| Chrizb84 | 12.06.2012 18:17 |
ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
Hallo zusammen und zunächst erst mal ein freundliches HALLO Trojaner-Board :pfeiff:
Ich bekomme seit gestern mit ANTIVIR die Meldung, dass ich mich mit ATRAPS GEN2 und tr/sirefef.gc.1 infiziert habe.
Anbei meine Logfiles:
1.) OTL:
OTL Logfile: Code:
OTL logfile created on: 11.06.2012 22:54:34 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chris\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,66% Memory free
5,93 Gb Paging File | 4,47 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 194,66 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 30,10 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
Drive Z: | 1862,44 Gb Total Space | 722,23 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.11 22:53:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.28 06:24:50 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2009.09.01 16:25:36 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.08.13 16:15:58 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.13 16:15:30 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.01 20:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 20:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.06.25 11:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.11.25 00:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.11.10 13:50:03 | 001,691,648 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3512.36924__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:03 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:03 | 000,364,544 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3512.36804__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:03 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3512.36823__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:03 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3512.36875__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:03 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3512.36812__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:03 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3512.36856__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3512.36818__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3512.36812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:02 | 000,798,720 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3512.36849__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3512.36869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:02 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3512.36894__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3512.36862__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:02 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:02 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3512.36861__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3512.36895__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3512.36893__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3512.36854__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:01 | 001,011,712 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3512.36920__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3512.36824__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3512.36843__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3512.36829__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.11.10 13:50:01 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.11.10 13:50:01 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3512.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3512.36828__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3512.36848__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:01 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3512.36855__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.11.10 13:50:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.11.10 13:50:01 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.11.10 13:50:00 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.11.10 13:50:00 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.11.10 13:50:00 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.11.10 13:50:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3498.37608__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3498.37611__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3498.37612__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.11.10 13:50:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.11.10 13:49:59 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3512.36919__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.11.10 13:49:59 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3512.36883__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.11.10 13:49:59 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3512.36817__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.11.10 13:49:59 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3512.36889__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.11.10 13:49:59 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3512.36887__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.11.10 13:49:59 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3512.36803__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.11.10 13:49:59 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.11.10 13:49:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.11.10 13:49:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3512.36900__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.11.10 13:49:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.11.10 13:49:59 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.11.10 13:49:59 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.11.10 13:49:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.11.10 13:49:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.11.10 13:49:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.11.10 13:49:59 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.11.10 13:49:59 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3512.36801__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.11.10 13:49:58 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3512.36808__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.11.10 13:49:58 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3512.36800__90ba9c70f846762e\APM.Server.dll
