Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Virus/Trojaner (https://www.trojaner-board.de/105220-bundespolizei-virus-trojaner.html)

Islandis 19.11.2011 17:27

Bundespolizei Virus/Trojaner
 
Hallo zusammen,

leider hat auch mich die Tage der Bundespolizei Virus/Trojaner erwischt.

Ich wollte das Programm VirtualWiFi (Freeware) installieren. Nach der Installation sollte ich auf Updates checken. Ich lud also das vermeintlich neueste Update herunter. Darauf erschien das mir bisher unbekannte Fenster mit der Bundespolizei (100€) und der PC war gesperrt. Unter einem anderen Benutzer fand ich die Datei UPD.EXE und löschte diese. Danach konnte ich wieder als normaler Benutzer (kein Administrator) einloggen.

Malwarebytes fand infizierte Dateien und schob sie in Quarantäne. Leider kann ich das entsprechende logFile und die Bezeichnung der Dateien in Quarantäne nicht wiederfinden.

Ich habe nun versucht die Anleitung abzuarbeiten und füge die erstellten logs ein:

defogger:

Log created at 16:14 on 19/11/2011 (Boss)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL hat leider nur ein Log-File, nämlich OTL.TXT erstellt (Extra.Txt fehlt):

OTL logfile created on: 19.11.2011 16:32:22 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,51% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 174,01 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32

Computer Name: LAPPI-BOSS | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files\FSP\KbdHook.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Program Files\Rainlendar2\lfs.dll ()
MOD - C:\Program Files\Rainlendar2\lua51.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HWDeviceService.exe) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RSND) -- C:\Users\Boss\AppData\Local\Temp\RSND.exe (Sysinternals - www.sysinternals.com)
SRV - (YJEHRBYH) -- C:\Users\Boss\AppData\Local\Temp\YJEHRBYH.exe (Sysinternals - www.sysinternals.com)
SRV - (RIYSCJEUOHWHV) -- C:\Users\Boss\AppData\Local\Temp\RIYSCJEUOHWHV.exe (Sysinternals - www.sysinternals.com)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009.12.31 14:39:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.05.10 08:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.07.30 19:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.14 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2010.08.14 13:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions
[2011.09.15 10:17:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.10.03 23:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Amazon Statusbar Button) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.09.14 09:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.18 21:08:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 07:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Program Files\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CX Print Msgsrv] C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Viren\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bossi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CB81B2-F7D6-4483-9A84-768138904CAE}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A5C76D-CEA3-4E8C-B4A9-4B1F0746F08B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell - "" = AutoRun
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} - msiexec /fus {71504FB8-F84D-4B63-A97F-D6D5F0F0F410} /quiet
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.18 05:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.17 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualWifiRouter
[2011.11.09 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.19 16:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 16:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.19 16:19:47 | 000,047,873 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.19 16:19:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:13 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.19 16:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.19 16:19:02 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.19 16:13:49 | 000,000,000 | ---- | M] () -- C:\Users\Boss\defogger_reenable
[2011.11.19 14:03:36 | 089,315,518 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.18 13:32:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 05:21:55 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.17 00:01:07 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 00:01:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 00:01:07 | 000,165,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 00:01:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 20:09:14 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.11 08:39:51 | 298,536,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.09 15:35:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.19 16:13:49 | 000,000,000 | ---- | C] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 05:21:55 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.16 20:09:14 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 15:35:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.13 19:36:02 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.09.02 18:08:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.15 09:58:30 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll
[2009.08.15 09:58:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2009.08.15 09:51:26 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2009.08.15 09:51:26 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2009.08.15 09:51:26 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2009.08.15 09:28:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P3170EGD.ini
[2009.08.15 08:59:54 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw32.bin
[2009.08.13 13:43:59 | 000,053,248 | ---- | C] () -- C:\Windows\JCNETDEL.EXE
[2009.08.13 13:43:59 | 000,000,886 | ---- | C] () -- C:\Windows\JCNETDEL.INI
[2009.08.13 13:43:54 | 000,002,340 | ---- | C] () -- C:\Windows\DELJCNET.INI
[2009.08.13 13:42:15 | 000,000,017 | ---- | C] () -- C:\Windows\PRI_SEEK.INI
[2009.08.11 14:27:19 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 14:12:22 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.11 09:58:13 | 000,003,584 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.10 15:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,165,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.08.30 10:38:59 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AAV
[2009.11.01 12:14:34 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\AVG9
[2009.12.14 10:28:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\BatteryCare
[2011.10.12 11:20:51 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.15 09:10:14 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\EPSON
[2009.12.14 09:25:37 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Foxit
[2011.10.03 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GARMIN
[2011.03.05 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\GetRightToGo
[2009.09.04 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\metaspinner net GmbH
[2009.08.11 13:13:23 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Opera
[2009.08.15 10:27:36 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Smart Panel
[2011.07.30 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\T-Mobile
[2011.11.19 16:17:54 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.10.31 15:09:09 | 000,000,000 | -H-D | M] -- C:\$AVG
[2011.11.16 18:05:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.10 22:41:00 | 000,000,000 | ---D | M] -- C:\0146811ffc1b8b0b30df
[2010.10.13 22:39:05 | 000,000,000 | ---D | M] -- C:\07da8988c193ae67d1c5b8d860dd2f2f
[2011.09.16 13:12:28 | 000,000,000 | ---D | M] -- C:\38e5d8d185cd3563ac
[2011.06.16 07:25:18 | 000,000,000 | ---D | M] -- C:\55aab62fe7af0e8faaab6e2e56c5
[2010.01.14 20:09:33 | 000,000,000 | ---D | M] -- C:\a98e60ffce31682bf9b0
[2009.11.13 19:46:02 | 000,000,000 | ---D | M] -- C:\bd938ea4dd0eb6764d943e3c48f2
[2009.06.09 12:51:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.02 08:18:24 | 000,000,000 | ---D | M] -- C:\c457167e499064f3033cb3add1
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.11 09:05:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.23 08:05:36 | 000,000,000 | ---D | M] -- C:\Download
[2011.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\f337b2e861c8652c7f2dbd3a
[2011.04.16 09:52:32 | 000,000,000 | ---D | M] -- C:\f88426b396ebb4a446
[2011.10.03 19:20:32 | 000,000,000 | ---D | M] -- C:\Garmin
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.10 16:02:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.08.15 10:33:22 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011.11.18 05:21:52 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.18 05:22:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.19 16:34:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.16 17:56:00 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 08:39:51 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.11 17:05:35 | 000,000,000 | ---D | M] -- C:\wlbinaries

