....und antimalwarebyte gab mir nen blue screen - mbamswissarmy.sys - Page_Fault_in_Nonpaged_Area
...habe mit mbam_clean deinstalliert, wieder ccleaner für registry und will dann später mal neu installieren......
TDSSKiller-log:
: Code:
13:28:14.0828 3308 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:28:14.0921 3308 ============================================================
13:28:14.0921 3308 Current date / time: 2012/03/15 13:28:14.0921
13:28:14.0921 3308 SystemInfo:
13:28:14.0921 3308
13:28:14.0921 3308 OS Version: 5.1.2600 ServicePack: 3.0
13:28:14.0921 3308 Product type: Workstation
13:28:14.0921 3308 ComputerName: MARCUSPC11
13:28:14.0921 3308 UserName: Administrator
13:28:14.0921 3308 Windows directory: F:\WINDOWS
13:28:14.0921 3308 System windows directory: F:\WINDOWS
13:28:14.0921 3308 Processor architecture: Intel x86
13:28:14.0921 3308 Number of processors: 2
13:28:14.0921 3308 Page size: 0x1000
13:28:14.0921 3308 Boot type: Normal boot
13:28:14.0921 3308 ============================================================
13:28:16.0281 3308 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:28:16.0281 3308 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:28:16.0296 3308 Drive \Device\Harddisk4\DR8 - Size: 0x3D700000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:28:16.0296 3308 \Device\Harddisk1\DR1:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:28:16.0296 3308 \Device\Harddisk0\DR0:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk4\DR8:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk4\DR8\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EB7E0
13:28:16.0359 3308 Initialize success
13:28:16.0359 3308 ============================================================
13:28:28.0078 3144 ============================================================
13:28:28.0078 3144 Scan started
13:28:28.0078 3144 Mode: Manual; SigCheck; TDLFS;
13:28:28.0078 3144 ============================================================
13:28:28.0531 3144 Abiosdsk - ok
13:28:28.0546 3144 abp480n5 - ok
13:28:28.0625 3144 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) F:\WINDOWS\system32\DRIVERS\ACPI.sys
13:28:29.0937 3144 ACPI - ok
13:28:30.0000 3144 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) F:\WINDOWS\system32\drivers\ACPIEC.sys
13:28:30.0078 3144 ACPIEC - ok
13:28:30.0078 3144 adpu160m - ok
13:28:30.0109 3144 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
13:28:30.0187 3144 aec - ok
13:28:30.0218 3144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
13:28:30.0281 3144 AFD - ok
13:28:30.0296 3144 Aha154x - ok
13:28:30.0296 3144 aic78u2 - ok
13:28:30.0312 3144 aic78xx - ok
13:28:30.0312 3144 AliIde - ok
13:28:30.0328 3144 amsint - ok
13:28:30.0343 3144 asc - ok
13:28:30.0343 3144 asc3350p - ok
13:28:30.0359 3144 asc3550 - ok
13:28:30.0390 3144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:28:30.0437 3144 AsyncMac - ok
13:28:30.0453 3144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
13:28:30.0515 3144 atapi - ok
13:28:30.0531 3144 Atdisk - ok
13:28:30.0578 3144 atksgt (f0d933b42cd0594048e4d5200ae9e417) F:\WINDOWS\system32\DRIVERS\atksgt.sys
13:28:30.0625 3144 atksgt - ok
13:28:30.0656 3144 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:28:30.0734 3144 Atmarpc - ok
13:28:30.0750 3144 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
13:28:30.0812 3144 audstub - ok
13:28:30.0859 3144 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
13:28:30.0937 3144 Beep - ok
13:28:31.0000 3144 BIOS (be5d50529799b9bab6be879ec768b6cf) F:\WINDOWS\system32\drivers\BIOS.sys
13:28:31.0031 3144 BIOS ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0031 3144 BIOS - detected UnsignedFile.Multi.Generic (1)
13:28:31.0078 3144 bizVSerial (66f655b08eed3230e059d197c8a1969b) F:\WINDOWS\system32\drivers\bizVSerialNT.sys
13:28:31.0093 3144 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0093 3144 bizVSerial - detected UnsignedFile.Multi.Generic (1)
13:28:31.0203 3144 catchme - ok
13:28:31.0234 3144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
13:28:31.0296 3144 cbidf2k - ok
13:28:31.0312 3144 cd20xrnt - ok
13:28:31.0343 3144 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
13:28:31.0406 3144 Cdaudio - ok
13:28:31.0453 3144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
13:28:31.0500 3144 Cdfs - ok
13:28:31.0546 3144 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) F:\WINDOWS\system32\drivers\cdrbsdrv.sys
13:28:31.0562 3144 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0562 3144 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
13:28:31.0593 3144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
13:28:31.0656 3144 Cdrom - ok
13:28:31.0734 3144 Changer - ok
13:28:31.0781 3144 cjusb (b0dfc4adb1ff150ac466f3dad323196a) F:\WINDOWS\system32\DRIVERS\cjusb.sys
13:28:31.0781 3144 cjusb - ok
13:28:31.0796 3144 CmdIde - ok
13:28:31.0812 3144 Cpqarray - ok
