([corpdev] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([hr] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([hr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([it] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([it] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([sales] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([sales] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.64.15.40 10.64.15.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{702D714C-C851-4A51-AD74-5055E94072C0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B75AD69B-5CDF-4BB5-99A9-D896685AE54F}: DhcpNameServer = 10.64.15.40 10.64.15.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A3000A-07D2-48AD-BA3A-F1F162044C25}: NameServer = 10.74.83.22 193.254.160.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ***UniphiConnectDDEClient - hkey= - key= - C:\Program Files (x86)\*** Uniphi Connect DDE Client\UCDDE.exe (*** Software)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: dyKoehJmNj.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/26 09:34:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/10/21 23:27:29 | 007,104,275 | ---- | C] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe
[2011/10/21 23:26:23 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2011/10/21 22:41:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/17 10:30:17 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011/10/17 09:18:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/16 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 20:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/10/14 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/10/14 17:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/10/14 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/10/14 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/10/14 15:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/10/14 13:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/14 13:10:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/13 16:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/13 16:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/13 16:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/13 16:33:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/13 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\UCCAdminSDK_AgentAssigner
[2011/10/11 10:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Studio .NET 2002
[2011/10/09 14:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/10/09 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Roxio
[2011/10/06 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/05 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\*** Software
[2011/09/30 09:21:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon
[2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011/09/28 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\csunit.org
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/26 09:34:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/10/26 09:32:04 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011/10/26 08:55:26 | 000,969,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/26 08:55:26 | 000,795,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/26 08:55:26 | 000,171,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/26 08:53:42 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 08:53:42 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 08:48:06 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/10/26 08:46:40 | 000,007,604 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2011/10/26 08:46:11 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/10/26 08:46:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/10/26 08:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 08:45:51 | 3112,583,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 11:00:10 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2011/10/25 10:57:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/10/25 10:45:58 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/10/24 16:12:48 | 000,023,562 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2011/10/21 22:44:58 | 337,447,378 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe
[2011/10/21 14:35:57 | 000,067,175 | ---- | M] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf
[2011/10/21 10:13:28 | 008,646,656 | ---- | M] () -- C:\Users\***\Documents\***.qdb
[2011/10/18 16:10:32 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011/10/17 16:58:51 | 000,005,278 | ---- | M] () -- C:\Windows\SysWow64\SiteList.xml
[2011/10/16 20:12:50 | 000,002,991 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011/10/14 20:34:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/14 18:33:30 | 000,000,000 | ---- | M] () -- C:\Windows\SMSClientInstall.LHR
[2011/10/14 17:42:03 | 000,403,885 | ---- | M] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip
[2011/10/14 17:23:37 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/14 16:34:04 | 000,000,100 | ---- | M] () -- C:\index.ini
[2011/10/14 14:40:07 | 000,987,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 13:10:49 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 14:20:26 | 000,000,691 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/11 16:43:07 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011/10/06 15:20:25 | 000,200,146 | ---- | M] () -- C:\Users\***\Documents\***_UIP66Demo.rts
[2011/10/05 17:35:18 | 000,002,000 | ---- | M] () -- C:\Users\***\Documents\Default.rdp
[2011/10/05 15:50:20 | 000,000,340 | ---- | M] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms
[2011/10/03 22:17:28 | 000,002,066 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/30 11:12:15 | 000,004,913 | ---- | M] () -- C:\Users\***\Desktop\Users.csv
[2011/09/27 21:41:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 16:19:03 | 000,000,334 | ---- | M] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/10/26 09:28:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011/10/21 14:35:55 | 000,067,175 | ---- | C] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf
[2011/10/17 16:58:51 | 000,005,278 | ---- | C] () -- C:\Windows\SysWow64\SiteList.xml
[2011/10/16 20:12:50 | 000,002,991 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011/10/14 18:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\SMSClientInstall.LHR
[2011/10/14 17:42:03 | 000,403,885 | ---- | C] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip
[2011/10/14 17:23:37 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/14 16:34:04 | 000,000,100 | ---- | C] () -- C:\index.ini
[2011/10/14 15:21:23 | 000,028,775 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe
[2011/10/14 15:21:23 | 000,024,677 | ---- | C] () -- C:\Windows\SysWow64\java.exe
[2011/10/14 14:53:44 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/14 13:10:49 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 16:54:21 | 000,001,549 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/10/13 16:54:21 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/10/13 16:54:20 | 000,002,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CUEcards 2005.lnk
[2011/10/13 16:54:20 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2011/10/13 16:54:20 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/13 16:54:20 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/13 16:54:20 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/10/13 16:54:20 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/13 16:54:20 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/10/13 16:54:20 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/13 16:54:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/13 16:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/13 16:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/13 16:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/13 16:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/13 16:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/13 14:20:26 | 000,000,691 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/05 15:50:20 | 000,000,340 | ---- | C] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms
[2011/09/30 11:08:59 | 000,004,913 | ---- | C] () -- C:\Users\***\Desktop\Users.csv
[2011/09/27 16:19:03 | 000,000,334 | ---- | C] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms
[2011/09/13 14:25:19 | 000,000,011 | ---- | C] () -- C:\Windows\producer32.ini
[2011/07/23 00:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/09 12:19:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/04/28 15:41:44 | 000,001,350 | ---- | C] () -- C:\Windows\ntbackup.ini
[2011/04/15 06:35:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/04/15 06:35:06 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/04/04 20:43:39 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 12:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\dsedit.INI
[2011/03/14 18:36:40 | 000,003,400 | ---- | C] () -- C:\Windows\W32RegistryState.dat
[2011/03/05 00:59:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/02 11:32:19 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/02 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/01 18:20:46 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011/03/01 13:31:25 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011/02/24 13:20:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 12:21:28 | 000,987,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/21 12:20:57 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/11/01 22:06:12 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/01 22:05:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/01 21:41:57 | 000,023,562 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/01 20:14:36 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/11/01 20:14:36 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/11/01 20:11:48 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
 
