Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   OTL - Logfiles Malware (https://www.trojaner-board.de/97652-otl-logfiles-malware.html)

Dominik16 18.04.2011 18:27
OTL - Logfiles Malware
 
Hallo,

ich habe auf meinem PC Malware. Als ich meinen PC hochgefahren habe, startete das Programm Windows Recovery, das ich einen Scan durchlaufen lies. Antivir zeigte an, dass ich einen Virus habe. Mittlerweile zeigt mir Antivir ungefähr alle 30 Sekunden an, dass ich Viren habe (zwischen 1 und ca. 80). Ich habe mir auch schon Beiträge hier im Forum angesehen und folgendes gemacht.

- rkill ausgeführt
- Malwarebytes Anti Malware ausgeführt
- OTL ausgeführt

Nun habe ich diese beiden Logfiles von OTL und ich hoffe, dass mir jemand helfen kann.

Ich bedanke mich schonmal im Vorraus.

cosinus 18.04.2011 18:44
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Dominik16 20.04.2011 18:54
Oh die habe ich wohl vergessen. Ich werde sie mal hochladen. Ich habe das erste mal gescannt und welche gefunden und habe dann nach "Entfernung" der Viren den PC neugestartet und anschließend noch einmal gescannt.

Dominik16 20.04.2011 18:58
Die habe ich vergessen. Ich werde sie hochladen.

cosinus 20.04.2011 19:00
Zitat:
Datenbank Version: 6373
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Dominik16 20.04.2011 21:37
Also ich habe nun upgedatet und einen vollscan gemacht.

Dominik16 21.04.2011 11:45
Ich habe jetzt nach der Entfernung noch einen vollscan gemacht und werde den auch hochladen, falls das Logfile benötigt wird.

cosinus 21.04.2011 15:42
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (OMSI download service) --  File not found
SRV - (mysql) --  File not found
SRV - (Apache2.2) --  File not found
SRV - (AMService) --  File not found
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SearchAnonymizer) -- C:\Users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} -  File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2008.01.01 18:03:23 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)
[2011.03.08 14:55:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.08 14:55:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.15 15:09:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.29 17:33:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.03.08 14:54:42 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com
[2008.03.28 12:56:30 | 000,000,000 | ---D | M] (OpenTaal woordenlijst) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-1.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-10.xml
[2010.11.26 18:26:53 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-11.xml
[2011.03.09 22:45:32 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-12.xml
[2011.03.31 21:30:06 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-13.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-2.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-3.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-4.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-5.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-6.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-7.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-8.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-9.xml
[2010.11.15 15:09:30 | 000,000,168 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.gif
[2010.11.15 15:09:30 | 000,000,618 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.xml
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Programme\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -  File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -  File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -  File not found
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Programme\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} -  File not found
O4 - HKLM..\Run: [QuickTime Task]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\Shell\AutoRun\command - "" = E:\feprog.exe
O33 - MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EPSetup.exe -- [2009.12.11 07:02:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation)
[2011.04.18 09:46:13 | 000,000,000 | ---D | C] -- C:\Programme\iqbfuljh
[2011.04.16 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.26 11:32:16 | 000,000,000 | -HSD | C] -- C:\Users\Tobbi\AppData\Roaming\wyUpdate AU
[2011.04.16 09:34:53 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~34725640r
[2011.04.16 09:34:52 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~34725640
[2011.04.16 09:34:43 | 000,000,384 | -H-- | C] () -- C:\ProgramData\34725640
[2009.01.28 21:54:06 | 000,380,944 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.4nvgj3u
[2009.01.28 21:32:02 | 000,036,880 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.lx81nh
[2009.01.28 21:10:04 | 000,344,080 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.xbitq
[2009.01.02 13:15:44 | 000,315,408 | -H-- | C] () -- C:\ProgramData\acid loud meow.fpen6
[2009.01.02 13:15:38 | 000,315,408 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.ta4pck
[2009.01.02 13:15:38 | 000,245,776 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.qixnu
[2008.12.26 23:42:29 | 000,237,584 | -H-- | C] () -- C:\ProgramData\start software cake.ue1rax
[2008.12.26 23:42:12 | 000,057,360 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.4s5co5
[2008.12.17 14:41:08 | 000,311,312 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.qmsz66q
[2008.10.23 19:14:38 | 000,077,840 | -H-- | C] () -- C:\ProgramData\Meal Ace Base.me7jd
[2008.10.23 19:13:56 | 000,180,240 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.vk4otw6
[2008.10.01 12:49:45 | 000,094,224 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.io9x1
[2008.09.14 18:53:02 | 000,364,560 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.3sfreb9
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Dominik16 21.04.2011 20:10
Ich habe den Fix gemacht und hier ist der code