13:28:31.0984 3144 cpuz134 (75fa19142531cbf490770c2988a7db64) F:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys
13:28:32.0000 3144 cpuz134 - ok
13:28:32.0046 3144 CSCrySec (5cbf20674be8364febb6a13451a42f0a) F:\WINDOWS\system32\DRIVERS\CSCrySec.sys
13:28:32.0078 3144 CSCrySec - ok
13:28:32.0093 3144 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) F:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
13:28:32.0093 3144 CSVirtualDiskDrv - ok
13:28:32.0109 3144 dac2w2k - ok
13:28:32.0125 3144 dac960nt - ok
13:28:32.0156 3144 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
13:28:32.0218 3144 Disk - ok
13:28:32.0250 3144 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) F:\WINDOWS\system32\drivers\dmboot.sys
13:28:32.0343 3144 dmboot - ok
13:28:32.0359 3144 dmio (53720ab12b48719d00e327da470a619a) F:\WINDOWS\system32\drivers\dmio.sys
13:28:32.0421 3144 dmio - ok
13:28:32.0453 3144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
13:28:32.0515 3144 dmload - ok
13:28:32.0531 3144 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
13:28:32.0593 3144 DMusic - ok
13:28:32.0609 3144 dpti2o - ok
13:28:32.0656 3144 drhard (0071f8825d14b16955cd0a0699ab7a6c) F:\WINDOWS\system32\DRIVERS\DRHARD.SYS
13:28:32.0750 3144 drhard ( UnsignedFile.Multi.Generic ) - warning
13:28:32.0750 3144 drhard - detected UnsignedFile.Multi.Generic (1)
13:28:32.0781 3144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
13:28:32.0828 3144 drmkaud - ok
13:28:32.0875 3144 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
13:28:32.0937 3144 Fastfat - ok
13:28:32.0968 3144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
13:28:33.0015 3144 Fdc - ok
13:28:33.0031 3144 Fips (b0678a548587c5f1967b0d70bacad6c1) F:\WINDOWS\system32\drivers\Fips.sys
13:28:33.0093 3144 Fips - ok
13:28:33.0109 3144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:28:33.0171 3144 Flpydisk - ok
13:28:33.0203 3144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:28:33.0250 3144 FltMgr - ok
13:28:33.0281 3144 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) F:\WINDOWS\system32\FsUsbExDisk.SYS
13:28:33.0296 3144 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:28:33.0296 3144 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:28:33.0312 3144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
13:28:33.0375 3144 Fs_Rec - ok
13:28:33.0406 3144 Ftdisk (8f1955ce42e1484714b542f341647778) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:28:33.0453 3144 Ftdisk - ok
13:28:33.0468 3144 gdrv (b6bfec7542730e9a376bf2408423d493) F:\WINDOWS\gdrv.sys
13:28:33.0484 3144 gdrv - ok
13:28:33.0515 3144 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) F:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:28:33.0531 3144 GEARAspiWDM - ok
13:28:33.0625 3144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
13:28:33.0703 3144 Gpc - ok
13:28:33.0750 3144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:28:33.0828 3144 HDAudBus - ok
13:28:33.0843 3144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
13:28:33.0906 3144 hidusb - ok
13:28:33.0921 3144 hpn - ok
13:28:33.0968 3144 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
13:28:34.0015 3144 HTTP - ok
13:28:34.0015 3144 i2omgmt - ok
13:28:34.0031 3144 i2omp - ok
13:28:34.0046 3144 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:28:34.0093 3144 i8042prt - ok
13:28:34.0125 3144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
13:28:34.0187 3144 Imapi - ok
13:28:34.0203 3144 ini910u - ok
13:28:34.0265 3144 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) F:\WINDOWS\system32\drivers\RtkHDAud.sys
13:28:34.0437 3144 IntcAzAudAddService - ok
13:28:34.0437 3144 IntelIde - ok
13:28:34.0453 3144 intelppm (4c7d2750158ed6e7ad642d97bffae351) F:\WINDOWS\system32\DRIVERS\intelppm.sys
13:28:34.0515 3144 intelppm - ok
13:28:34.0546 3144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:28:34.0609 3144 Ip6Fw - ok
13:28:34.0640 3144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:28:34.0687 3144 IpFilterDriver - ok
13:28:34.0718 3144 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
13:28:34.0781 3144 IpInIp - ok
13:28:34.0796 3144 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
13:28:34.0859 3144 IpNat - ok
13:28:34.0875 3144 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
13:28:34.0921 3144 IPSec - ok
13:28:35.0062 3144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
13:28:35.0125 3144 IRENUM - ok
13:28:35.0140 3144 isapnp (6dfb88f64135c525433e87648bda30de) F:\WINDOWS\system32\DRIVERS\isapnp.sys
13:28:35.0187 3144 isapnp - ok
13:28:35.0203 3144 Kbdclass (1704d8c4c8807b889e43c649b478a452) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:28:35.0281 3144 Kbdclass - ok
13:28:35.0312 3144 kbdhid (b6d6c117d771c98130497265f26d1882) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:28:35.0375 3144 kbdhid - ok
13:28:35.0421 3144 kl1 (ce3958f58547454884e97bda78cd7040) F:\WINDOWS\system32\drivers\kl1.sys
13:28:35.0421 3144 kl1 - ok