========== LOP Check ==========
 
[2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software
[2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc
[2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward
[2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste
[2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell
[2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot
[2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager
[2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore
[2011/10/07 17:02:06 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/09/13 15:51:35 | 000,000,000 | ---D | M] -- C:\$***Rollback$
[2011/10/14 20:16:44 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010/11/02 01:06:45 | 000,000,000 | ---D | M] -- C:\boot
[2011/10/21 22:43:53 | 000,000,000 | --SD | M] -- C:\ComboFix
[2011/10/24 22:00:16 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011/02/21 12:03:18 | 000,000,000 | ---D | M] -- C:\dell
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/06/15 13:25:25 | 000,000,000 | ---D | M] -- C:\GE36C1PCL6Winx64_30160EN
[2011/04/15 06:59:37 | 000,000,000 | ---D | M] -- C:\ifx
[2011/09/13 15:27:08 | 000,000,000 | ---D | M] -- C:\inetpub
[2011/10/05 09:21:14 | 000,000,000 | ---D | M] -- C:\log
[2010/11/01 20:51:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/03/02 17:40:14 | 000,000,000 | ---D | M] -- C:\oracle
[2011/10/25 11:09:26 | 000,000,000 | ---D | M] -- C:\Outlook
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/10/14 20:31:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/10/21 11:29:14 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/10/24 16:12:52 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011/10/16 18:20:23 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/10/19 15:44:46 | 000,000,000 | ---D | M] -- C:\Quarantine
[2011/02/21 11:47:21 | 000,000,000 | ---D | M] -- C:\Recovery
[2011/09/13 15:09:16 | 000,000,000 | ---D | M] -- C:\SYBASE15
[2011/10/26 09:38:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/10/13 15:00:23 | 000,000,000 | R--D | M] -- C:\Users
[2011/10/26 08:46:19 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1
"NoAutoUpdate" = 1
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
Vielen Dank!

cosinus 26.10.2011 13:16
Zitat:
Fakealert-Trojaner/Virus infiziert wurde habe ich nach dessen Beseitigung
anscheinend immer noch weitere Infektionen oder Reste, die sich nicht beseitigen lassen.
Was wurde wie entfernt?
Poste alle relevanten bzw. schon erzeugen Logs von den dir eingesetzten Tools.

thawkins 26.10.2011 14:46
Hi Arne,
ich habe mal die Logfiles zusammen getragen die ich finden konnte.
ComboFix beschreibt in seinen Logs leider nicht, warum es eine Datei gelöscht hat.

McAfee hat hingegen die folgenden Trojaner identifiziert:
Downloader.a!ss (Trojan)
Downloader.a!ta (Trojan)

Das initiale Problem war, dass mein Laptop plötzlich ausging.
Nach einem Neustart bekam ich ein Popup mit diversen angeblichen Festplatten- und Virusproblemen.
Aufgrund des Titels des Popups bin habe ich auf den Fakealert-Trojaner geschlossen. Teile der Festplatte waren versteckt und das Profil war kaputt.
Nach dem Entfernen der .exe aus dem Autostart und dem "ent-verstecken" der Dateien hatte ich im abgesicherten Modus neu gestartet und ComboFiix ausgeführt. Danach war auch das Profil wieder in Ordnung...

Danke und Grüße

cosinus 26.10.2011 15:27
Zitat:
ComboFix beschreibt in seinen Logs leider nicht, warum es eine Datei gelöscht hat.
Warum wird eigentlich immer wieder CF ausgeführt wo doch hier überall Hinweise sind, dass da NICHT auf eigene Faust ausgeführt werden soll!?



http://www.trojaner-board.de/images/icons/icon4.gif Einen ganz klaren Hinweis gibt es zu http://www.trojaner-board.de/95175-combofix.html http://www.trojaner-board.de/images/icons/icon4.gif
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

thawkins 26.10.2011 15:43
Zitat:
Zitat von cosinus (Beitrag 713421)
Warum wird eigentlich immer wieder CF ausgeführt wo doch hier überall Hinweise sind, dass da NICHT auf eigene Faust ausgeführt werden soll!?
Nun ja, eine ganz einfache Antwort auf diese Frage: Anweisung unseres hausinternen Supports...
Dieser hat sich jedoch an diesem nachgelagerten Problem bis jetzt die Zähne ausgebissen...