Code:
All processes killed
========== OTL ==========
Service TOSHIBA Bluetooth Service stopped successfully!
Service TOSHIBA Bluetooth Service deleted successfully!
File  File not found not found.
Service OMSI download service stopped successfully!
Service OMSI download service deleted successfully!
File  File not found not found.
Service mysql stopped successfully!
Service mysql deleted successfully!
File  File not found not found.
Service Apache2.2 stopped successfully!
Service Apache2.2 deleted successfully!
File  File not found not found.
Service AMService stopped successfully!
Service AMService deleted successfully!
File  File not found not found.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Programme\Freecorder\tbFree.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\searchplugin folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102) folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org\dictionaries folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ deleted successfully.
C:\Programme\PDF Suite\PDFIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
c:\Programme\Google\GoogleToolbar1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{261F6A8B-7AAF-4BF5-8552-6610F4D67819} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}\ deleted successfully.
C:\Programme\PDF Suite\PDFIEPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E718888-423F-11D2-876E-00A0C9082467} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\ deleted successfully.
C:\Windows\System32\Msdxm6.ocx moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
File c:\Programme\Google\GoogleToolbar1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
File E:\feprog.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
File D:\EPSetup.exe not found.
Folder move failed. C:\Programme\iqbfuljh scheduled to be moved on reboot.
C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\wyUpdate AU folder moved successfully.
C:\ProgramData\~34725640r moved successfully.
C:\ProgramData\~34725640 moved successfully.
C:\ProgramData\34725640 moved successfully.
C:\ProgramData\Bows Cake Cake.4nvgj3u moved successfully.
C:\ProgramData\Bows Cake Cake.lx81nh moved successfully.
C:\ProgramData\Bows Cake Cake.xbitq moved successfully.
C:\ProgramData\acid loud meow.fpen6 moved successfully.
C:\ProgramData\Bows Cake Cake.ta4pck moved successfully.
C:\ProgramData\Bows Cake Cake.qixnu moved successfully.
C:\ProgramData\start software cake.ue1rax moved successfully.
C:\ProgramData\Bows Cake Cake.4s5co5 moved successfully.
C:\ProgramData\Bows Cake Cake.qmsz66q moved successfully.
C:\ProgramData\Meal Ace Base.me7jd moved successfully.
C:\ProgramData\Bows Cake Cake.vk4otw6 moved successfully.
C:\ProgramData\Bows Cake Cake.io9x1 moved successfully.
C:\ProgramData\Bows Cake Cake.3sfreb9 moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tobbi
->Temp folder emptied: 25496071 bytes
->Temporary Internet Files folder emptied: 29723555 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78299832 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 1565 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 133775 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2900217 bytes
RecycleBin emptied: 2594005691 bytes
 
Total Files Cleaned = 2.606,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_205907

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\iqbfuljh scheduled to be moved on reboot.
C:\Windows\temp\fla4AB2.tmp moved successfully.
C:\Windows\temp\Mhc.exe moved successfully.
C:\Windows\temp\Mhd.exe moved successfully.
File\Folder C:\Windows\temp\WER4D51.tmp.version.txt not found!
File\Folder C:\Windows\temp\WER4D62.tmp.appcompat.txt not found!
File\Folder C:\Windows\temp\WER4DFF.tmp.hdmp not found!
File\Folder C:\Windows\temp\~DF7F4D.tmp not found!