13:28:35.0468 3144 KLBG (53eedab3f0511321ac3ae8bc968b158c) F:\WINDOWS\system32\DRIVERS\klbg.sys
13:28:35.0484 3144 KLBG - ok
13:28:35.0531 3144 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) F:\WINDOWS\system32\DRIVERS\klif.sys
13:28:35.0796 3144 KLIF - ok
13:28:35.0828 3144 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) F:\WINDOWS\system32\DRIVERS\klim5.sys
13:28:35.0843 3144 klim5 - ok
13:28:35.0890 3144 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) F:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:28:35.0906 3144 klmouflt - ok
13:28:35.0921 3144 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
13:28:35.0984 3144 kmixer - ok
13:28:36.0031 3144 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
13:28:36.0109 3144 KSecDD - ok
13:28:36.0125 3144 Lavasoft Kernexplorer - ok
13:28:36.0140 3144 lbrtfdc - ok
13:28:36.0187 3144 LGBusEnum (4d29522a2c0ac9847fb2e628ba067583) F:\WINDOWS\system32\drivers\LGBusEnum.sys
13:28:36.0187 3144 LGBusEnum - ok
13:28:36.0203 3144 lirsgt - ok
13:28:36.0250 3144 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) F:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:28:36.0281 3144 MBAMSwissArmy - ok
13:28:36.0328 3144 MEMSWEEP2 - ok
13:28:36.0359 3144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
13:28:36.0421 3144 mnmdd - ok
13:28:36.0468 3144 Modem (6fb74ebd4ec57a6f1781de3852cc3362) F:\WINDOWS\system32\drivers\Modem.sys
13:28:36.0531 3144 Modem - ok
13:28:36.0531 3144 Mouclass (b24ce8005deab254c0251e15cb71d802) F:\WINDOWS\system32\DRIVERS\mouclass.sys
13:28:36.0593 3144 Mouclass - ok
13:28:36.0656 3144 mouhid (66a6f73c74e1791464160a7065ce711a) F:\WINDOWS\system32\DRIVERS\mouhid.sys
13:28:36.0765 3144 mouhid - ok
13:28:36.0781 3144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
13:28:36.0843 3144 MountMgr - ok
13:28:36.0843 3144 mraid35x - ok
13:28:36.0890 3144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:28:36.0968 3144 MRxDAV - ok
13:28:37.0000 3144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:28:37.0078 3144 MRxSmb - ok
13:28:37.0093 3144 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
13:28:37.0156 3144 Msfs - ok
13:28:37.0187 3144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
13:28:37.0234 3144 MSKSSRV - ok
13:28:37.0250 3144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:28:37.0312 3144 MSPCLOCK - ok
13:28:37.0328 3144 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
13:28:37.0390 3144 MSPQM - ok
13:28:37.0421 3144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:28:37.0484 3144 mssmbios - ok
13:28:37.0515 3144 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
13:28:37.0578 3144 Mup - ok
13:28:37.0609 3144 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
13:28:37.0687 3144 NDIS - ok
13:28:37.0734 3144 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:28:37.0765 3144 NdisTapi - ok
13:28:37.0796 3144 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:28:37.0843 3144 Ndisuio - ok
13:28:37.0859 3144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:28:37.0937 3144 NdisWan - ok
13:28:37.0953 3144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
13:28:38.0000 3144 NDProxy - ok
13:28:38.0000 3144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
13:28:38.0062 3144 NetBIOS - ok
13:28:38.0093 3144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
13:28:38.0156 3144 NetBT - ok
13:28:38.0265 3144 NPF (b9730495e0cf674680121e34bd95a73b) F:\WINDOWS\system32\drivers\npf.sys
13:28:38.0265 3144 NPF - ok
13:28:38.0281 3144 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
13:28:38.0343 3144 Npfs - ok
13:28:38.0359 3144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
13:28:38.0421 3144 Ntfs - ok
13:28:38.0453 3144 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
13:28:38.0500 3144 Null - ok
13:28:38.0718 3144 nv (ed9816dbaf6689542ea7d022631906a1) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:28:39.0093 3144 nv - ok
13:28:39.0109 3144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:28:39.0171 3144 NwlnkFlt - ok
13:28:39.0187 3144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:28:39.0234 3144 NwlnkFwd - ok
13:28:39.0250 3144 Parport (f84785660305b9b903fb3bca8ba29837) F:\WINDOWS\system32\DRIVERS\parport.sys
13:28:39.0312 3144 Parport - ok
13:28:39.0328 3144 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
13:28:39.0375 3144 PartMgr - ok
13:28:39.0421 3144 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) F:\WINDOWS\system32\drivers\ParVdm.sys
13:28:39.0468 3144 ParVdm - ok
13:28:39.0500 3144 PCI (387e8dedc343aa2d1efbc30580273acd) F:\WINDOWS\system32\DRIVERS\pci.sys
13:28:39.0546 3144 PCI - ok
13:28:39.0562 3144 PCIDump - ok
13:28:39.0578 3144 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) F:\WINDOWS\system32\DRIVERS\pciide.sys
13:28:39.0625 3144 PCIIde - ok
13:28:39.0656 3144 Pcmcia (a2a966b77d61847d61a3051df87c8c97) F:\WINDOWS\system32\drivers\Pcmcia.sys
13:28:39.0765 3144 Pcmcia - ok