cosinus 26.10.2011 19:03
Zitat:
Anweisung unseres hausinternen Supports...
Das ist also ein Bürorechner?
Warum setzt der hausinterne Support die Kiste nicht neu auf und will das über ein Forum gelöst kriegen? :balla:

thawkins 26.10.2011 20:56
Das wäre natürlich auch eine Möglichkeit, die ich allerdings nur als letzten Ausweg sehe, weil der im Ausland sitzt und es dann einige Tage dauert bis ich wieder vernünftig arbeiten kann.
Deshalb wollte ich es erst hier versuchen, in der Hoffnung hier ein paar Tipps zu bekommen...

cosinus 27.10.2011 08:04
Dann poste erstmal alle Log. In der Zip im ANhang war nur die extras.txt!

thawkins 27.10.2011 08:10
Moin Arne, hier die Logs...

cosinus 27.10.2011 10:37
Sagmal wie oft wurde CF denn ausgeführt? 3x oder noch öfter? Zumindest das erste CF-Log fehlt.
Und von Malwarebytes seh ich nur ein Protection-Log. Poste auch ALLE anderen Logs davon!

thawkins 27.10.2011 12:32
Das waren leider alle ComboFix-Logs die ich in diesem Verzeichnis gefunden habe...

Aber es gibt gute Neuigkeiten:
Ich habe den Kaspersky TDSSKiller laufen lassen und der hat folgendes gefunden:

11:43:36.0618 6840 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
11:43:36.0621 6840 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
11:43:36.0621 6840 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
11:43:36.0672 6840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:43:36.0672 6840 \Device\Harddisk0\DR0 - detected TDSS File System (1)

Das Dateisystem und das Rootkit konnte der Scanner löschen und nach einem Reboot taucht die ping.exe auch nicht mehr im Taskmanager auf. Die Aufrufe der Webseiten von anderen Prozessen sind bislang auch nicht mehr vorgekommen.

Ich frage mich nur warum die ganzen anderen Scanner dies nicht ebenfalls finden konnten...

Danke und Grüße

cosinus 27.10.2011 14:29
Was ist denn nun mit den anderen Malwarebytes-Logs?

thawkins 27.10.2011 14:38
Hier sind alle MalwareBytes-Logs (Protection- und Scan-Logs)...

cosinus 27.10.2011 14:55
mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

thawkins 27.10.2011 15:23
Hier der Log-Output vom Oldtimer:
Code:
OTL logfile created on: 10/27/2011 4:06:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 61.27% Memory free
7.73 Gb Paging File | 5.98 Gb Available in Paging File | 77.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.70 Gb Total Space | 93.49 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive D: | 78.88 Gb Total Space | 57.69 Gb Free Space | 73.14% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 727.44 Gb Free Space | 78.09% Space Free | Partition Type: NTFS
Drive H: | 3.00 Gb Total Space | 1.41 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive R: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Drive V: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Drive Y: | 227.40 Gb Total Space | 51.03 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Drive Z: | 1847.64 Gb Total Space | 1455.70 Gb Free Space | 78.79% Space Free | Partition Type: NTFS
 
Computer Name: ***-E6410 | User Name: *** | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/27 16:02:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/07/14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/13 01:44:04 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/13 01:44:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/06 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/02 20:33:54 | 000,035,328 | ---- | M] (*** Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\*** Software\Unified IP\InstallAssistant\***InstallAssistant.exe -- (***InstallAssistant)
SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/09 18:38:30 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/04/10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2010/01/06 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/11/25 17:41:28 | 001,740,800 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2009/11/25 17:32:12 | 000,167,936 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2009/11/25 17:32:12 | 000,114,688 | ---- | M] (iPass, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iPass\iPassConnect 35\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2009/11/13 03:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/29 17:54:54 | 000,020,480 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files (x86)\*** Software\Uniphi Connect\UniphiAdapterSvc.exe -- (***UniphiAdapterSvc)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/11 15:14:28 | 000,053,248 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe -- (OracleMTSRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/10/14 17:23:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\D79.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/25 17:03:20 | 000,271,400 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2010/05/13 01:44:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/13 01:44:12 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2010/05/13 01:44:10 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/05/13 01:44:10 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/13 01:44:08 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/13 01:44:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/13 01:44:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010/05/13 01:44:06 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/05/13 01:44:06 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2010/05/13 01:44:06 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2010/05/13 01:44:04 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/13 01:44:04 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/05/13 01:44:00 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/05/12 12:30:06 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2010/04/27 11:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2010/04/27 11:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2010/04/27 11:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless HSPA Mini-Card Device (WDM)
DRV:64bit: - [2010/04/27 11:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2010/04/10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/03/03 12:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/03/03 12:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/01/25 21:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2010/01/25 21:17:04 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2010/01/18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2010/01/06 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/01/06 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/11/18 10:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc.                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: imageblock@hemantvats.com:2.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..network.proxy.backup.ftp: "172.16.21.152"
FF - prefs.js..network.proxy.backup.ftp_port: 81
FF - prefs.js..network.proxy.backup.socks: "172.16.21.152"
FF - prefs.js..network.proxy.backup.socks_port: 81
FF - prefs.js..network.proxy.backup.ssl: "172.16.21.152"
FF - prefs.js..network.proxy.backup.ssl_port: 81
FF - prefs.js..network.proxy.ftp: "172.16.21.152"
FF - prefs.js..network.proxy.ftp_port: 81
FF - prefs.js..network.proxy.http: "172.16.21.152"
FF - prefs.js..network.proxy.http_port: 81
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.21.152"
FF - prefs.js..network.proxy.socks_port: 81
FF - prefs.js..network.proxy.ssl: "172.16.21.152"
FF - prefs.js..network.proxy.ssl_port: 81
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 22:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 11:04:29 | 000,000,000 | ---D | M]
 