Registry entries deleted on Reboot...

cosinus 21.04.2011 20:16
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Dominik16 21.04.2011 20:32
Ich habe das Programm TDSSKiller ausgeführt und den PC neugestartet. Hier ist das Logfile:

Code:
2011/04/21 21:26:15.0372 1176        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/21 21:26:15.0580 1176        ================================================================================
2011/04/21 21:26:15.0580 1176        SystemInfo:
2011/04/21 21:26:15.0580 1176       
2011/04/21 21:26:15.0580 1176        OS Version: 6.0.6002 ServicePack: 2.0
2011/04/21 21:26:15.0580 1176        Product type: Workstation
2011/04/21 21:26:15.0580 1176        ComputerName: DOMINIK
2011/04/21 21:26:15.0581 1176        UserName: Tobbi
2011/04/21 21:26:15.0581 1176        Windows directory: C:\Windows
2011/04/21 21:26:15.0581 1176        System windows directory: C:\Windows
2011/04/21 21:26:15.0581 1176        Processor architecture: Intel x86
2011/04/21 21:26:15.0581 1176        Number of processors: 2
2011/04/21 21:26:15.0581 1176        Page size: 0x1000
2011/04/21 21:26:15.0581 1176        Boot type: Normal boot
2011/04/21 21:26:15.0581 1176        ================================================================================
2011/04/21 21:26:33.0732 1176        Initialize success

cosinus 21.04.2011 21:47
Ist unvollstöndig!
So muss es ausgeführt werden:

http://www.trojaner-board.de/attachm...rnen-start.png

Dominik16 22.04.2011 10:48
Ich hoffe es ist jetzt vollständig

Code:
2011/04/22 11:44:01.0854 3692        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/22 11:44:02.0035 3692        ================================================================================
2011/04/22 11:44:02.0035 3692        SystemInfo:
2011/04/22 11:44:02.0035 3692       
2011/04/22 11:44:02.0036 3692        OS Version: 6.0.6002 ServicePack: 2.0
2011/04/22 11:44:02.0036 3692        Product type: Workstation
2011/04/22 11:44:02.0036 3692        ComputerName: DOMINIK
2011/04/22 11:44:02.0036 3692        UserName: Tobbi
2011/04/22 11:44:02.0036 3692        Windows directory: C:\Windows
2011/04/22 11:44:02.0036 3692        System windows directory: C:\Windows
2011/04/22 11:44:02.0036 3692        Processor architecture: Intel x86
2011/04/22 11:44:02.0036 3692        Number of processors: 2
2011/04/22 11:44:02.0036 3692        Page size: 0x1000
2011/04/22 11:44:02.0036 3692        Boot type: Normal boot
2011/04/22 11:44:02.0036 3692        ================================================================================
2011/04/22 11:44:16.0328 3692        Initialize success
2011/04/22 11:44:22.0820 2256        ================================================================================
2011/04/22 11:44:22.0820 2256        Scan started
2011/04/22 11:44:22.0820 2256        Mode: Manual;
2011/04/22 11:44:22.0820 2256        ================================================================================
2011/04/22 11:44:26.0658 2256        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/22 11:44:28.0953 2256        ActionReplayDS  (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\ActionReplayDS.sys
2011/04/22 11:44:29.0588 2256        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/22 11:44:30.0569 2256        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/22 11:44:31.0282 2256        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/22 11:44:32.0041 2256        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/22 11:44:32.0836 2256        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/22 11:44:33.0720 2256        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/22 11:44:34.0440 2256        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/22 11:44:34.0749 2256        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/22 11:44:35.0009 2256        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/22 11:44:35.0588 2256        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/22 11:44:36.0060 2256        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/22 11:44:36.0430 2256        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/22 11:44:37.0044 2256        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/22 11:44:37.0582 2256        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/22 11:44:38.0002 2256        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/22 11:44:38.0625 2256        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/22 11:44:39.0195 2256        athr            (e51398cd3b4c9bae9d58d0aa35c8fe73) C:\Windows\system32\DRIVERS\athr.sys
2011/04/22 11:44:40.0609 2256        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/22 11:44:41.0316 2256        avipbb          (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/22 11:44:41.0911 2256        bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/22 11:44:42.0203 2256        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/22 11:44:42.0937 2256        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/22 11:44:43.0083 2256        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/22 11:44:43.0202 2256        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/22 11:44:43.0335 2256        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/22 11:44:43.0424 2256        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/22 11:44:43.0771 2256        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/22 11:44:43.0875 2256        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/22 11:44:43.0927 2256        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/22 11:44:43.0983 2256        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/22 11:44:44.0069 2256        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/22 11:44:44.0187 2256        BTHPORT        (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
2011/04/22 11:44:44.0267 2256        BTHUSB          (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/22 11:44:44.0336 2256        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/22 11:44:44.0417 2256        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/22 11:44:44.0666 2256        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/22 11:44:44.0802 2256        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/22 11:44:45.0030 2256        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/22 11:44:45.0217 2256        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/22 11:44:45.0287 2256        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/22 11:44:45.0505 2256        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/22 11:44:45.0572 2256        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/22 11:44:45.0843 2256        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/22 11:44:46.0010 2256        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/22 11:44:46.0116 2256        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/22 11:44:46.0168 2256        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/22 11:44:46.0211 2256        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/22 11:44:46.0412 2256        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/22 11:44:46.0775 2256        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/22 11:44:46.0877 2256        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/22 11:44:47.0093 2256        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/22 11:44:47.0241 2256        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/22 11:44:47.0376 2256        EMSCR          (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/04/22 11:44:47.0432 2256        ESDCR          (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/04/22 11:44:47.0615 2256        esgiguard      (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2011/04/22 11:44:47.0945 2256        ESMCR          (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/04/22 11:44:48.0296 2256        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/22 11:44:48.0388 2256        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/22 11:44:48.0517 2256        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/22 11:44:48.0600 2256        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/22 11:44:48.0694 2256        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/22 11:44:48.0786 2256        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/22 11:44:48.0909 2256        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/22 11:44:49.0000 2256        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/22 11:44:49.0058 2256        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/22 11:44:49.0244 2256        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/22 11:44:49.0342 2256        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/22 11:44:49.0399 2256        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/22 11:44:49.0564 2256        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/22 11:44:49.0661 2256        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/22 11:44:49.0760 2256        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/22 11:44:49.0823 2256        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/22 11:44:49.0887 2256        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/22 11:44:49.0986 2256        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/22 11:44:50.0057 2256        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/22 11:44:50.0133 2256        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/22 11:44:50.0234 2256        HSF_DPV        (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/22 11:44:50.0330 2256        HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/22 11:44:50.0411 2256        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/22 11:44:50.0528 2256        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/22 11:44:50.0753 2256        