MOD - [2009.11.10 13:49:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3512.36801__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.11.10 13:49:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.11.10 13:49:58 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.11.10 13:49:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.11.10 13:49:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.11.10 13:49:58 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3512.36889__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.09.27 12:20:39 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.09.27 12:20:37 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 06:42:37 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009.07.01 20:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll
MOD - [2008.05.21 12:59:16 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.28 06:24:50 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2009.08.13 16:15:30 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.28 16:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.07.28 16:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.01 20:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2008.11.25 00:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.25 00:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008.11.25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.25 00:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006.10.26 21:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys -- (kgloqpod)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.10 13:54:22 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.08.13 18:29:30 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.10 19:24:46 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.07.28 23:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.06.26 04:33:26 | 000,169,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.05.20 12:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.10 17:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.06.10 17:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2012.06.11 21:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zkeiqqj4.default\extensions
[2012.06.10 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 17:26:53 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKEIQQJ4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.01 17:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 17:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFB3D96-357F-42A1-A7BC-2F59E37CC682}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.11 22:53:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012.06.11 22:35:37 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012.06.11 21:29:47 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.06.10 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2012.06.10 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2012.06.10 19:11:51 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.06.10 19:11:51 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.06.10 19:11:50 | 000,000,000 | ---D | C] -- C:\windows\System32\Macromed
[2012.06.10 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2012.06.10 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.10 18:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.10 18:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.06.10 18:23:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.06.10 18:19:55 | 000,000,000 | ---D | C] -- C:\Games
[2012.06.10 17:53:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2012.06.10 17:53:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2012.06.10 17:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.10 17:52:59 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2012.06.10 17:52:59 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2012.06.10 17:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.10 17:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.10 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.10 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.10 17:50:34 | 000,000,000 | ---D | C] -- C:\DL-Programm
[2012.06.10 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2012.06.10 17:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.06.10 17:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.10 17:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.06.10 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.06.10 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2012.06.10 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2012.06.10 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Avira
[2012.06.10 17:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.10 17:31:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.06.10 17:31:45 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.06.10 17:31:45 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.06.10 17:31:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.06.10 17:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.10 17:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.10 17:30:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Spyware Terminator
[2012.06.10 17:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.06.10 17:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.06.10 17:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012.06.10 17:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012.06.10 17:25:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla
[2012.06.10 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.06.10 17:15:04 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012.06.10 17:15:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012.06.10 17:15:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012.06.10 17:15:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012.06.10 16:26:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ATI
[2012.06.10 16:26:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ATI
[2012.06.10 16:25:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.10 16:25:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2012.06.10 16:25:56 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.10 16:25:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2012.06.10 16:25:36 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2012.06.10 16:25:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.10 16:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Vorlagen
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Verlauf
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Startmenü
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Netzwerkumgebung
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Lokale Einstellungen
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Druckumgebung
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Anwendungsdaten