[2011/02/24 13:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/09/28 10:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions
[2011/07/18 17:29:53 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\engine@plasmoo.com
[2011/02/28 12:46:28 | 000,000,000 | ---D | M] (ImageBlock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2t8tvs41.default\extensions\imageblock@hemantvats.com
[2011/10/14 15:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/06 20:33:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2T8TVS41.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/03 22:17:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/06 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011/09/23 03:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
Hosts file not found
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [perfpal] C:\Program Files (x86)\*** Software\Unified IP Shared\Tools\PerfPal\savelog.bat ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Anmeldung.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O15:64bit: - ..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([autodiscover] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([bos1cas1] https in Local intranet)
O15:64bit: - ..Trusted Domains: ***.com ([corpdev] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([corpdev] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([hr] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([hr] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([it] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([it] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([sales] http in Trusted sites)
O15:64bit: - ..Trusted Domains: ***.com ([sales] https in Trusted sites)
O15 - HKCU\..Trusted Domains: acpect.com ([bos1cas2] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([autodiscover] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([bos1cas1] https in Local intranet)
O15 - HKCU\..Trusted Domains: ***.com ([corpdev] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([corpdev] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([hr] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([hr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([it] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([it] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([sales] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ***.com ([sales] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab (Java Plug-in 1.4.1_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.64.15.40 10.64.15.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{702D714C-C851-4A51-AD74-5055E94072C0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B75AD69B-5CDF-4BB5-99A9-D896685AE54F}: DhcpNameServer = 10.64.15.40 10.64.15.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A3000A-07D2-48AD-BA3A-F1F162044C25}: NameServer = 10.74.83.22 193.254.160.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\***\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/04 13:08:14 | 000,000,183 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ***UniphiConnectDDEClient - hkey= - key= - C:\Program Files (x86)\*** Uniphi Connect DDE Client\UCDDE.exe (*** Software)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: dyKoehJmNj.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/27 11:34:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/27 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\tdsskiller
[2011/10/27 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011/10/26 15:10:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board
[2011/10/26 12:44:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/26 09:34:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/10/21 23:27:29 | 007,104,275 | ---- | C] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe
[2011/10/21 23:26:23 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2011/10/21 22:41:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/17 10:30:17 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011/10/16 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/16 20:12:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/14 20:16:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/14 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2011/10/14 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2011/10/14 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/10/14 17:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/10/14 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/10/14 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/10/14 15:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/14 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/10/14 13:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/14 13:10:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/14 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/13 16:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/13 16:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/13 16:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/13 16:33:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/13 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\UCCAdminSDK_AgentAssigner
[2011/10/11 10:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Visual Studio .NET 2002
[2011/10/09 14:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/10/09 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Roxio
[2011/10/06 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/05 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\*** Software
[2011/09/30 09:21:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon
[2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/09/30 09:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011/09/28 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\csunit.org
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/27 16:02:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/10/27 13:32:41 | 000,969,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/27 13:32:41 | 000,795,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/27 13:32:41 | 000,171,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/27 13:30:52 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 13:30:52 | 000,019,264 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 13:25:03 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/10/27 13:23:26 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/10/27 13:23:24 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/10/27 13:23:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/27 13:23:08 | 3112,583,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 09:32:04 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011/10/26 08:46:40 | 000,007,604 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2011/10/25 11:00:10 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2011/10/25 11:00:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2011/10/25 10:57:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/10/25 10:45:58 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/10/24 16:12:48 | 000,023,562 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/21 23:26:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2011/10/21 22:44:58 | 337,447,378 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe
[2011/10/21 14:35:57 | 000,067,175 | ---- | M] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf
[2011/10/21 10:13:28 | 008,646,656 | ---- | M] () -- C:\Users\***\Documents\***.qdb
[2011/10/18 16:10:32 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011/10/17 16:58:51 | 000,005,278 | ---- | M] () -- C:\Windows\SysWow64\SiteList.xml
[2011/10/16 20:12:50 | 000,002,991 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011/10/14 20:34:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/14 18:33:30 | 000,000,000 | ---- | M] () -- C:\Windows\SMSClientInstall.LHR
[2011/10/14 17:42:03 | 000,403,885 | ---- | M] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip
[2011/10/14 17:23:37 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/14 16:34:04 | 000,000,100 | ---- | M] () -- C:\index.ini
[2011/10/14 14:40:07 | 000,987,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 13:10:49 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 14:20:26 | 000,000,691 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/11 16:43:07 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011/10/06 15:20:25 | 000,200,146 | ---- | M] () -- C:\Users\***\Documents\***_UIP66Demo.rts
[2011/10/05 17:35:18 | 000,002,000 | ---- | M] () -- C:\Users\***\Documents\Default.rdp
[2011/10/05 15:50:20 | 000,000,340 | ---- | M] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms
[2011/10/03 22:17:28 | 000,002,066 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/30 11:12:15 | 000,004,913 | ---- | M] () -- C:\Users\***\Desktop\Users.csv
[2011/09/27 21:41:51 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 16:19:03 | 000,000,334 | ---- | M] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/10/26 09:28:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011/10/21 14:35:55 | 000,067,175 | ---- | C] () -- C:\Users\***\Documents\Ihr Auftrag bei K&M - Druckansicht.pdf
[2011/10/17 16:58:51 | 000,005,278 | ---- | C] () -- C:\Windows\SysWow64\SiteList.xml
[2011/10/16 20:12:50 | 000,002,991 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011/10/14 18:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\SMSClientInstall.LHR
[2011/10/14 17:42:03 | 000,403,885 | ---- | C] () -- C:\Users\***\Desktop\***.UnifiedIP.ErrorUtils.zip
[2011/10/14 17:23:37 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/14 16:34:04 | 000,000,100 | ---- | C] () -- C:\index.ini
[2011/10/14 15:21:23 | 000,028,775 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe
[2011/10/14 15:21:23 | 000,024,677 | ---- | C] () -- C:\Windows\SysWow64\java.exe
[2011/10/14 14:53:44 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/14 13:10:49 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 16:54:21 | 000,001,549 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/10/13 16:54:21 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/10/13 16:54:20 | 000,002,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CUEcards 2005.lnk
[2011/10/13 16:54:20 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2011/10/13 16:54:20 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/13 16:54:20 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/13 16:54:20 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/10/13 16:54:20 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/13 16:54:20 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/10/13 16:54:20 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/13 16:54:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/13 16:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/13 16:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/13 16:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/13 16:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/13 16:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/13 14:20:26 | 000,000,691 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/05 15:50:20 | 000,000,340 | ---- | C] () -- C:\Users\***\Desktop\Unified Resource Manager Client.appref-ms
[2011/09/30 11:08:59 | 000,004,913 | ---- | C] () -- C:\Users\***\Desktop\Users.csv
[2011/09/27 16:19:03 | 000,000,334 | ---- | C] () -- C:\Users\***\Desktop\Unified Agent Desktop.appref-ms
[2011/09/13 14:25:19 | 000,000,011 | ---- | C] () -- C:\Windows\producer32.ini
[2011/07/23 00:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/09 12:19:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/04/28 15:41:44 | 000,001,350 | ---- | C] () -- C:\Windows\ntbackup.ini
[2011/04/15 06:35:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/04/15 06:35:06 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/04/04 20:43:39 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 12:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\dsedit.INI
[2011/03/14 18:36:40 | 000,003,400 | ---- | C] () -- C:\Windows\W32RegistryState.dat
[2011/03/05 00:59:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/02 11:32:19 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/02 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/01 18:20:46 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011/03/01 13:31:25 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011/02/24 13:20:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 12:21:28 | 000,987,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/21 12:20:57 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/11/01 22:06:12 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/01 22:05:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/01 21:41:57 | 000,023,562 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/01 20:14:36 | 001,507,328 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/11/01 20:14:36 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/11/01 20:11:48 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
 