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-12 09:31:07

< End of report >


GMER ergab folgendes LOG:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2011-11-19 16:30:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: k8niv1wn.exe; Driver: C:\Users\Boss\AppData\Local\Temp\pwtdyfoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


Da AVG AntiVirus die OTL.exe als Virus erkennt ist es noch abgeschaltet.

Ich hoffe, dass ich erstmal die erforderlichen Daten für eine mögliche Hilfe eingefügt habe. Ich würde mich sehr freuen, wenn mir jemand bei der Lösung des Prolems helfen könnte.

Auf jeden Fall sage ich schon mal recht herzlichen Dank. Und auf jeden Fall wünsche ich noch ein schönes WE.

Grüße
Islandis

cosinus 20.11.2011 13:48

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Islandis 20.11.2011 14:49

Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Cosinus,

vielen Dank, dass Du dich meinem Problem annimmst.

Bevor ich etwas falsch mache:

Ich habe bereits einmal den esetonlinescanner laufen lassen. Das Ergebnis ist folgendes Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=799766a7d0ac63459c1dc8fdaa98fad8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-18 12:52:50
# local_time=2011-11-18 01:52:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 64940469 64940469 0 0
# compatibility_mode=1024 16777215 100 0 64576381 64576381 0 0
# compatibility_mode=5892 16776574 100 100 3144464 159100810 0 0
# compatibility_mode=8192 67108863 100 0 3861 3861 0 0
# scanned=333702
# found=17
# cleaned=17
# scan_time=9487
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Boss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Boss\Desktop\Browser_Reader\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\0\24\D80FAd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\0\B1\52F45d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\3\61\6EB1Dd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\3\F5\89CBCd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\4\10\86111d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\5\2C\EA028d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\48\3D64Ed01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\4E\5AA0Cd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\7\69\1BFF5d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\8\86\CC6EDd01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\9\1B\4797Ad01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\AppData\Local\Mozilla\Firefox\Profiles\c64csabm.default\Cache\9\F9\668F6d01 JS/Redirector.NAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Im Quarantäneordner befinden sich Dateien. Die kriege ich hier nicht reinkopiert, liegen aber als Bildausschnitt vor. Ich hänge diese mal als Anhang hier dran.




Ich lass Malwarebytes jetzt mal laufen und warte auf Anweisung bezügl. Esetonline. OK?

cosinus 20.11.2011 15:28

Zitat:

C:\Users\Hel\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hel\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

Islandis 20.11.2011 15:45

Hallo Arne,

dafür gibt es eigentlich keinen bestimmten Grund. Ich habe mir dazu auch noch keine Gedanken gemacht. Sorry. :stirn:

Wahrscheinlich, weil sie bei der Suche in Google immer oben an stehen?

Ich tu's bestimmt nicht wieder....:o

So, inzwischen ist auch der Scan von Malwarebyte fertig:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8192

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.11.2011 15:58:31
mbam-log-2011-11-20 (15-58-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 361432
Laufzeit: 56 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Was mach ich mit eset? Scan starten wie angegeben?

cosinus 20.11.2011 16:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
PRC - C:\Windows\System32\Rezip.exe ()
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
[2009.12.14 09:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Program Files\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - http://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home File not found
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart.pl?http://www.ebay.de File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell - "" = AutoRun
O33 - MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\Shell\AutoRun\command - "" = H:\AutoRun.exe
[2011.03.10 22:41:00 | 000,000,000 | ---D | M] -- C:\0146811ffc1b8b0b30df
[2010.10.13 22:39:05 | 000,000,000 | ---D | M] -- C:\07da8988c193ae67d1c5b8d860dd2f2f
[2011.09.16 13:12:28 | 000,000,000 | ---D | M] -- C:\38e5d8d185cd3563ac
[2011.06.16 07:25:18 | 000,000,000 | ---D | M] -- C:\55aab62fe7af0e8faaab6e2e56c5
[2010.01.14 20:09:33 | 000,000,000 | ---D | M] -- C:\a98e60ffce31682bf9b0
[2009.11.13 19:46:02 | 000,000,000 | ---D | M] -- C:\bd938ea4dd0eb6764d943e3c48f2
[2011.10.02 08:18:24 | 000,000,000 | ---D | M] -- C:\c457167e499064f3033cb3add1
[2011.02.19 17:44:00 | 000,000,000 | ---D | M] -- C:\f337b2e861c8652c7f2dbd3a
[2011.04.16 09:52:32 | 000,000,000 | ---D | M] -- C:\f88426b396ebb4a446

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Islandis 20.11.2011 17:15

Hallo Arne,

leider hat OTL.Exe nicht bis zum Ende gearbeitet. Es kam die Meldung von windows "OTL funktioniert nicht mehr". Weitere Eingaben waren nicht möglich. Ich habe Windows neu gestartet und es kam folgende Meldung:

Code:

Files\Folders moved on Reboot...
File\Folder C:\\Program Files\\Preispiraten6\\preispiraten.html not found!

Registry entries deleted on Reboot...

Soll ich OTL Fix noch mal starten oder vorher einen Scan posten?

Ich hoffe, ich bin nicht zu lästig....