[2012.06.10 16:25:20 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Anwendungsdaten
[2012.06.10 16:25:19 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2012.06.10 16:25:19 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.10 16:25:19 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\Eigene Videos
[2012.06.10 16:25:19 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\Eigene Musik
[2012.06.10 16:25:19 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Eigene Dateien
[2012.06.10 16:25:19 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\Eigene Bilder
[2012.06.10 16:25:19 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2012.06.10 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2012.06.10 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2012.06.10 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2012.06.10 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.10 16:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.10 16:24:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.10 16:24:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.10 16:24:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.10 16:24:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
========== Files - Modified Within 30 Days ==========
File not found -- C:\windows\System32\
[2012.06.11 22:59:02 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.11 22:53:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012.06.11 22:41:44 | 000,458,240 | ---- | M] () -- C:\Users\Chris\Desktop\CKScanner.exe
[2012.06.11 22:38:28 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2012.06.11 22:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2012.06.11 22:30:25 | 000,050,477 | ---- | M] () -- C:\Users\Chris\Desktop\Defogger - Kopie (2).exe
[2012.06.11 21:38:43 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 21:38:43 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 21:26:11 | 000,690,574 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.06.11 21:26:11 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.06.11 21:26:11 | 000,143,916 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.06.11 21:26:11 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.06.11 21:22:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.06.10 19:11:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.06.10 19:11:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.06.10 18:24:34 | 000,052,953 | ---- | M] () -- C:\windows\System32\license.rtf
[2012.06.10 17:53:01 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.10 17:38:06 | 2388,029,440 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 17:25:47 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
========== Files Created - No Company Name ==========
File not found -- C:\windows\System32\
[2012.06.11 22:40:57 | 000,458,240 | ---- | C] () -- C:\Users\Chris\Desktop\CKScanner.exe
[2012.06.11 22:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2012.06.11 22:30:48 | 000,050,477 | ---- | C] () -- C:\Users\Chris\Desktop\Defogger - Kopie (2).exe
[2012.06.11 22:10:16 | 000,018,944 | ---- | C] () -- C:\windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\800000cb.@
[2012.06.11 22:10:16 | 000,012,288 | ---- | C] () -- C:\windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\80000000.@
[2012.06.11 21:53:17 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\00000001.@
[2012.06.10 18:22:58 | 2388,029,440 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.10 17:53:01 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.10 17:50:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
(2 Einträge privater PDF Dokumente gelöscht)
[2012.06.10 17:30:59 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2012.06.10 17:25:47 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.10 17:25:47 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.10 16:25:58 | 000,001,409 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2009.07.14 01:11:59 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\@
[2009.07.14 01:11:59 | 000,002,048 | -HS- | C] () -- C:\Users\Chris\AppData\Local\{88bcc727-5a76-fd09-8899-60175dbc909c}\@
< End of report >
--- --- ---
[/QUOTE]
2. Extras
OTL Logfile: Code:
OTL Extras logfile created on: 11.06.2012 22:54:34 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chris\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,66% Memory free
5,93 Gb Paging File | 4,47 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 194,66 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 30,10 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
Drive Z: | 1862,44 Gb Total Space | 722,23 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D66D6A-8676-2B16-85FB-6517CC3E9CC5}" = CCC Help Finnish
"{0A92F3A5-DEAA-98E6-4581-15F8431A941C}" = CCC Help Portuguese
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1926A591-1891-259A-53C6-0F6841D6A8F0}" = CCC Help Norwegian
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA8757F-CBAC-0588-D416-8C96D501051E}" = CCC Help Greek
"{307465AB-87CB-A60D-C971-0BB80BB45A97}" = CCC Help Italian
"{333498C2-E34E-98D3-D137-B2781ECEE601}" = CCC Help Spanish
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3F07DEBB-DDFA-71A5-4833-FD7B4570099A}" = ccc-core-static
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C0BC34-24EA-0A97-43C7-1695DEF28E40}" = CCC Help Swedish
"{4320CF02-6353-A394-FD2A-5DC2E2C3128F}" = CCC Help Polish
"{46CF24EC-6881-A61E-E302-39D82F8A6F43}" = Catalyst Control Center Graphics Full Existing
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4C7C80E5-69FF-11EC-AC82-EC5B3CC5458F}" = Catalyst Control Center Core Implementation
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{578A8F75-2327-827C-4553-62CA9519D6D8}" = CCC Help Chinese Traditional
"{5885739F-97FF-4907-AC74-065515FFAFF0}" = Catalyst Control Center - Branding
"{5CAD98B7-0140-5544-ABBC-98DEF246E900}" = Catalyst Control Center Graphics Full New
"{5CD3BA1D-5C03-838E-797F-E930300411A0}" = Catalyst Control Center InstallProxy
"{5F9980AB-71E8-FB4C-3110-3BE92FFBFE8A}" = Catalyst Control Center Localization All
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68356BCF-54A3-6F27-9BDB-9837322C28D2}" = CCC Help Thai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{77F01698-1630-E8FB-05BE-4EA750D06025}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC75CED-C6C0-50CA-AF60-D6058C9864D3}" = CCC Help French
"{81A35B8F-5C47-0BC1-C9E6-3E0F5226737F}" = CCC Help German
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9575CD22-8556-2578-4D9C-FFB345C77235}" = CCC Help Czech
"{967B172C-034E-AD05-81BF-0F5CC76592F0}" = ccc-utility