========== LOP Check ==========
 
[2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software
[2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc
[2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward
[2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste
[2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell
[2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot
[2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager
[2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore
[2011/10/07 17:02:06 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/27 11:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011/10/04 08:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011/09/14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software
[2011/06/21 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** Software Inc
[2011/03/01 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\code4ward
[2010/11/01 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2011/03/31 21:00:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011/07/18 17:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/07/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flashpaste
[2011/04/29 09:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011/06/20 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GPGshell
[2011/02/28 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greenshot
[2010/11/01 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011/03/18 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011/07/27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2010/11/01 21:34:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011/10/14 13:11:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/02/21 12:27:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\McAfee
[2009/07/14 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011/10/16 20:12:50 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011/02/24 13:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/02/25 18:42:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011/10/09 14:29:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2010/11/01 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio Log Files
[2011/06/22 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2011/10/26 22:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011/03/05 01:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011/10/13 17:47:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VMware
[2011/04/08 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WirelessManager
[2011/10/14 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2011/03/01 08:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WMCore
 
< %APPDATA%\*.exe /s >
[2010/04/10 21:11:36 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
[2010/04/10 21:11:36 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2010/04/10 21:11:38 | 000,157,040 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe
[2010/04/10 21:11:44 | 000,056,072 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe
[2011/07/04 16:54:26 | 000,247,152 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Java Secure Application Manager\jsamtool.exe
[2010/06/11 05:50:36 | 000,288,112 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe
[2010/06/11 05:50:36 | 000,043,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
[2009/11/13 03:59:04 | 000,220,040 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\AccessServiceComponent.x86.exe
[2010/02/19 02:27:02 | 000,087,408 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\dsCboxBroker.exe
[2010/02/19 02:27:00 | 000,701,808 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\dsCboxUI.exe
[2011/07/27 09:47:51 | 001,168,624 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\neoCBoxSetup.exe
[2010/02/19 02:27:04 | 000,183,680 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Secure Meeting 6.5.0\uninstall.exe
[2010/03/17 09:03:58 | 000,132,464 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2010/03/17 09:03:56 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010/03/17 09:03:00 | 000,329,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010/03/17 09:01:24 | 000,218,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010/03/17 09:04:02 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011/10/16 20:12:50 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011/10/26 12:30:52 | 000,001,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ECB55EF8-F571-4465-87EA-DF1B2C492388}\_853F67D554F05449430E7E.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011/10/21 22:31:38 | 007,104,275 | ---- | M] (BitDefender LLC) -- C:\ZeroAccessRemovalTool_32b.exe
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2004/11/15 10:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
[2010/05/13 01:44:12 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_56514e2bffcd0bde\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 27.10.2011 18:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/04 13:08:14 | 000,000,183 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

thawkins 27.10.2011 19:54
N'Abend und danke für die Fixes.
Hier ist das OTL-Log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File F:\autorun.inf not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 622845 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 46700429 bytes
->Temporary Internet Files folder emptied: 130822914 bytes
->FireFox cache emptied: 66701065 bytes
->Flash cache emptied: 28724 bytes
 
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 622845 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 656015 bytes
->Flash cache emptied: 456 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 36864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 206417945 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 478058 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94066 bytes
RecycleBin emptied: 15488370 bytes
 
Total Files Cleaned = 447.00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10272011_204435

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
F:\autorun.inf gehört zu einer externen Festplatte, die momentan nicht angeschlossen ist (erst morgen wieder...)

cosinus 27.10.2011 20:24
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

thawkins 27.10.2011 21:31
Das klappt leider nicht. Nach dem Update und dem Klick auf den Scan-Button bekomme ich einen reproduzierbaren Bluescreen:

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8800128bda5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102711-21606-01.

Weit ist der Scan an dem Punkt noch nicht gekommen und das Log wird zu dem Zeitpunkt noch nicht gespeichert (bzw. ich weiß nicht wo es gespeichert wird)

cosinus 28.10.2011 08:46
Dann mach mal bitte erst ein neues Log mit dem TDSS-Killer.

thawkins 28.10.2011 09:20
Moin,
anbei das TDSSKiller-Log.

Grüße

cosinus 28.10.2011 10:50
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

thawkins 28.10.2011 11:10
Hier der Output:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Enterprise Edition
Windows Information:                (build 7600), 64-bit
Base Board Manufacturer:        Dell Inc.
BIOS Manufacturer:                Dell Inc.
System Manufacturer:                Dell Inc.
System Product Name:                Latitude E6410
Logical Drives Mask:                0x0322009c