Zwischenzeitlich habe ich einen Scan laufen lassen. Hier das Ergebnis:

OTL Logfile:
Code:

OTL logfile created on: 20.11.2011 17:36:02 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Hel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,30% Memory free
6,19 Gb Paging File | 4,60 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 174,13 Gb Free Space | 64,78% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
 
Computer Name: LAPPI-BOSS | User Name: Boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FSP\KbdHook.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (YJEHRBYH) --  File not found
SRV - (RSND) --  File not found
SRV - (RIYSCJEUOHWHV) --  File not found
SRV - (HWDeviceService.exe) --  File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (C-DillaCdaC11BA) -- C:\Windows\System32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009.12.31 14:39:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.05.10 08:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.07.30 19:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.14 09:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 10:17:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2010.08.14 13:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Extensions
[2011.11.20 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions
[2011.11.20 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions
[2011.09.15 10:17:17 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2010.10.03 23:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 10:17:18 | 000,000,000 | ---D | M] (Amazon Statusbar Button) -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14}
[2011.10.12 11:20:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.14 09:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.18 21:08:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 07:52:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\BOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EAKT02RM.DEFAULT\EXTENSIONS\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.08 16:22:48 | 000,001,987 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_amazonde.xml
[2007.01.08 12:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CX Print Msgsrv] C:\Program Files\silex technology\CX Print\Msgsrv.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Viren\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bossi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CB81B2-F7D6-4483-9A84-768138904CAE}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A5C76D-CEA3-4E8C-B4A9-4B1F0746F08B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.20 16:52:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.19 16:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.19 16:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.11.18 05:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.18 05:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.17 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.17 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualWifiRouter
[2011.11.09 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.20 17:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.20 17:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.11.20 17:00:39 | 000,047,873 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.20 16:59:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.20 16:59:37 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 16:59:37 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 16:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 16:59:26 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 13:37:05 | 089,370,407 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.19 16:13:49 | 000,000,000 | ---- | M] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 13:32:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 05:21:55 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.17 00:01:07 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 00:01:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 00:01:07 | 000,165,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 00:01:07 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 20:09:14 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.15 09:03:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.11 08:39:51 | 298,536,099 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.09 15:35:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.19 16:13:49 | 000,000,000 | ---- | C] () -- C:\Users\Boss\defogger_reenable
[2011.11.18 05:21:55 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.16 20:09:14 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 15:35:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.13 19:36:02 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.09.02 18:08:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.15 09:58:30 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll
[2009.08.15 09:58:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2009.08.15 09:51:26 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2009.08.15 09:51:26 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2009.08.15 09:51:26 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2009.08.15 09:28:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P3170EGD.ini
[2009.08.15 08:59:54 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw32.bin
[2009.08.13 13:43:59 | 000,053,248 | ---- | C] () -- C:\Windows\JCNETDEL.EXE
[2009.08.13 13:43:59 | 000,000,886 | ---- | C] () -- C:\Windows\JCNETDEL.INI
[2009.08.13 13:43:54 | 000,002,340 | ---- | C] () -- C:\Windows\DELJCNET.INI
[2009.08.13 13:42:15 | 000,000,017 | ---- | C] () -- C:\Windows\PRI_SEEK.INI
[2009.08.11 14:27:19 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.11 14:12:22 | 000,047,873 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.11 09:58:13 | 000,003,584 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.10 15:18:19 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,165,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

--- --- ---


Grüße

Islandis

cosinus 21.11.2011 09:39

Wiederhol den Fix

Islandis 21.11.2011 10:59

Guten Morgen Arne,

den Fix habe ich wiederholt; zuerst auf dem normalen Benutzerkonto. Da trat das gleiche Phänomen auf wie beim ersten mal. Ich habe dann in das Administratorkonto gewechselt und der FIX lief durch. System wurde neu gestartet mit folgendem Log:

Code:

All processes killed
========== OTL ==========
No active process named Rezip.exe was found!
Error: No service named Rezip was found to stop!
Service\Driver key Rezip not found.
File  C:\Windows\System32\Rezip.exe  not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\e\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba\\MenuText| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\#| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\&| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\?| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\+| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\=| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay\\MenuText| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Folder C:\Users\Boss\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Folder C:\Users\Boss\AppData\Roaming\mozilla\Firefox\Profiles\eakt02rm.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84B94901-3645-4D80-A6B7-4D0050B19455}\ not found.
File C:\Program Files\Preispiraten6\IEButtonAmazonInterface.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ not found.
File C:\Program Files\Preispiraten6\IEButtonEbayInterface.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
File C:\Program Files\Preispiraten6\IEButtonPPInterface.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
File C:\Users\Boss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E029088-432F-4EBF-9537-0171A4C37870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E79005A3-0F92-434B-9F7B-51131FC7168F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79005A3-0F92-434B-9F7B-51131FC7168F}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File D:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{334f559e-cd58-11e0-9dc9-001f1621f768}\ not found.
File H:\AutoRun.exe not found.
Folder C:\0146811ffc1b8b0b30df\ not found.
Folder C:\07da8988c193ae67d1c5b8d860dd2f2f\ not found.
Folder C:\38e5d8d185cd3563ac\ not found.
Folder C:\55aab62fe7af0e8faaab6e2e56c5\ not found.
Folder C:\a98e60ffce31682bf9b0\ not found.
Folder C:\bd938ea4dd0eb6764d943e3c48f2\ not found.
Folder C:\c457167e499064f3033cb3add1\ not found.
Folder C:\f337b2e861c8652c7f2dbd3a\ not found.
Folder C:\f88426b396ebb4a446\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boss
->Temp folder emptied: 33297 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12634691 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30524328 bytes
->Java cache emptied: 12426246 bytes
->FireFox cache emptied: 104393542 bytes
->Opera cache emptied: 22944020 bytes
->Flash cache emptied: 12404 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 124827226 bytes
RecycleBin emptied: 2188312 bytes
 