13:28:39.0812 3144 pcouffin (5b6c11de7e839c05248ced8825470fef) F:\WINDOWS\system32\Drivers\pcouffin.sys
13:28:39.0812 3144 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:28:39.0812 3144 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:28:39.0843 3144 PDCOMP - ok
13:28:39.0859 3144 PDFRAME - ok
13:28:39.0875 3144 PDRELI - ok
13:28:39.0890 3144 PDRFRAME - ok
13:28:39.0906 3144 perc2 - ok
13:28:39.0937 3144 perc2hib - ok
13:28:39.0953 3144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
13:28:40.0015 3144 PptpMiniport - ok
13:28:40.0046 3144 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
13:28:40.0109 3144 PSched - ok
13:28:40.0125 3144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
13:28:40.0187 3144 Ptilink - ok
13:28:40.0203 3144 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) F:\WINDOWS\system32\Drivers\PxHelp20.sys
13:28:40.0218 3144 PxHelp20 - ok
13:28:40.0218 3144 ql1080 - ok
13:28:40.0234 3144 Ql10wnt - ok
13:28:40.0250 3144 ql12160 - ok
13:28:40.0250 3144 ql1240 - ok
13:28:40.0265 3144 ql1280 - ok
13:28:40.0265 3144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
13:28:40.0328 3144 RasAcd - ok
13:28:40.0359 3144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:28:40.0406 3144 Rasl2tp - ok
13:28:40.0421 3144 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:28:40.0484 3144 RasPppoe - ok
13:28:40.0500 3144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
13:28:40.0546 3144 Raspti - ok
13:28:40.0578 3144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
13:28:40.0640 3144 Rdbss - ok
13:28:40.0640 3144 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:28:40.0703 3144 RDPCDD - ok
13:28:40.0718 3144 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:28:40.0781 3144 rdpdr - ok
13:28:40.0828 3144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
13:28:40.0875 3144 RDPWD - ok
13:28:40.0906 3144 redbook (ed761d453856f795a7fe056e42c36365) F:\WINDOWS\system32\DRIVERS\redbook.sys
13:28:40.0968 3144 redbook - ok
13:28:41.0000 3144 RTLE8023xp (89619ef503f949fae09252a8b883ee11) F:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:28:41.0031 3144 RTLE8023xp - ok
13:28:41.0062 3144 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
13:28:41.0093 3144 Secdrv - ok
13:28:41.0109 3144 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
13:28:41.0156 3144 serenum - ok
13:28:41.0171 3144 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) F:\WINDOWS\system32\DRIVERS\serial.sys
13:28:41.0234 3144 Serial - ok
13:28:41.0265 3144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
13:28:41.0328 3144 Sfloppy - ok
13:28:41.0328 3144 Simbad - ok
13:28:41.0343 3144 Sparrow - ok
13:28:41.0375 3144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
13:28:41.0484 3144 splitter - ok
13:28:41.0500 3144 Sr (50fa898f8c032796d3b1b9951bb5a90f) F:\WINDOWS\system32\DRIVERS\sr.sys
13:28:41.0531 3144 Sr - ok
13:28:41.0625 3144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
13:28:41.0687 3144 Srv - ok
13:28:41.0750 3144 ssmdrv (a36ee93698802cd899f98bfd553d8185) F:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:28:41.0750 3144 ssmdrv - ok
13:28:41.0828 3144 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) F:\WINDOWS\system32\DRIVERS\ss_bus.sys
13:28:41.0843 3144 ss_bus - ok
13:28:41.0890 3144 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) F:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
13:28:41.0906 3144 ss_mdfl - ok
13:28:41.0953 3144 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) F:\WINDOWS\system32\DRIVERS\ss_mdm.sys
13:28:41.0953 3144 ss_mdm - ok
13:28:41.0968 3144 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
13:28:42.0031 3144 swenum - ok
13:28:42.0062 3144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
13:28:42.0109 3144 swmidi - ok
13:28:42.0125 3144 symc810 - ok
13:28:42.0140 3144 symc8xx - ok
13:28:42.0140 3144 sym_hi - ok
13:28:42.0156 3144 sym_u3 - ok
13:28:42.0171 3144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
13:28:42.0406 3144 sysaudio - ok
13:28:42.0421 3144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
13:28:42.0531 3144 Tcpip - ok
13:28:42.0625 3144 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
13:28:42.0687 3144 TDPIPE - ok
13:28:42.0718 3144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
13:28:42.0781 3144 TDTCP - ok
13:28:42.0781 3144 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
13:28:42.0843 3144 TermDD - ok
13:28:42.0859 3144 TosIde - ok
13:28:42.0968 3144 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
13:28:42.0968 3144 TuneUpUtilitiesDrv - ok
13:28:43.0000 3144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
13:28:43.0078 3144 Udfs - ok
13:28:43.0078 3144 ultra - ok
13:28:43.0125 3144 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
13:28:43.0203 3144 Update - ok
13:28:43.0218 3144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:28:43.0281 3144 usbccgp - ok
13:28:43.0296 3144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