Kernel Drivers (total 240):
  0x03058000 \SystemRoot\system32\ntoskrnl.exe
  0x0300F000 \SystemRoot\system32\hal.dll
  0x00BBD000 \SystemRoot\system32\kdcom.dll
  0x00C63000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CA7000 \SystemRoot\system32\PSHED.dll
  0x00CBB000 \SystemRoot\system32\CLFS.SYS
  0x00D19000 \SystemRoot\system32\CI.dll
  0x00EB3000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F57000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x01048000 \SystemRoot\System32\Drivers\spqb.sys
  0x0116E000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01177000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x011A6000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00F66000 \SystemRoot\system32\DRIVERS\pci.sys
  0x01017000 \SystemRoot\System32\drivers\partmgr.sys
  0x0102C000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x01035000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00F99000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E5C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x0120A000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x01412000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x0141D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01469000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0147D000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x01648000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0148A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x014E8000 \SystemRoot\System32\Drivers\cng.sys
  0x0161A000 \SystemRoot\System32\drivers\pcw.sys
  0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x018BE000 \SystemRoot\system32\drivers\ndis.sys
  0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
  0x019B0000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0188B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0155B000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0189B000 \SystemRoot\system32\DRIVERS\stdfltn.sys
  0x018A3000 \SystemRoot\System32\Drivers\spldr.sys
  0x015A7000 \SystemRoot\System32\drivers\rdyboost.sys
  0x018AB000 \SystemRoot\System32\Drivers\mup.sys
  0x01C89000 \SystemRoot\system32\drivers\mfehidk.sys
  0x01CFA000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01D03000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01D3D000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01D53000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x046BF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x046E9000 \SystemRoot\System32\Drivers\Null.SYS
  0x046F2000 \SystemRoot\System32\Drivers\Beep.SYS
  0x046F9000 \SystemRoot\System32\drivers\vga.sys
  0x04707000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x0472C000 \SystemRoot\System32\drivers\watchdog.sys
  0x0473C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x04745000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x0474E000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x04757000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04762000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x04773000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x04791000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0479E000 \SystemRoot\system32\drivers\mfetdik.sys
  0x047B1000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04400000 \SystemRoot\system32\drivers\afd.sys
  0x04489000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x01D91000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x01DB7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x04492000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01DCD000 \SystemRoot\system32\DRIVERS\serial.sys
  0x01C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01C1B000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x01C27000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x01C5D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x00FAE000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x01C71000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x01C7D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x01DEA000 \SystemRoot\System32\drivers\discache.sys
  0x03C0C000 \SystemRoot\system32\drivers\csc.sys
  0x03C8F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03CAD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x04E9E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x059C9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x03CE4000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04E00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x04E6A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x04E7B000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x00C00000 \SystemRoot\system32\DRIVERS\e1k62x64.sys
  0x04E87000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04897000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x05C73000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
  0x06320000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0632D000 \SystemRoot\system32\DRIVERS\risdpe64.sys
  0x06346000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x06384000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x063A2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x063B1000 \SystemRoot\system32\DRIVERS\parport.sys
  0x05C00000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x05C4C000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x063CE000 \SystemRoot\system32\DRIVERS\Impcd.sys
  0x05C5B000 \SystemRoot\system32\DRIVERS\Accelern.sys
  0x048ED000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x05C6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x063F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x04903000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x04913000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
  0x04920000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04936000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0495A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04966000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04995000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x049B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x049D1000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x049EB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04800000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x063FE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04829000 \SystemRoot\system32\DRIVERS\ks.sys