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/22 11:44:51.0105 2256        ialm            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/22 11:44:52.0095 2256        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/22 11:44:54.0350 2256        igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/22 11:44:55.0261 2256        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/22 11:44:55.0824 2256        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/22 11:44:56.0250 2256        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/22 11:44:56.0673 2256        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/22 11:44:57.0168 2256        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/22 11:44:57.0885 2256        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/22 11:44:58.0469 2256        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/22 11:44:59.0004 2256        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/22 11:44:59.0535 2256        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/22 11:44:59.0990 2256        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/22 11:45:00.0373 2256        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/22 11:45:00.0661 2256        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/22 11:45:00.0947 2256        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/22 11:45:01.0677 2256        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/22 11:45:02.0535 2256        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/22 11:45:03.0005 2256        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/22 11:45:03.0147 2256        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/22 11:45:03.0651 2256        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/22 11:45:04.0193 2256        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/22 11:45:04.0641 2256        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/22 11:45:05.0119 2256        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/22 11:45:05.0935 2256        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/22 11:45:06.0351 2256        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/22 11:45:06.0651 2256        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/22 11:45:06.0998 2256        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/22 11:45:07.0467 2256        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/22 11:45:07.0906 2256        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/22 11:45:08.0248 2256        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/22 11:45:08.0637 2256        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/22 11:45:09.0079 2256        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/22 11:45:09.0547 2256        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/22 11:45:09.0965 2256        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/22 11:45:10.0457 2256        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/22 11:45:11.0142 2256        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/22 11:45:11.0883 2256        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/22 11:45:12.0510 2256        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/22 11:45:13.0045 2256        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/22 11:45:13.0656 2256        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/22 11:45:14.0033 2256        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/22 11:45:14.0492 2256        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/22 11:45:14.0803 2256        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/22 11:45:15.0417 2256        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/22 11:45:15.0794 2256        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/22 11:45:16.0141 2256        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/22 11:45:16.0489 2256        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/22 11:45:17.0639 2256        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/22 11:45:18.0139 2256        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/22 11:45:18.0918 2256        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/22 11:45:19.0545 2256        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/22 11:45:19.0963 2256        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/22 11:45:20.0463 2256        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/22 11:45:20.0881 2256        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/22 11:45:21.0600 2256        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/22 11:45:21.0870 2256        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/22 11:45:22.0255 2256        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/22 11:45:23.0075 2256        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/22 11:45:24.0051 2256        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/22 11:45:24.0568 2256        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/22 11:45:25.0057 2256        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/22 11:45:25.0503 2256        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/22 11:45:26.0043 2256        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/22 11:45:26.0966 2256        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/22 11:45:27.0889 2256        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/22 11:45:28.0726 2256        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/22 11:45:29.0204 2256        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/22 11:45:29.0634 2256        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/22 11:45:30.0192 2256        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/22 11:45:30.0639 2256        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/22 11:45:31.0330 2256        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/22 11:45:32.0421 2256        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/22 11:45:32.0822 2256        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/22 11:45:33.0825 2256        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/22 11:45:36.0098 2256        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/22 11:45:37.0218 2256        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/22 11:45:37.0620 2256        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/22 11:45:37.0976 2256        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/22 11:45:38.0334 2256        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/22 11:45:38.0813 2256        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/22 11:45:39.0342 2256        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/22 11:45:39.0733 2256        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/22 11:45:40.0415 2256        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/22 11:45:40.0854 2256        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/22 11:45:41.0405 2256        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/22 11:45:42.0070 2256        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/22 11:45:42.0653 2256        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/22 11:45:43.0162 2256        ROOTMODEM      (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/22 11:45:43.0585 2256        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/22 11:45:44.0189 2256        s1018bus        (27ccf532a08f437ffc795158b8b7a7f6) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/04/22 11:45:44.0642 2256        s1018mdfl      (2443aca3551cfb160ecaa642f6718b99) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/04/22 11:45:45.0104 2256        s1018mdm        (9d273a6cf8f984097e61ecd68827d8c0) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/04/22 11:45:45.0603 2256        s1018mgmt      (57d4d2efd2f3dc4bb8a351702ae01ba5) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/04/22 11:45:46.0315 2256        s1018nd5        (2102d69ed2ed4b89a607c4e09504fb59) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/04/22 11:45:46.0774 2256        s1018obex      (382921439a5fb855cc6e000ac24d0c95) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/04/22 11:45:47.0516 2256        s1018unic      (4e2c788d013e567bd68ae4ad36485239) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/04/22 11:45:47.0987 2256        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/22 11:45:48.0068 2256        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/22 11:45:48.0804 2256        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/22 11:45:49.0632 2256        sdbus          (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/22 11:45:50.0035 2256        SE27bus        (59a9eb4073a39895af314780d0a032fa) C:\Windows\system32\DRIVERS\SE27bus.sys