Total Files Cleaned = 296,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11212011_104844

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Grüße von Islandis

cosinus 21.11.2011 11:42

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Islandis 21.11.2011 12:01

Hi Arne,

hier das TDSS Log:

Code:

11:54:15.0341 5268        TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
11:54:15.0681 5268        ============================================================
11:54:15.0682 5268        Current date / time: 2011/11/21 11:54:15.0681
11:54:15.0682 5268        SystemInfo:
11:54:15.0682 5268       
11:54:15.0682 5268        OS Version: 6.0.6002 ServicePack: 2.0
11:54:15.0682 5268        Product type: Workstation
11:54:15.0682 5268        ComputerName: LAPPI-BOSS
11:54:15.0682 5268        UserName: Boss
11:54:15.0682 5268        Windows directory: C:\Windows
11:54:15.0682 5268        System windows directory: C:\Windows
11:54:15.0682 5268        Processor architecture: Intel x86
11:54:15.0682 5268        Number of processors: 2
11:54:15.0682 5268        Page size: 0x1000
11:54:15.0682 5268        Boot type: Normal boot
11:54:15.0682 5268        ============================================================
11:54:16.0025 5268        Initialize success
11:55:39.0363 2072        ============================================================
11:55:39.0363 2072        Scan started
11:55:39.0363 2072        Mode: Manual; SigCheck; TDLFS;
11:55:39.0363 2072        ============================================================
11:55:40.0268 2072        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:55:40.0393 2072        ACPI - ok
11:55:40.0595 2072        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:55:40.0611 2072        adp94xx - ok
11:55:40.0658 2072        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:55:40.0673 2072        adpahci - ok
11:55:40.0720 2072        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:55:40.0736 2072        adpu160m - ok
11:55:40.0751 2072        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:55:40.0767 2072        adpu320 - ok
11:55:40.0845 2072        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:55:40.0923 2072        AFD - ok
11:55:40.0970 2072        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:55:40.0970 2072        agp440 - ok
11:55:41.0017 2072        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:55:41.0017 2072        aic78xx - ok
11:55:41.0048 2072        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:55:41.0063 2072        aliide - ok
11:55:41.0095 2072        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:55:41.0095 2072        amdagp - ok
11:55:41.0126 2072        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:55:41.0126 2072        amdide - ok
11:55:41.0157 2072        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:55:41.0329 2072        AmdK7 - ok
11:55:41.0375 2072        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:55:41.0438 2072        AmdK8 - ok
11:55:41.0485 2072        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:55:41.0500 2072        arc - ok
11:55:41.0531 2072        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:55:41.0547 2072        arcsas - ok
11:55:41.0578 2072        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:41.0625 2072        AsyncMac - ok
11:55:41.0672 2072        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:55:41.0672 2072        atapi - ok
11:55:41.0750 2072        AvgLdx86        (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
11:55:42.0249 2072        AvgLdx86 - ok
11:55:42.0436 2072        AvgMfx86        (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
11:55:42.0436 2072        AvgMfx86 - ok
11:55:42.0514 2072        AvgTdiX        (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
11:55:42.0530 2072        AvgTdiX - ok
11:55:42.0577 2072        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:55:42.0608 2072        Beep - ok
11:55:42.0655 2072        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:55:42.0686 2072        blbdrive - ok
11:55:42.0779 2072        BMLoad          (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
11:55:42.0826 2072        BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:55:42.0826 2072        BMLoad - detected UnsignedFile.Multi.Generic (1)
11:55:42.0904 2072        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:55:42.0967 2072        bowser - ok
11:55:43.0013 2072        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:55:43.0091 2072        BrFiltLo - ok
11:55:43.0123 2072        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:55:43.0185 2072        BrFiltUp - ok
11:55:43.0216 2072        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:55:43.0403 2072        Brserid - ok
11:55:43.0419 2072        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:55:43.0481 2072        BrSerWdm - ok
11:55:43.0497 2072        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:55:43.0591 2072        BrUsbMdm - ok
11:55:43.0606 2072        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:55:43.0653 2072        BrUsbSer - ok
11:55:43.0684 2072        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:55:43.0762 2072        BTHMODEM - ok
11:55:43.0825 2072        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:55:43.0871 2072        cdfs - ok
11:55:43.0918 2072        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:55:43.0949 2072        cdrom - ok
11:55:43.0965 2072        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:55:44.0012 2072        circlass - ok
11:55:44.0043 2072        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:55:44.0059 2072        CLFS - ok
11:55:44.0105 2072        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:44.0152 2072        CmBatt - ok
11:55:44.0183 2072        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:55:44.0183 2072        cmdide - ok
11:55:44.0199 2072        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:55:44.0215 2072        Compbatt - ok
11:55:44.0230 2072        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:55:44.0230 2072        crcdisk - ok
11:55:44.0246 2072        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:55:44.0293 2072        Crusoe - ok
11:55:44.0355 2072        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:55:44.0417 2072        DfsC - ok
11:55:44.0480 2072        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:55:44.0495 2072        disk - ok
11:55:44.0558 2072        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:55:44.0573 2072        drmkaud - ok
11:55:44.0620 2072        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:55:44.0667 2072        DXGKrnl - ok
11:55:44.0729 2072        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:55:44.0761 2072        E1G60 - ok
11:55:44.0807 2072        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:55:44.0823 2072        Ecache - ok
11:55:44.0854 2072        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:55:44.0870 2072        elxstor - ok
11:55:44.0901 2072        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:55:44.0963 2072        ErrDev - ok
11:55:45.0041 2072        ewusbnet        (fb54f67974d13d73be3e2f1df042d295) C:\Windows\system32\DRIVERS\ewusbnet.sys
11:55:45.0073 2072        ewusbnet - ok
11:55:45.0135 2072        ew_hwusbdev    (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:55:45.0182 2072        ew_hwusbdev - ok
11:55:45.0244 2072        ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
11:55:45.0307 2072        ew_usbenumfilter - ok
11:55:45.0353 2072        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:55:45.0400 2072        exfat - ok
11:55:45.0447 2072        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:55:45.0463 2072        fastfat - ok
11:55:45.0525 2072        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:55:45.0556 2072        fdc - ok