13:28:43.0359 3144 usbehci - ok
13:28:43.0359 3144 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
13:28:43.0421 3144 usbhub - ok
13:28:43.0468 3144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
13:28:43.0531 3144 usbscan - ok
13:28:43.0562 3144 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:28:43.0656 3144 usbstor - ok
13:28:43.0687 3144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:28:43.0750 3144 usbuhci - ok
13:28:43.0781 3144 uze4mtyw (d565ad44c6c4d934afad3ca4196b09aa) F:\WINDOWS\system32\Drivers\uze4mtyw.sys
13:28:43.0781 3144 uze4mtyw ( UnsignedFile.Multi.Generic ) - warning
13:28:43.0781 3144 uze4mtyw - detected UnsignedFile.Multi.Generic (1)
13:28:43.0781 3144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
13:28:43.0843 3144 VgaSave - ok
13:28:43.0859 3144 ViaIde - ok
13:28:43.0859 3144 VolSnap (a5a712f4e880874a477af790b5186e1d) F:\WINDOWS\system32\drivers\VolSnap.sys
13:28:43.0921 3144 VolSnap - ok
13:28:43.0953 3144 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
13:28:44.0015 3144 Wanarp - ok
13:28:44.0015 3144 WDICA - ok
13:28:44.0046 3144 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
13:28:44.0093 3144 wdmaud - ok
13:28:44.0125 3144 WpdUsb (cf4def1bf66f06964dc0d91844239104) F:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:28:44.0171 3144 WpdUsb - ok
13:28:44.0203 3144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
13:28:44.0265 3144 WS2IFSL - ok
13:28:44.0343 3144 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:28:44.0359 3144 WudfPf - ok
13:28:44.0390 3144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:28:44.0406 3144 WudfRd - ok
13:28:44.0421 3144 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:28:44.0703 3144 \Device\Harddisk1\DR1 - ok
13:28:44.0703 3144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:28:45.0250 3144 \Device\Harddisk0\DR0 - ok
13:28:45.0265 3144 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk4\DR8
13:29:03.0000 3144 \Device\Harddisk4\DR8 - ok
13:29:03.0000 3144 Boot (0x1200) (45dbab1750a35fe7655973bdf31ceac3) \Device\Harddisk1\DR1\Partition0
13:29:03.0000 3144 \Device\Harddisk1\DR1\Partition0 - ok
13:29:03.0015 3144 Boot (0x1200) (f7488a96df70173c7b56784084ee3720) \Device\Harddisk4\DR8\Partition0
13:29:03.0015 3144 \Device\Harddisk4\DR8\Partition0 - ok
13:29:03.0015 3144 ============================================================
13:29:03.0015 3144 Scan finished
13:29:03.0015 3144 ============================================================
13:29:03.0125 1216 Detected object count: 7
13:29:03.0125 1216 Actual detected object count: 7
13:29:40.0234 1216 F:\WINDOWS\system32\drivers\BIOS.sys - copied to quarantine
13:29:40.0250 1216 HKLM\SYSTEM\ControlSet001\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 HKLM\SYSTEM\ControlSet003\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 HKLM\SYSTEM\ControlSet004\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 F:\WINDOWS\system32\drivers\BIOS.sys - will be deleted on reboot
13:29:40.0281 1216 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0390 1216 F:\WINDOWS\system32\drivers\bizVSerialNT.sys - copied to quarantine
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet001\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet003\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet004\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 F:\WINDOWS\system32\drivers\bizVSerialNT.sys - will be deleted on reboot
13:29:40.0406 1216 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0437 1216 F:\WINDOWS\system32\drivers\cdrbsdrv.sys - copied to quarantine
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet001\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet003\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet004\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 F:\WINDOWS\system32\drivers\cdrbsdrv.sys - will be deleted on reboot
13:29:40.0453 1216 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0531 1216 F:\WINDOWS\system32\DRIVERS\DRHARD.SYS - copied to quarantine
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet001\services\drhard - will be deleted on reboot
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet003\services\drhard - will be deleted on reboot
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet004\services\drhard - will be deleted on reboot
13:29:40.0546 1216 F:\WINDOWS\system32\DRIVERS\DRHARD.SYS - will be deleted on reboot
13:29:40.0546 1216 drhard ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0578 1216 F:\WINDOWS\system32\FsUsbExDisk.SYS - copied to quarantine
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet001\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet003\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet004\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 F:\WINDOWS\system32\FsUsbExDisk.SYS - will be deleted on reboot