2011/04/22 11:45:50.0504 2256        SE27mdfl        (d53e7e53107d1796825540129f8fe89f) C:\Windows\system32\DRIVERS\SE27mdfl.sys
2011/04/22 11:45:50.0940 2256        SE27mdm        (2afa2f65a6e91da5b5070e734769827e) C:\Windows\system32\DRIVERS\SE27mdm.sys
2011/04/22 11:45:51.0654 2256        SE27mgmt        (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\Windows\system32\DRIVERS\SE27mgmt.sys
2011/04/22 11:45:52.0064 2256        se44bus        (3097cff31374e309a8950775111a52bd) C:\Windows\system32\DRIVERS\se44bus.sys
2011/04/22 11:45:52.0302 2256        se44mdfl        (4a03dd4fb5b7cb2c53d8fe8848455a4e) C:\Windows\system32\DRIVERS\se44mdfl.sys
2011/04/22 11:45:52.0393 2256        se44mdm        (2ca2e66a945b5de1228ab5f5341d0e97) C:\Windows\system32\DRIVERS\se44mdm.sys
2011/04/22 11:45:52.0477 2256        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/22 11:45:52.0628 2256        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/22 11:45:52.0701 2256        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/22 11:45:52.0751 2256        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/22 11:45:52.0795 2256        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/22 11:45:53.0079 2256        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/22 11:45:53.0153 2256        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/22 11:45:53.0212 2256        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/22 11:45:53.0269 2256        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/22 11:45:53.0389 2256        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/22 11:45:53.0461 2256        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/22 11:45:53.0513 2256        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/22 11:45:53.0919 2256        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/22 11:45:57.0723 2256        SNPSTD3        (11bb0e11d42cc3a43d741d9b30839be1) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/04/22 11:46:04.0618 2256        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/22 11:46:05.0671 2256        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/22 11:46:05.0671 2256        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/22 11:46:05.0679 2256        sptd - detected Locked file (1)
2011/04/22 11:46:06.0189 2256        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/22 11:46:06.0801 2256        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/22 11:46:07.0102 2256        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/22 11:46:07.0503 2256        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/22 11:46:08.0112 2256        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/22 11:46:09.0199 2256        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/22 11:46:09.0610 2256        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/22 11:46:10.0108 2256        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/22 11:46:10.0779 2256        tap0901        (fc73b46c3c76c9f1f7ec82749c0c48f3) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/22 11:46:11.0777 2256        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/22 11:46:13.0076 2256        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/22 11:46:13.0768 2256        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/22 11:46:14.0421 2256        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/22 11:46:14.0943 2256        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/22 11:46:15.0413 2256        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/22 11:46:15.0881 2256        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/22 11:46:16.0415 2256        tosporte        (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2011/04/22 11:46:16.0641 2256        tosrfbd        (a594dbd80ca5426e2e558bf79195a110) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/04/22 11:46:17.0151 2256        tosrfbnp        (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/04/22 11:46:17.0911 2256        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
2011/04/22 11:46:18.0493 2256        Tosrfhid        (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/04/22 11:46:18.0903 2256        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/04/22 11:46:19.0401 2256        TosRfSnd        (7c0999169ef696f10761bf8275027330) C:\Windows\system32\drivers\tosrfsnd.sys
2011/04/22 11:46:19.0978 2256        Tosrfusb        (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/04/22 11:46:20.0297 2256        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/22 11:46:20.0374 2256        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/22 11:46:20.0429 2256        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/22 11:46:20.0490 2256        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/22 11:46:20.0583 2256        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/22 11:46:20.0695 2256        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/22 11:46:20.0769 2256        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/22 11:46:20.0853 2256        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/22 11:46:20.0918 2256        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/22 11:46:21.0015 2256        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/22 11:46:21.0139 2256        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/22 11:46:21.0347 2256        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/22 11:46:21.0473 2256        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/22 11:46:21.0777 2256        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/22 11:46:22.0326 2256        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/22 11:46:22.0891 2256        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/22 11:46:23.0148 2256        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/22 11:46:23.0332 2256        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/22 11:46:23.0650 2256        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/22 11:46:24.0185 2256        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/22 11:46:24.0753 2256        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/22 11:46:25.0168 2256        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/22 11:46:25.0698 2256        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/22 11:46:26.0337 2256        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/22 11:46:26.0758 2256        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/22 11:46:27.0176 2256        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/22 11:46:27.0625 2256        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/22 11:46:28.0091 2256        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/22 11:46:28.0595 2256        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/22 11:46:29.0290 2256        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/22 11:46:29.0859 2256        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 11:46:29.0925 2256        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 11:46:30.0667 2256        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/22 11:46:31.0164 2256        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/22 11:46:32.0204 2256        winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/22 11:46:33.0004 2256        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/22 11:46:33.0476 2256        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/22 11:46:33.0869 2256        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/22 11:46:34.0406 2256        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/22 11:46:34.0657 2256        XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/22 11:46:34.0816 2256        ================================================================================
2011/04/22 11:46:34.0816 2256        Scan finished
2011/04/22 11:46:34.0816 2256        ================================================================================
2011/04/22 11:46:34.0836 3088        Detected object count: 1
2011/04/22 11:46:40.0303 3088        Locked file(sptd) - User select action: Skip