11:55:45.0603 2072        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:55:45.0603 2072        FileInfo - ok
11:55:45.0634 2072        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:55:45.0665 2072        Filetrace - ok
11:55:45.0681 2072        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:55:45.0728 2072        flpydisk - ok
11:55:45.0790 2072        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:55:45.0806 2072        FltMgr - ok
11:55:45.0868 2072        fspad_wlh32    (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
11:55:45.0946 2072        fspad_wlh32 - ok
11:55:45.0977 2072        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:55:46.0009 2072        Fs_Rec - ok
11:55:46.0024 2072        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:55:46.0040 2072        gagp30kx - ok
11:55:46.0102 2072        grmnusb        (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
11:55:46.0165 2072        grmnusb - ok
11:55:46.0258 2072        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:55:46.0305 2072        HdAudAddService - ok
11:55:46.0367 2072        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:55:46.0461 2072        HDAudBus - ok
11:55:46.0492 2072        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:55:46.0539 2072        HidBth - ok
11:55:46.0601 2072        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:55:46.0679 2072        HidIr - ok
11:55:46.0726 2072        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:55:46.0757 2072        HidUsb - ok
11:55:46.0804 2072        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:55:46.0804 2072        HpCISSs - ok
11:55:46.0867 2072        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:55:46.0929 2072        HTTP - ok
11:55:46.0991 2072        huawei_cdcacm  (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
11:55:47.0038 2072        huawei_cdcacm - ok
11:55:47.0054 2072        huawei_cdcecm  (1ef9e48ab82ea785c7348b22e9b02dc4) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
11:55:47.0085 2072        huawei_cdcecm - ok
11:55:47.0116 2072        huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:55:47.0147 2072        huawei_enumerator - ok
11:55:47.0179 2072        huawei_ext_ctrl (69a103138b77ac0950ec3846e2e6f655) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
11:55:47.0210 2072        huawei_ext_ctrl - ok
11:55:47.0272 2072        hwdatacard      (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:55:47.0350 2072        hwdatacard - ok
11:55:47.0397 2072        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:55:47.0413 2072        i2omp - ok
11:55:47.0444 2072        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:55:47.0475 2072        i8042prt - ok
11:55:47.0537 2072        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
11:55:47.0569 2072        iaStor - ok
11:55:47.0600 2072        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:55:47.0615 2072        iaStorV - ok
11:55:47.0647 2072        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:55:47.0662 2072        iirsp - ok
11:55:47.0787 2072        IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
11:55:47.0927 2072        IntcAzAudAddService - ok
11:55:47.0959 2072        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:55:47.0974 2072        intelide - ok
11:55:48.0021 2072        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:55:48.0052 2072        intelppm - ok
11:55:48.0083 2072        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:55:48.0115 2072        IpFilterDriver - ok
11:55:48.0130 2072        IpInIp - ok
11:55:48.0146 2072        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:55:48.0177 2072        IPMIDRV - ok
11:55:48.0193 2072        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:55:48.0224 2072        IPNAT - ok
11:55:48.0239 2072        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:55:48.0271 2072        IRENUM - ok
11:55:48.0302 2072        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:55:48.0302 2072        isapnp - ok
11:55:48.0333 2072        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:55:48.0349 2072        iScsiPrt - ok
11:55:48.0364 2072        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:55:48.0380 2072        iteatapi - ok
11:55:48.0411 2072        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:55:48.0411 2072        iteraid - ok
11:55:48.0442 2072        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:55:48.0442 2072        kbdclass - ok
11:55:48.0473 2072        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:55:48.0505 2072        kbdhid - ok
11:55:48.0551 2072        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:55:48.0567 2072        KSecDD - ok
11:55:48.0614 2072        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:55:48.0645 2072        lltdio - ok
11:55:48.0676 2072        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:55:48.0692 2072        LSI_FC - ok
11:55:48.0707 2072        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:55:48.0723 2072        LSI_SAS - ok
11:55:48.0739 2072        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:55:48.0754 2072        LSI_SCSI - ok
11:55:48.0770 2072        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:55:48.0801 2072        luafv - ok
11:55:48.0832 2072        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:55:48.0848 2072        megasas - ok
11:55:48.0879 2072        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:55:48.0910 2072        MegaSR - ok
11:55:48.0926 2072        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:55:48.0941 2072        Modem - ok
11:55:48.0973 2072        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:55:49.0019 2072        monitor - ok
11:55:49.0035 2072        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:55:49.0035 2072        mouclass - ok
11:55:49.0066 2072        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:55:49.0097 2072        mouhid - ok
11:55:49.0113 2072        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:55:49.0113 2072        MountMgr - ok
11:55:49.0160 2072        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:55:49.0175 2072        mpio - ok
11:55:49.0191 2072        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:55:49.0222 2072        mpsdrv - ok
11:55:49.0253 2072        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:55:49.0269 2072        Mraid35x - ok
11:55:49.0285 2072        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:55:49.0363 2072        MRxDAV - ok
11:55:49.0409 2072        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:55:49.0441 2072        mrxsmb - ok
11:55:49.0503 2072        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:55:49.0534 2072        mrxsmb10 - ok
11:55:49.0550 2072        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:55:49.0565 2072        mrxsmb20 - ok
11:55:49.0597 2072        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:55:49.0612 2072        msahci - ok
11:55:49.0628 2072        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:55:49.0643 2072        msdsm - ok
11:55:49.0675 2072        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:55:49.0721 2072        Msfs - ok
11:55:49.0753 2072        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:55:49.0768 2072        msisadrv - ok
11:55:49.0799 2072        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:55:49.0831 2072        MSKSSRV - ok
11:55:49.0846 2072        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:55:49.0862 2072        MSPCLOCK - ok
11:55:49.0909 2072        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:55:49.0924 2072        MSPQM - ok
11:55:49.0955 2072        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:55:49.0971 2072        MsRPC - ok
11:55:50.0002 2072        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:55:50.0018 2072        mssmbios - ok