13:29:40.0593 1216 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0687 1216 F:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet001\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet003\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet004\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 F:\WINDOWS\system32\Drivers\pcouffin.sys - will be deleted on reboot
13:29:40.0703 1216 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0718 1216 F:\WINDOWS\system32\Drivers\uze4mtyw.sys - copied to quarantine
13:29:40.0734 1216 HKLM\SYSTEM\ControlSet001\services\uze4mtyw - will be deleted on reboot
13:29:40.0734 1216 HKLM\SYSTEM\ControlSet004\services\uze4mtyw - will be deleted on reboot
13:29:40.0734 1216 F:\WINDOWS\system32\Drivers\uze4mtyw.sys - will be deleted on reboot
13:29:40.0734 1216 uze4mtyw ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:49.0921 2300 Deinitialize success
:
ComboFix-Logs
:Combofix Logfile: Code:
ComboFix 12-03-10.02 - Administrator 15.03.2012 14:31:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3582.2971 [GMT 1:00]
ausgeführt von:: f:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\facemoods.com
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml
f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
f:\windows\system32\dllcache\cygwin1.dll
f:\windows\system32\dllcache\libeay32.dll
f:\windows\system32\dllcache\ssleay32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-15 bis 2012-03-15 ))))))))))))))))))))))))))))))
.
.
2012-03-14 20:23 . 2010-10-01 21:05 162392 ----a-w- f:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2012-03-14 20:23 . 2012-03-14 20:39 97961 ----a-w- f:\windows\system32\drivers\klick.dat
2012-03-14 20:23 . 2012-03-14 20:39 115369 ----a-w- f:\windows\system32\drivers\klin.dat
2012-03-14 20:23 . 2009-12-14 11:44 39352 ----a-w- f:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-03-14 20:23 . 2009-12-14 11:44 88632 ----a-w- f:\windows\system32\drivers\CSCrySec.sys
2012-03-14 20:22 . 2012-03-14 20:22 -------- d-----w- f:\programme\Gemeinsame Dateien\InfoWatch
2012-03-14 20:22 . 2012-03-15 13:26 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-03-14 20:22 . 2012-03-14 20:22 -------- d-----w- f:\programme\Kaspersky Lab
2012-03-14 20:16 . 2012-03-14 20:16 -------- d-----w- f:\windows\SxsCaPendDel
2012-03-14 19:56 . 2012-03-14 19:56 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2012-03-13 19:19 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-03-13 19:19 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\dllcache\iacenc.dll
2012-03-11 09:39 . 2012-03-11 09:39 -------- d-----w- f:\programme\LSoft Technologies
2012-03-10 18:36 . 2009-08-06 18:24 53472 ----a-w- f:\windows\system32\wuauclt.exe
2012-03-08 18:16 . 2012-03-08 18:16 -------- d-----w- f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Trend Micro
2012-03-08 18:15 . 2012-03-08 18:17 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Trend Micro
2012-03-06 09:40 . 2012-03-15 12:29 -------- d-----w- F:\TDSSKiller_Quarantine
2012-03-05 22:52 . 2011-07-22 06:50 359856 ----a-w- f:\windows\system32\zkasigct.dll
2012-03-05 22:52 . 2012-02-29 10:49 512944 ----a-w- f:\windows\system32\cjpcsc.exe
2012-03-05 22:52 . 2012-02-19 18:32 713648 ----a-w- f:\windows\system32\cjpcscui.exe
2012-03-05 22:52 . 2012-02-14 10:48 786352 ----a-w- f:\windows\system32\cjpcsc32.dll
2012-03-05 22:52 . 2012-02-14 10:48 53680 ----a-w- f:\windows\system32\cjKbBase.dll
2012-03-05 22:52 . 2012-02-14 10:48 215472 ----a-w- f:\windows\system32\cjeca32.dll
2012-03-05 22:52 . 2012-02-14 10:48 208816 ----a-w- f:\windows\system32\cjppa32.dll
2012-03-05 22:52 . 2012-02-14 10:47 63408 ----a-w- f:\windows\system32\cjpcscli.exe
2012-03-05 22:52 . 2007-05-31 06:38 167936 ------w- f:\windows\system32\SerialXP.dll
2012-03-05 22:52 . 2007-05-31 06:38 27648 ------w- f:\windows\system32\win32com.dll
2012-03-05 22:52 . 2007-05-31 06:38 53248 ------w- f:\windows\system32\cjtrm.dll
2012-03-05 21:58 . 2012-03-05 21:58 -------- d-----w- f:\programme\InCode Solutions
2012-03-05 05:29 . 2012-03-05 05:29 -------- d-----w- f:\programme\Gemeinsame Dateien\Java
2012-03-05 05:29 . 2012-03-05 05:29 73728 ----a-w- f:\windows\system32\javacpl.cpl
2012-03-05 05:29 . 2012-03-05 05:29 476904 ----a-w- f:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-05 05:29 . 2012-03-05 05:29 472808 ----a-w- f:\windows\system32\deployJava1.dll
2012-03-05 05:13 . 2012-03-05 05:13 -------- d-----w- f:\programme\Sophos
2012-03-04 14:38 . 2012-03-11 16:28 -------- d-----w- F:\_OTL
2012-03-01 16:10 . 2012-03-01 16:10 -------- d-----w- f:\programme\CCleaner
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-sh--w- f:\windows\system32\config\systemprofile\IETldCache
2012-02-29 09:49 . 2012-02-29 09:49 -------- d-----w- f:\dokumente und einstellungen\Administrator\Anwendungsdaten\TrojanHunter
2012-02-28 22:41 . 2010-08-22 12:48 114176 ----a-w- f:\windows\system32\PCWizard.cpl
2012-02-28 22:41 . 2012-02-28 22:41 -------- d-----w- f:\programme\CPUID