cosinus 22.04.2011 12:28
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Dominik16 22.04.2011 18:50
Hier ist das Logfile von ComboFix:

Code:
ComboFix 11-04-21.06 - Tobbi 22.04.2011  19:30:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3061.1998 [GMT 2:00]
ausgeführt von:: c:\users\Tobbi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dateicommander\DateiCommander.exe
c:\programdata\hpeA0A2.dll
c:\users\Tobbi\AppData\Roaming\Adobe\plugs
c:\users\Tobbi\AppData\Roaming\Adobe\shed
c:\users\Tobbi\AppData\Roaming\Local
c:\windows\system32\sshnas21.dll
c:\windows\system32\temp.009
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-22 bis 2011-04-22  ))))))))))))))))))))))))))))))
.
.
2011-04-22 17:20 . 2011-04-22 17:20        --------        d-----w-        c:\program files\CCleaner
2011-04-22 09:48 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5E2E23A-5FA8-497A-ABE3-B7719AC8146A}\mpengine.dll
2011-04-17 18:07 . 2011-04-17 18:07        --------        d-----w-        c:\users\Tobbi\AppData\Roaming\Avira
2011-04-17 18:05 . 2011-01-10 12:23        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-17 18:05 . 2011-04-17 18:05        --------        d-----w-        c:\programdata\Avira
2011-04-17 18:05 . 2011-04-17 18:05        --------        d-----w-        c:\program files\Avira
2011-04-17 13:03 . 2011-04-17 13:03        --------        d-----w-        c:\users\Tobbi\AppData\Roaming\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-17 13:03        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-18 16:54        --------        d-----w-        c:\program files\SUPERAntiSpyware
2011-04-17 10:42 . 2011-04-17 10:42        110080        ----a-w-        c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-04-17 10:42 . 2011-04-17 10:42        110080        ----a-w-        c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-04-17 10:42 . 2011-04-17 10:42        --------        d-----w-        C:\sh4ldr
2011-04-17 10:42 . 2011-04-17 10:42        --------        d-----w-        c:\program files\Enigma Software Group
2011-04-17 08:07 . 2011-04-17 18:16        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-04-16 11:43 . 2011-04-16 11:43        --------        d-----w-        c:\windows\Sun
2011-04-16 11:19 . 2011-04-16 11:19        --------        d-----w-        c:\users\Tobbi\AppData\Roaming\Malwarebytes
2011-04-16 11:19 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 11:19 . 2011-04-16 11:19        --------        d--h--w-        c:\programdata\Malwarebytes
2011-04-16 11:18 . 2011-04-16 11:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-16 11:18 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-16 10:51 . 2011-04-16 10:59        --------        d-----w-        C:\_OTL
2011-04-15 11:34 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-06 11:29 . 2011-04-06 11:29        --------        d-----w-        c:\program files\iPod
2011-04-06 11:26 . 2011-04-06 11:26        --------        d-----w-        c:\program files\Safari
2011-03-26 09:30 . 2011-03-26 09:30        --------        d-----w-        c:\program files\Free-Private-Gaming
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-23 11:20        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 11:20        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 11:20        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-02 16:11 . 2009-10-03 11:43        222080        ------w-        c:\windows\system32\MpSigStub.exe
2007-11-20 11:24 . 2007-11-20 11:24        2293848        ----a-w-        c:\program files\FLV PlayerFCSetup.exe
2007-11-20 11:23 . 2007-11-20 11:22        3928264        ----a-w-        c:\program files\FLV PlayerRCATSetup.exe
2007-11-20 11:21 . 2007-11-20 11:21        411248        ----a-w-        c:\program files\FLV PlayerRCSetup.exe
2003-10-05 23:12 . 2010-01-05 15:33        2874232        ----a-w-        c:\program files\ROTK.exe
2011-03-18 17:56 . 2011-04-20 19:24        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-04-18 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-04-18 16:02        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-06-07 13:59        198960        ----a-w-        c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tobbi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ-Tools.de Launcher.lnk]
path=c:\users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ-Tools.de Launcher.lnk
backup=c:\windows\pss\ICQ-Tools.de Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 15:17        47904        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15        63360        ------w-        c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25        1230704        ------w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00        188928        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 07:00        200704        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