11:55:50.0049 2072        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:55:50.0080 2072        MSTEE - ok
11:55:50.0096 2072        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:55:50.0111 2072        Mup - ok
11:55:50.0158 2072        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:55:50.0174 2072        NativeWifiP - ok
11:55:50.0221 2072        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:55:50.0236 2072        NDIS - ok
11:55:50.0283 2072        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:55:50.0314 2072        NdisTapi - ok
11:55:50.0361 2072        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:55:50.0392 2072        Ndisuio - ok
11:55:50.0423 2072        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:55:50.0455 2072        NdisWan - ok
11:55:50.0470 2072        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:55:50.0501 2072        NDProxy - ok
11:55:50.0548 2072        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:55:50.0564 2072        NetBIOS - ok
11:55:50.0595 2072        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:55:50.0626 2072        netbt - ok
11:55:50.0657 2072        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:55:50.0673 2072        nfrd960 - ok
11:55:50.0704 2072        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:55:50.0735 2072        Npfs - ok
11:55:50.0751 2072        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:55:50.0782 2072        nsiproxy - ok
11:55:50.0829 2072        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:55:50.0938 2072        Ntfs - ok
11:55:50.0969 2072        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:55:51.0016 2072        ntrigdigi - ok
11:55:51.0079 2072        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:55:51.0110 2072        Null - ok
11:55:51.0141 2072        NVHDA          (d2f4c4b22969236382ca853b8daa2d4e) C:\Windows\system32\drivers\nvhda32v.sys
11:55:51.0157 2072        NVHDA - ok
11:55:51.0344 2072        nvlddmkm        (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:55:51.0687 2072        nvlddmkm - ok
11:55:51.0718 2072        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:55:51.0734 2072        nvraid - ok
11:55:51.0749 2072        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:55:51.0765 2072        nvstor - ok
11:55:51.0781 2072        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:55:51.0796 2072        nv_agp - ok
11:55:51.0796 2072        NwlnkFlt - ok
11:55:51.0812 2072        NwlnkFwd - ok
11:55:51.0859 2072        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:55:51.0905 2072        ohci1394 - ok
11:55:51.0937 2072        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:55:51.0999 2072        Parport - ok
11:55:52.0030 2072        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:55:52.0046 2072        partmgr - ok
11:55:52.0061 2072        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:55:52.0108 2072        Parvdm - ok
11:55:52.0155 2072        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:55:52.0155 2072        pci - ok
11:55:52.0202 2072        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:55:52.0202 2072        pciide - ok
11:55:52.0233 2072        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:55:52.0233 2072        pcmcia - ok
11:55:52.0295 2072        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:55:52.0389 2072        PEAUTH - ok
11:55:52.0436 2072        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:55:52.0483 2072        PptpMiniport - ok
11:55:52.0498 2072        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:55:52.0545 2072        Processor - ok
11:55:52.0576 2072        Profos - ok
11:55:52.0607 2072        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:55:52.0639 2072        PSched - ok
11:55:52.0685 2072        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:55:52.0685 2072        PxHelp20 - ok
11:55:52.0763 2072        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:55:52.0857 2072        ql2300 - ok
11:55:52.0873 2072        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:55:52.0888 2072        ql40xx - ok
11:55:52.0904 2072        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:55:52.0935 2072        QWAVEdrv - ok
11:55:52.0966 2072        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:55:52.0997 2072        RasAcd - ok
11:55:53.0029 2072        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:55:53.0044 2072        Rasl2tp - ok
11:55:53.0091 2072        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:55:53.0122 2072        RasPppoe - ok
11:55:53.0169 2072        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:55:53.0200 2072        RasSstp - ok
11:55:53.0216 2072        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:55:53.0247 2072        rdbss - ok
11:55:53.0278 2072        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:55:53.0309 2072        RDPCDD - ok
11:55:53.0341 2072        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:55:53.0372 2072        rdpdr - ok
11:55:53.0387 2072        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:55:53.0419 2072        RDPENCDD - ok
11:55:53.0450 2072        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:55:53.0465 2072        RDPWD - ok
11:55:53.0528 2072        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:55:53.0559 2072        rspndr - ok
11:55:53.0590 2072        RTL8169        (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:55:53.0637 2072        RTL8169 - ok
11:55:54.0713 2072        rtl8192se      (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
11:55:54.0729 2072        rtl8192se - ok
11:55:54.0838 2072        RTSTOR          (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
11:55:54.0869 2072        RTSTOR - ok
11:55:55.0603 2072        SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:55:55.0603 2072        SASDIFSV - ok
11:55:57.0927 2072        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:55:57.0927 2072        SASKUTIL - ok
11:55:58.0021 2072        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:55:58.0021 2072        sbp2port - ok
11:55:58.0099 2072        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:55:58.0145 2072        secdrv - ok
11:55:59.0191 2072        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:55:59.0284 2072        Serenum - ok
11:55:59.0378 2072        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:55:59.0425 2072        Serial - ok
11:55:59.0471 2072        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:55:59.0518 2072        sermouse - ok
11:55:59.0549 2072        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:55:59.0565 2072        sffdisk - ok
11:55:59.0581 2072        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:55:59.0596 2072        sffp_mmc - ok
11:55:59.0612 2072        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:55:59.0643 2072        sffp_sd - ok
11:55:59.0659 2072        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:55:59.0721 2072        sfloppy - ok
11:56:00.0049 2072        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:56:00.0064 2072        sisagp - ok
11:56:00.0158 2072        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:56:00.0173 2072        SiSRaid2 - ok
11:56:00.0220 2072        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:56:00.0236 2072        SiSRaid4 - ok
11:56:00.0267 2072        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:56:00.0298 2072        Smb - ok
11:56:00.0392 2072        SNP2UVC        (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
11:56:00.0517 2072        SNP2UVC - ok
11:56:00.0532 2072        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:56:00.0532 2072        spldr - ok
11:56:00.0595 2072        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:56:00.0626 2072        srv - ok