2012-02-28 22:25 . 2012-03-14 20:18 -------- d-----w- f:\programme\Trend Micro
2012-02-28 22:05 . 2012-02-28 22:05 -------- d-----w- F:\found.002
2012-02-28 21:31 . 2012-02-28 21:31 -------- d-----w- f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sophos
2012-02-28 20:58 . 2012-02-28 20:58 -------- d-----w- F:\stdtsa
2012-02-28 20:46 . 2012-03-01 15:32 -------- d-----w- f:\programme\Spybot - Search & Destroy
2012-02-28 20:46 . 2012-03-01 15:15 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-28 19:27 . 2012-03-13 12:31 167 ----a-w- F:\user.js
2012-02-16 12:05 . 2012-02-16 17:15 -------- d-----w- f:\programme\Eudora OSE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 09:41 . 2011-06-06 08:48 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 16:41 . 2012-03-11 16:41 21966 ----a-w- F:\Archive.zip
2012-03-02 12:56 . 2010-05-05 13:20 47360 ----a-w- f:\dokumente und einstellungen\Administrator\Anwendungsdaten\pcouffin.sys
2012-02-14 10:48 . 2009-02-26 14:57 352688 ----a-w- f:\windows\system32\ctrsct32.dll
2012-01-12 17:20 . 2008-04-30 22:00 1860096 ----a-w- f:\windows\system32\win32k.sys
2011-12-17 19:43 . 2008-05-10 22:58 43520 ------w- f:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2008-03-01 12:54 916992 ----a-w- f:\windows\system32\wininet.dll
2011-12-17 19:43 . 2008-03-01 12:53 1469440 ------w- f:\windows\system32\inetcpl.cpl
2012-02-16 14:55 . 2011-06-06 12:02 134104 ----a-w- f:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-10 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . f:\windows\system32\usp10.dll
[-] 2008-01-18 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . f:\windows\system32\dllcache\usp10.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 21:05 129624 ----a-w- f:\programme\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-10 16132608]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="f:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MMTray"="f:\programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 110592]
"Launch LgDeviceAgent"="f:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
"Launch LCDMon"="f:\programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
"Launch LGDCore"="f:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
"SunJavaUpdateSched"="f:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="f:\programme\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"Adobe ARM"="f:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - f:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-7 278528]
MotionSD STUDIO - Autostart SD Browser -.lnk - f:\programme\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2009-1-22 66952]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "f:\programme\Eudora_aol\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- f:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-22 18:42 116040 ----a-w- f:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-01-08 07:55 98304 ----a-w- f:\programme\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- f:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC]
2009-11-03 19:59 2247168 ----a-w- f:\programme\buffed\BLASC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- f:\programme\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- f:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- f:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- f:\programme\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- f:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-11-07 13:41 8192 ----a-w- f:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- f:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- f:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- f:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- f:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bgsvcgen"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="f:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="f:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MS_MASTER"=RUNDLL32.EXE f:\windows\system32\xml_inc.dll,i
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programme\\ICQ6\\ICQ.exe"=
"f:\\Programme\\InterVideo\\DVD7\\WinDVD.exe"=
"f:\\Programme\\Bonjour\\mDNSResponder.exe"=
"f:\\Programme\\iTunes\\iTunes.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"f:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"f:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"f:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Programme\\Microprose\\Risiko II\\RISKII.ICD"=
"f:\\Programme\\StarMoney 7.0 S-Edition\\app\\StarMoney.exe"=
"f:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"f:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"f:\\Programme\\World of Warcraft Public Test\\Launcher.exe"=
"f:\\Programme\\TV-Browser 3\\tvbrowser.exe"=
"f:\\Programme\\TV-Browser 3\\tvbrowser_noDD.exe"=