2008-10-23 17:27        300336        ----a-w-        c:\program files\HiYo\Bin\HiYo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33        421160        ------w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08        963976        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2010-05-01 15:26        106496        ----a-w-        c:\users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFServerEngine]
2009-07-24 16:09        392288        ----a-w-        c:\program files\PDF Suite\PDFServerEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05        15026056        ------w-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07        827392        ----a-w-        c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24        2423752        ------w-        c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-02-24 13:53        111928        ----a-r-        c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 14:51        202256        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-02-05 1931776]
R4 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-03-30 306296]
R4 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-03-30 162936]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-02 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2009-11-29 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PC SpeedScan Pro - c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-click.EXE 2.0 Free - c:\progra~1\clickEXE\UNWISE.EXE
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE
AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~2\UNWISE.EXE
AddRemove-Hex Workshop v4.20 - c:\gta sa mods\hw41unin.isu
AddRemove-Movies - c:\progra~1\JanSoft\Movies\UNWISE.EXE
AddRemove-softonic-de3 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE
AddRemove-the Renegade mod tools - c:\progra~1\RENEGA~1\UNWISE.EXE
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WindowBlinds - c:\progra~1\Stardock\OBJECT~2\WINDOW~1\UNWISE.EXE
AddRemove-Xpage Internet Studio 6 Special Edition - c:\program files\Xpage Internet Studio 6 Special Edition\Uninstall_Xpage Internet Studio 6 Special Edition\Uninstall Xpage Internet Studio 6 Special Edition.exe
AddRemove-{3F290582-3F4E-4B96-009C-E0BABAA40C42} - c:\program files\EA GAMES\Die Schlacht um Mittelerde(tm)\EAUninstall.exe
AddRemove-{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-22 19:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,d7,3e,15,
  fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,
  17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
  81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
  34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{261F6A8B-7AAF-4BF5-8552-6610F4D67819}"=hex:51,66,7a,6c,4c,1d,38,12,e5,69,0c,
  22,9d,34,9b,0e,fa,44,25,50,f1,88,3c,0d
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
  ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
  37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
  36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
  8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"=hex:51,66,7a,6c,4c,1d,38,12,8d,a0,16,
  c8,f1,2a,9c,0f,c0,d7,ec,4d,63,e8,d4,71
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
  90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}"=hex:51,66,7a,6c,4c,1d,38,12,ef,85,ed,
  76,c8,45,75,02,e4,3c,f0,3e,d3,d3,94,8a
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
  b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{1AD61D5B-58A3-4592-9B34-DC84688FF805}"=hex:51,66,7a,6c,4c,1d,38,12,35,1e,c5,
  1e,91,16,fc,00,e4,22,9f,c4,6d,d1,bc,11
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
  24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
  6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9CB65201-89C4-402C-BA80-02D8C59F9B1D}"=hex:51,66,7a,6c,4c,1d,38,12,6f,51,a5,
  98,f6,c7,42,05,c5,96,41,98,c0,c1,df,09
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
  ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
  f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FE063DB1-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,df,3e,15,
  fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,20,4e,da,33,00,cc,01
.
[HKEY_USERS\S-1-5-21-580093863-836433992-2563045413-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,3f,86,5f,65,66,5d,e4,29,c9,7d,1e,29,ce,81,04,19,b3,3d,cd,47,82,ed,
  4f,b6,7c,c8,b4,f5,56,ab,e5,59,36,9c,56,2d,a9,b2,e2,89,d1,25,ca,49,62,a6,91,\
"??"=hex:c6,07,ca,9a,d0,69,60,e7,00,d8,57,75,3b,b1,69,a6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-22  19:41:52
ComboFix-quarantined-files.txt  2011-04-22 17:41
.
Vor Suchlauf: 5 Verzeichnis(se), 42.204.274.688 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 42.103.754.752 Bytes frei
.
- - End Of File - - 222EB1DC18EEC405B0138566E96F47BD


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131