11:56:00.0704 2072        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:56:00.0735 2072        srv2 - ok
11:56:00.0782 2072        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:56:00.0797 2072        srvnet - ok
11:56:00.0844 2072        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:56:00.0860 2072        swenum - ok
11:56:00.0891 2072        sxuptp          (4021808cdc02c51f312a8394c4a93bcd) C:\Windows\system32\DRIVERS\sxuptp.sys
11:56:00.0907 2072        sxuptp - ok
11:56:00.0922 2072        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:56:00.0938 2072        Symc8xx - ok
11:56:00.0953 2072        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:56:00.0953 2072        Sym_hi - ok
11:56:00.0985 2072        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:56:00.0985 2072        Sym_u3 - ok
11:56:01.0063 2072        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
11:56:01.0156 2072        Tcpip - ok
11:56:01.0187 2072        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
11:56:01.0234 2072        Tcpip6 - ok
11:56:01.0328 2072        tcpipBM        (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
11:56:01.0328 2072        tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:56:01.0328 2072        tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:56:01.0390 2072        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:56:01.0406 2072        tcpipreg - ok
11:56:01.0453 2072        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:56:01.0484 2072        TDPIPE - ok
11:56:01.0499 2072        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:56:01.0531 2072        TDTCP - ok
11:56:01.0562 2072        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:56:01.0609 2072        tdx - ok
11:56:01.0655 2072        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:56:01.0655 2072        TermDD - ok
11:56:01.0687 2072        Trufos - ok
11:56:01.0718 2072        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:56:01.0749 2072        tssecsrv - ok
11:56:01.0780 2072        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:56:01.0827 2072        tunmp - ok
11:56:01.0874 2072        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:56:01.0905 2072        tunnel - ok
11:56:01.0936 2072        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:56:01.0952 2072        uagp35 - ok
11:56:01.0983 2072        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:56:02.0014 2072        udfs - ok
11:56:02.0045 2072        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:56:02.0045 2072        uliagpkx - ok
11:56:02.0077 2072        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:56:02.0092 2072        uliahci - ok
11:56:02.0123 2072        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:56:02.0123 2072        UlSata - ok
11:56:02.0155 2072        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:56:02.0155 2072        ulsata2 - ok
11:56:02.0201 2072        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:56:02.0217 2072        umbus - ok
11:56:02.0264 2072        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:56:02.0279 2072        usbccgp - ok
11:56:02.0311 2072        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:56:02.0357 2072        usbcir - ok
11:56:02.0389 2072        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:56:02.0435 2072        usbehci - ok
11:56:02.0482 2072        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:56:02.0513 2072        usbhub - ok
11:56:02.0545 2072        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:56:02.0591 2072        usbohci - ok
11:56:02.0623 2072        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:56:02.0638 2072        usbprint - ok
11:56:02.0685 2072        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:56:02.0716 2072        usbscan - ok
11:56:02.0763 2072        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:56:02.0794 2072        USBSTOR - ok
11:56:02.0825 2072        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:56:02.0857 2072        usbuhci - ok
11:56:02.0903 2072        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:56:02.0935 2072        usbvideo - ok
11:56:02.0966 2072        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:56:02.0997 2072        vga - ok
11:56:03.0028 2072        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:56:03.0059 2072        VgaSave - ok
11:56:03.0075 2072        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:56:03.0091 2072        viaagp - ok
11:56:03.0106 2072        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:56:03.0153 2072        ViaC7 - ok
11:56:03.0184 2072        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:56:03.0200 2072        viaide - ok
11:56:03.0215 2072        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:56:03.0231 2072        volmgr - ok
11:56:03.0262 2072        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:56:03.0278 2072        volmgrx - ok
11:56:03.0309 2072        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:56:03.0325 2072        volsnap - ok
11:56:03.0340 2072        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:56:03.0356 2072        vsmraid - ok
11:56:03.0387 2072        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:56:03.0434 2072        WacomPen - ok
11:56:03.0449 2072        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:03.0481 2072        Wanarp - ok
11:56:03.0527 2072        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:03.0543 2072        Wanarpv6 - ok
11:56:03.0559 2072        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:56:03.0574 2072        Wd - ok
11:56:03.0605 2072        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:56:03.0621 2072        Wdf01000 - ok
11:56:03.0683 2072        WINIO          (819c68ff6c4c63886d636ffb2dabf5ef) C:\Windows\system32\WinIo.sys
11:56:03.0715 2072        WINIO ( UnsignedFile.Multi.Generic ) - warning
11:56:03.0715 2072        WINIO - detected UnsignedFile.Multi.Generic (1)
11:56:03.0777 2072        WinRing0_1_2_0  (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\BatteryCare\WinRing0.sys
11:56:03.0777 2072        WinRing0_1_2_0 - ok
11:56:03.0824 2072        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:56:03.0871 2072        WmiAcpi - ok
11:56:03.0949 2072        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:56:03.0980 2072        WpdUsb - ok
11:56:04.0011 2072        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:56:04.0042 2072        ws2ifsl - ok
11:56:04.0073 2072        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:56:04.0120 2072        WUDFRd - ok
11:56:04.0198 2072        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:56:04.0682 2072        \Device\Harddisk0\DR0 - ok
11:56:04.0697 2072        Boot (0x1200)  (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
11:56:04.0697 2072        \Device\Harddisk0\DR0\Partition0 - ok
11:56:05.0384 2072        Boot (0x1200)  (7e02661036e00188d64afd57a65c62b0) \Device\Harddisk0\DR0\Partition1
11:56:05.0384 2072        \Device\Harddisk0\DR0\Partition1 - ok
11:56:05.0384 2072        ============================================================
11:56:05.0384 2072        Scan finished
11:56:05.0384 2072        ============================================================
11:56:05.0399 1652        Detected object count: 3
11:56:05.0399 1652        Actual detected object count: 3
11:56:59.0210 1652        BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0210 1652        BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:56:59.0210 1652        tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0210 1652        tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:56:59.0214 1652        WINIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:56:59.0214 1652        WINIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