  0x0486C000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x066EB000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x06745000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0675A000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x06773000 \SystemRoot\system32\drivers\portcls.sys
  0x067B0000 \SystemRoot\system32\drivers\drmk.sys
  0x067D2000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06600000 \SystemRoot\system32\DRIVERS\stwrt64.sys
  0x0667F000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
  0x07C28000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
  0x07E71000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
  0x07F3C000 \SystemRoot\system32\drivers\modem.sys
  0x00030000 \SystemRoot\System32\win32k.sys
  0x07F4B000 \SystemRoot\System32\drivers\Dxapi.sys
  0x07F57000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x07E00000 \SystemRoot\system32\DRIVERS\Mbm3CBus.sys
  0x07E5F000 \SystemRoot\system32\DRIVERS\Mbm3wh.sys
  0x044A1000 \SystemRoot\system32\DRIVERS\Mbm3Mdm.sys
  0x07E68000 \SystemRoot\system32\DRIVERS\Mbm3cm.sys
  0x07FAB000 \SystemRoot\system32\DRIVERS\Mbm3mdfl.sys
  0x04516000 \SystemRoot\system32\DRIVERS\Mbm3DevMt.sys
  0x07FB3000 \SystemRoot\System32\Drivers\wwuss64.sys
  0x07FBF000 \SystemRoot\System32\Drivers\wwussf64.sys
  0x07FCC000 \SystemRoot\system32\DRIVERS\d554scard.sys
  0x07FE0000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
  0x07FEC000 \SystemRoot\System32\DRIVERS\scfilter.sys
  0x07D9C000 \SystemRoot\system32\DRIVERS\WwanUsbMp64.sys
  0x07DE1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x07C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x07FFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0457E000 \SystemRoot\system32\drivers\btwampfl.sys
  0x066D1000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x02C8E000 \SystemRoot\System32\Drivers\bthport.sys
  0x02D1A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x02D28000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x02D41000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x02D4A000 \SystemRoot\system32\drivers\usbaudio.sys
  0x02D65000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x02D93000 \SystemRoot\System32\Drivers\cvusbdrv.sys
  0x02DE3000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x02DF0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x02C2C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x02C3C000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x02C5C000 \SystemRoot\system32\DRIVERS\hidbth.sys
  0x02C7A000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x00470000 \SystemRoot\System32\TSDDD.dll
  0x03EE5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x040ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x04100000 \SystemRoot\system32\drivers\luafv.sys
  0x04123000 \SystemRoot\system32\drivers\WudfPf.sys
  0x00690000 \SystemRoot\System32\cdd.dll
  0x04144000 \SystemRoot\system32\DRIVERS\WinUSB.sys
  0x04155000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x04186000 \SystemRoot\system32\DRIVERS\d554gps64.sys
  0x041A2000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x03E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x03E66000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x03E7E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x094E1000 \SystemRoot\system32\drivers\HTTP.sys
  0x095A9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x095C7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x09400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0942D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0947B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x09EC8000 \SystemRoot\system32\drivers\peauth.sys
  0x09F6E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x09F79000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x09FA6000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x09E00000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0A639000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0A6CE000 \SystemRoot\system32\drivers\mfeapfk.sys
  0x0A6E5000 \SystemRoot\system32\drivers\mfeavfk.sys
  0x0A701000 \SystemRoot\System32\drivers\rdpdr.sys
  0x0A72F000 \SystemRoot\system32\drivers\tdtcp.sys
  0x0A73A000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0x0A749000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x0A781000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x0A78C000 \??\C:\Windows\system32\drivers\mbam.sys
  0x0D31C000 \??\C:\Windows\SysWOW64\CCM\prepdrv.sys
  0x0D347000 \??\C:\Windows\system32\Drivers\PROCEXP141.SYS
  0x77B70000 \Windows\System32\ntdll.dll
  0x47C60000 \Windows\System32\smss.exe
  0xFFE90000 \Windows\System32\apisetschema.dll
  0xFF660000 \Windows\System32\autochk.exe
  0xFFC70000 \Windows\System32\ole32.dll
  0xFFC20000 \Windows\System32\Wldap32.dll
  0xFFBA0000 \Windows\System32\shlwapi.dll
  0xFFB20000 \Windows\System32\difxapi.dll
  0xFFA80000 \Windows\System32\comdlg32.dll
  0xFF9A0000 \Windows\System32\advapi32.dll
  0xFF870000 \Windows\System32\wininet.dll
  0x77D40000 \Windows\System32\psapi.dll
  0x77A70000 \Windows\System32\user32.dll
  0xFF800000 \Windows\System32\gdi32.dll
  0xFF620000 \Windows\System32\setupapi.dll
  0xFF580000 \Windows\System32\clbcatq.dll
  0xFF4E0000 \Windows\System32\msvcrt.dll
  0x77950000 \Windows\System32\kernel32.dll
  0xFF4D0000 \Windows\System32\lpk.dll
  0xFF270000 \Windows\System32\iertutil.dll
  0xFF160000 \Windows\System32\msctf.dll
  0xFF110000 \Windows\System32\ws2_32.dll
  0xFF0F0000 \Windows\System32\sechost.dll
  0xFF0D0000 \Windows\System32\imagehlp.dll
  0xFF0A0000 \Windows\System32\imm32.dll
  0xFEFC0000 \Windows\System32\oleaut32.dll
  0xFEE40000 \Windows\System32\urlmon.dll
  0x77D30000 \Windows\System32\normaliz.dll
  0xFE0B0000 \Windows\System32\shell32.dll
  0xFE0A0000 \Windows\System32\nsi.dll
  0xFDFD0000 \Windows\System32\usp10.dll
  0xFDEA0000 \Windows\System32\rpcrt4.dll
  0xFDE60000 \Windows\System32\cfgmgr32.dll
  0xFDDC0000 \Windows\System32\comctl32.dll
  0xFDDA0000 \Windows\System32\devobj.dll
  0xFDD60000 \Windows\System32\wintrust.dll
  0xFDBF0000 \Windows\System32\crypt32.dll
  0xFDB80000 \Windows\System32\KernelBase.dll
  0xFDB70000 \Windows\System32\msasn1.dll
  0x77D20000 \Windows\SysWOW64\normaliz.dll