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987FC279-722B-2597-5B59-F95FB2EBE9B4}" = CCC Help Russian
"{9E4D173C-3C21-3D80-10BF-239A2A53B0E8}" = CCC Help Chinese Standard
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9FE8E737-5B3C-97C3-2C54-AD85D689B36D}" = CCC Help Japanese
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B349FD26-7842-12DD-F55B-B241ED7FDB3A}" = CCC Help Danish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C027DFC2-445D-6F52-F803-D1CD04D6EFE3}" = Catalyst Control Center Graphics Light
"{CBD764FB-342D-0C97-7729-28E961EB13F0}" = CCC Help Hungarian
"{D001278B-867A-5FD6-BF2E-DA170DB1E9FC}" = ATI Catalyst Install Manager
"{D9A9EABC-3ADE-C519-A34C-DBB397BFEE7D}" = CCC Help Turkish
"{DF27DC6E-8455-1C78-A63A-B851D776BBD8}" = Catalyst Control Center Graphics Previews Vista
"{DF914FFA-9EAF-AC5A-D67E-1D90B4B7C767}" = CCC Help Dutch
"{E23C5EDE-188E-35F5-198B-34000BC15392}" = CCC Help English
"{E4C850CE-C78B-4E21-57C5-C297829ADD9B}" = PX Profile Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"EasyCapture4.0" = EasyCapture
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.06.2012 18:10:44 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8580
Error - 10.06.2012 18:10:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.06.2012 18:10:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9703
Error - 10.06.2012 18:10:45 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9703
Error - 10.06.2012 18:10:47 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.06.2012 18:10:47 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11279
Error - 10.06.2012 18:10:47 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11279
Error - 11.06.2012 15:22:40 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.06.2012 15:22:40 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 76324737
Error - 11.06.2012 15:22:40 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 76324737
< End of report >
--- --- ---
3. GMER: Zitat:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-12 19:12:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: g15jl9xz.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8B59C444]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8B59BC8A]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8B59B958]
SSDT 95C53466 ZwCreateSection
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8B59BA68]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8B59BB5A]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8B59C780]
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8B59BF9C]
SSDT 95C53470 ZwRequestWaitReplyPort
SSDT 95C5346B ZwSetContextThread
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8B59C0D2]
SSDT 95C53475 ZwSetSecurityObject
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8B59B77E]
SSDT 95C5347A ZwSystemDebugControl
SSDT 95C53407 ZwTerminateProcess
SSDT \??\C:\windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8B59C2BC]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8304E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83073092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 8307A908 4 Bytes [44, C4, 59, 8B] {INC ESP; LES EBX, DWORD [ECX-0x75]}
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 8307A948 4 Bytes [8A, BC, 59, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 8307A958 4 Bytes [58, B9, 59, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 340 8307A990 4 Bytes [66, 34, C5, 95]
.text ntkrnlpa.exe!RtlSidHashLookup + 38C 8307A9DC 4 Bytes [68, BA, 59, 8B]
.text ...
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E3B000, 0x2DE45A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
? C:\windows\system32\services.exe[516] C:\windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] ntdll.dll!LdrLoadDll 76E3F5B5 5 Bytes JMP 6405696F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] kernel32.dll!MapViewOfFile 762DC0D4 5 Bytes JMP 64300219 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] kernel32.dll!VirtualAlloc 762E0614 5 Bytes JMP 64300240 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] GDI32.dll!CreateDIBSection 765185F0 5 Bytes JMP 643001A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076b702a9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076b702a9 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_4_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_RTM~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_RTM~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_RTM~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_SP1~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_SP1~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686_SP1~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@CurrentState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastProgressState 32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2579686~31bf3856ad364e35~x86~~6.1.1.1@LastError -2146498538
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30230714_353537389@LastProgressState 48
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000C5.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000C6.log 1048576 bytes
---- EOF - GMER 1.0.15 ----
--- --- ---
|
Weitere Logs kann ich gerne senden. Was soll ich tun :kloppen:
Vielen Dank im voraus!!!
Grüße,
Chris
Ergänzung:
Antivir meldet außerdem Programm TR/SMALL.FI
"In der Datei C:\Windows\Installer\...\0000001.@"
Beste Grüße,
Chris
Anbei noch Log-Datei von ESET - Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dae1036ad106a940a0e535786c18897c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 07:11:17
# local_time=2012-06-12 09:11:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 183363 183363 0 0
# compatibility_mode=5893 16776574 33 85 74750 91156858 0 0
# compatibility_mode=7937 16777214 28 75 183400 6616999 0 0
# compatibility_mode=8192 67108863 100 0 133 133 0 0
# scanned=104538
# found=3
# cleaned=0
# scan_time=2610
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2J42MMBB\soft3[1].exe Win32/Sirefef.EV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (unable to clean) 00000000000000000000000000000000 I
Anti Malware Auswertung: Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.12.08
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [Administrator]
Schutz: Aktiviert
12.06.2012 21:47:29
mbam-log-2012-06-12 (21-51-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189998
Laufzeit: 3 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bösartig: (C:\Users\Chris\AppData\Local\{88bcc727-5a76-fd09-8899-60175dbc909c}\n.) Gut: (%SystemRoot%\system32\shell32.dll) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{88bcc727-5a76-fd09-8899-60175dbc909c}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
(Ende)
|