Du bist ja schwer beschäftigt...

Meine Hochachtung wie Du das alles so schnell bearbeitest

Gruß
Islandis

cosinus 21.11.2011 12:02

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Islandis 21.11.2011 13:34

Sorry Arne,

leider schlechte Nachricht: Combofix lief ganz normal durch, hat den PC neu gestartet. Beim Restart habe ich das Benutzerkonto aktiviert aus dem Combofix gestartet wurde (mit Administratorrechten). Danach öffneten und schlossen sich Combofix GFesnter in sehr schneller Folge. Es sah so aus dass er eine C:\combofix\pev.3xe offnen wollte.

Dies liess ich ca. 50 Min laufen, ohne dass sich etwas veränderte.

Ich habe dann den PC manuell neu gestartet mit dem selben Benutzere. Wieder das gleiche Spiel. Im dritten Versuch habe ich Windows als Administrator aktiviert und daraufhin erschien wieder Combofix mit dem Hinweis, dass er eine Log.Text im o.a. Verzeichnis ertstellen würde und beendete normal. Allerdings konnte das gewünschte Log-File nicht erstellt werden. Im Combofix Verzeichnis finde ich auch kein Combofix.txt.

Soll ich Combofix noch einmal als Benutzer Administrator starten?

Danke schon mal.

Gruß
Islandis

cosinus 21.11.2011 15:33

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Islandis 21.11.2011 17:51

Danke Arne, diesmal hat's geklappt.

Hier das Combofix log:

Code:

Combofix Logfile:

       
Code:

       
ComboFix 11-11-21.01 - Boss 21.11.2011  17:26:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1908 [GMT 1:00]
ausgeführt von:: c:\users\Boss\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\WinIo.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-21 bis 2011-11-21  ))))))))))))))))))))))))))))))
.
.
2011-11-21 16:35 . 2011-11-21 16:35        --------        d-----w-        c:\users\Boss\AppData\Local\temp
2011-11-21 16:35 . 2011-11-21 16:35        --------        d-----w-        c:\users\Hel\AppData\Local\temp
2011-11-21 16:35 . 2011-11-21 16:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-20 15:52 . 2011-11-20 15:52        --------        d-----w-        C:\_OTL
2011-11-19 15:53 . 2011-11-19 15:53        --------        d-----w-        c:\program files\7-Zip
2011-11-18 18:47 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67517676-631F-4A02-9DB2-76013C059DB6}\mpengine.dll
2011-11-18 04:22 . 2011-11-18 04:22        --------        d-----w-        c:\users\Hel\AppData\Roaming\SUPERAntiSpyware.com
2011-11-18 04:21 . 2011-11-18 04:22        --------        d-----w-        c:\program files\SUPERAntiSpyware
2011-11-18 04:21 . 2011-11-18 04:21        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2011-11-17 22:10 . 2011-11-17 22:10        --------        d-----w-        c:\program files\ESET
2011-11-16 16:56 . 2011-11-16 16:56        --------        d-----w-        c:\users\Gast
2011-11-16 16:08 . 2011-11-16 16:08        --------        d-----w-        c:\programdata\VirtualWifiRouter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 08:03 . 2011-05-19 07:05        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-14 06:33 . 2009-10-31 13:22        29712        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:30 . 2011-10-12 09:22        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-09-02 13:22 . 2011-09-02 13:22        0        ---ha-w-        c:\users\Hel\AppData\Local\BIT3246.tmp
2011-09-01 02:35 . 2011-10-12 09:27        1798144        ----a-w-        c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 09:27        1126912        ----a-w-        c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 09:27        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-08-31 16:00 . 2009-10-27 10:19        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-12 09:22        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 09:22        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 09:22        238080        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 09:22        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-03 06:18 . 2011-09-14 08:55        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2009-11-20 520192]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT Agent.exe" [2011-04-14 12036968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]
"CX Print Msgsrv"="c:\program files\silex technology\CX Print\Msgsrv.exe" [2008-08-21 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-04-28 220552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Viren\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-01-28 270176]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2011-07-30 224096]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-30 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-30 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-07-30 235392]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-30 90112]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2011-07-30 64384]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-30 26624]
R3 RIYSCJEUOHWHV;RIYSCJEUOHWHV;c:\users\Boss\AppData\Local\Temp\RIYSCJEUOHWHV.exe [x]
R3 RSND;RSND;c:\users\Boss\AppData\Local\Temp\RSND.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [2008-07-26 14416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 YJEHRBYH;YJEHRBYH;c:\users\Boss\AppData\Local\Temp\YJEHRBYH.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-07-30 13184]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-30 73216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-24 522784]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2008-12-19 246808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 07:04]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 10:22]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\eakt02rm.default\
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-21 17:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-21  17:37:16
ComboFix-quarantined-files.txt  2011-11-21 16:37
ComboFix2.txt  2011-11-21 12:16
.
Vor Suchlauf: 16 Verzeichnis(se), 189.107.388.416 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 189.075.525.632 Bytes frei
.
- - End Of File - - 8D3B723FC60594626CBD74EAD8390423


--- --- ---

Danke schon mal


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131