Processes (total 79):
      0 System Idle Process
      4 System
    348 C:\Windows\System32\smss.exe
    500 csrss.exe
    576 C:\Windows\System32\wininit.exe
    604 csrss.exe
    636 C:\Windows\System32\services.exe
    656 C:\Windows\System32\lsass.exe
    664 C:\Windows\System32\lsm.exe
    764 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\nvvsvc.exe
    864 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    328 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe
    628 C:\Windows\System32\winlogon.exe
    1112 C:\Windows\System32\svchost.exe
    1252 WUDFHost.exe
    1312 WUDFHost.exe
    1384 C:\Windows\System32\svchost.exe
    1508 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\spoolsv.exe
    1672 C:\Windows\System32\svchost.exe
    1788 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    1964 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
    1992 C:\Windows\System32\svchost.exe
    2012 C:\Windows\System32\svchost.exe
    1224 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    1204 C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    2068 C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    2104 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    2144 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    2264 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    2324 C:\Windows\System32\mfevtps.exe
    2364 C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
    2420 C:\Windows\SysWOW64\rpcnet.exe
    2472 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2504 C:\Windows\System32\svchost.exe
    2556 naPrdMgr.exe
    2568 C:\Windows\System32\svchost.exe
    2592 C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    2848 C:\Windows\SysWOW64\CCM\CcmExec.exe
    2888 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
    2976 mfeann.exe
    3000 C:\Windows\System32\conhost.exe
    3656 WmiPrvSE.exe
    4056 C:\Windows\System32\svchost.exe
    3924 C:\Windows\System32\nvvsvc.exe
    4132 C:\Windows\System32\svchost.exe
    4412 C:\Windows\System32\taskhost.exe
    4464 C:\Windows\System32\dwm.exe
    4504 C:\Windows\explorer.exe
    4668 C:\Program Files\DellTPad\Apoint.exe
    4676 C:\Program Files\IDT\WDM\sttray64.exe
    4692 C:\Windows\System32\rundll32.exe
    4704 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    4792 C:\Program Files\DellTPad\ApMsgFwd.exe
    4852 C:\Program Files\DellTPad\hidfind.exe
    4860 C:\Program Files\DellTPad\ApntEx.exe
    4884 C:\Windows\System32\conhost.exe
    3712 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    4248 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    4460 C:\Windows\System32\SearchIndexer.exe
    4988 C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    5140 C:\Windows\System32\taskeng.exe
    5176 C:\Windows\System32\rundll32.exe
    5016 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    1972 C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    4052 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    5904 WmiPrvSE.exe
    4320 C:\Windows\System32\svchost.exe
    6404 C:\Windows\System32\SearchProtocolHost.exe
    6960 C:\Windows\System32\SearchFilterHost.exe
    1052 WmiPrvSE.exe
    3800 MpCmdRun.exe
    6428 C:\Users\***\Desktop\MBRCheck.exe
    388 C:\Windows\System32\conhost.exe
    2168 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`6d000000  (NTFS)

PhysicalDrive0 Model Number: ST9250410AS, Rev: D005SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 28.10.2011 11:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131