"f:\\Programme\\World of Warcraft\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;f:\windows\system32\drivers\CSCrySec.sys [14.03.2012 21:23 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;f:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;f:\windows\system32\drivers\CSVirtualDiskDrv.sys [14.03.2012 21:23 39352]
R2 cjpcsc;cyberJack PC/SC COM Service ;f:\windows\system32\cjpcsc.exe [05.03.2012 23:52 512944]
R2 CSObjectsSrv;CryptoStorage control service;f:\programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21.12.2009 17:34 743992]
R2 NPF;NetGroup Packet Filter Driver;f:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;f:\programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [10.11.2011 19:38 554160]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.12.2009 21:17 1044808]
R3 cjusb;REINER SCT cyberJack USB Driver;f:\windows\system32\drivers\cjusb.sys [26.02.2009 15:58 28144]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\drivers\klim5.sys [14.09.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;f:\windows\system32\drivers\klmouflt.sys [02.10.2009 19:39 19472]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;f:\windows\system32\drivers\LGBusEnum.sys [14.07.2009 14:35 19720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S2 FsUsbExService;FsUsbExService;f:\windows\system32\FsUsbExService.Exe [15.07.2009 11:44 233472]
S3 cpuz134;cpuz134;f:\programme\CPUID\PC Wizard 2010\pcwiz_x32.sys [28.02.2012 23:41 20328]
S3 FsUsbExDisk;FsUsbExDisk;\??\f:\windows\system32\FsUsbExDisk.SYS --> f:\windows\system32\FsUsbExDisk.SYS [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\f:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> f:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\24.tmp --> f:\windows\system32\24.tmp [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30754373
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - 30754373
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- f:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: Add to Anti-Banner - f:\programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\zho2pb4v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Softonic)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 00000000000000000000001d7dd482ad
FF - user.js: extensions.softonic_i.instlDay - 15412
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.513:31
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - orgnl
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - eng7
FF - user.js: extensions.softonic_i.instlRef - MON00001
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-05993050.sys
MSConfigStartUp-DAEMON Tools Lite - f:\programme\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-Messenger (Yahoo!) - f:\programme\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-15 14:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\24.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1450960922-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,60,a4,d8,44,10,ab,47,81,f0,8e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,6b,3f,f9,a7,c3,0d,40,ae,a7,7c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,60,a4,d8,44,10,ab,47,81,f0,8e,\
.
Zeit der Fertigstellung: 2012-03-15 14:40:09
ComboFix-quarantined-files.txt 2012-03-15 13:40
.
Vor Suchlauf: 23 Verzeichnis(se), 223.477.657.600 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 223.675.817.984 Bytes frei
.
- - End Of File - - 246CF1DD459F4FD2D99EF0D54049B217
--- --- ---
:[/code]
Combofix-Quarantined-files
: Code:
2012-03-15 13:39:24 . 2012-03-15 13:39:24 660 ----a-w- F:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Messenger (Yahoo!).reg.dat
2012-03-15 13:39:24 . 2012-03-15 13:39:24 630 ----a-w- F:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DAEMON Tools Lite.reg.dat
2012-03-15 13:39:23 . 2012-03-15 13:39:23 558 ----a-w- F:\Qoobox\Quarantine\Registry_backups\SafeBoot-05993050.sys.reg.dat
2012-03-15 13:38:46 . 2012-03-15 13:38:46 261,096 ----a-w- F:\Qoobox\Quarantine\D\av1.zip
2012-03-15 13:38:46 . 2007-11-07 07:03:18 562,688 ----a-w- F:\Qoobox\Quarantine\D\install.exe.vir
2012-03-15 13:37:02 . 2012-03-15 13:37:02 6,568 ----a-w- F:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-06 11:41:17 . 2012-03-15 13:30:40 510 ----a-w- F:\Qoobox\Quarantine\catchme.log
2011-08-12 14:05:18 . 2011-09-17 09:27:51 1,057 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml.vir
2011-01-12 07:16:39 . 2011-11-22 21:41:05 105 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr.vir
2011-01-12 07:16:39 . 2011-01-12 14:51:43 13,721,600 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.vir
2010-05-05 13:20:32 . 2012-03-02 12:56:44 87,608 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe.vir
2008-05-17 11:21:54 . 2007-10-22 05:10:36 196,608 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\ssleay32.dll.vir
2008-05-17 11:21:54 . 2007-10-22 05:10:18 1,015,808 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\libeay32.dll.vir
2008-05-17 11:21:54 . 2008-02-24 17:59:22 1,872,666 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\cygwin1.dll.vir
:
|
